TikTok and Instagram Reels Exploited to Spread Password-Stealing Malware A recent report from ReversingLabs reveals a surge in malicious campaigns on short-form video platforms like TikTok and Instagram Reels, targeting users with fake offers for free subscriptions to services such as Spotify Premium, Microsoft Office, and Adobe. The scams lure cash-strapped users by promising cost-saving alternatives amid economic pressures. Instead of traditional phishing emails, attackers instruct victims to open command-line tools like PowerShell and execute a provided command. This action downloads and installs Vidar, an infostealer malware that harvests usernames, passwords, cookies, session tokens, cryptocurrency wallet data, and personal files. Unlike conventional phishing, which relies on a single click, this method requires victims to manually input commands, making it a more patient and targeted approach. Researchers note that the shift to social media platforms allows threat actors to drive traffic to attacker-controlled websites, increasing the reach of their campaigns. The attack underscores the persistent effectiveness of social engineering, particularly as users seek free or discounted alternatives to paid services. While basic security measures like multi-factor authentication can mitigate risks, the evolving tactics highlight the need for vigilance against seemingly legitimate offers.

Critical VSCode Webview Vulnerability Exposes GitHub OAuth Tokens in One Click On June 2, 2026, security researcher Ammar Askar publicly disclosed a severe vulnerability in Visual Studio Code’s (VSCode) webview implementation that allows attackers to steal GitHub OAuth tokens granting full read/write access to a victim’s private repositories with a single malicious link click. The flaw affects both the browser-based github.dev editor and the desktop version of VSCode, though the latter requires the victim to open a malicious repository. ### How the Exploit Works The attack exploits VSCode’s webview security model, which isolates untrusted content in sandboxed `<iframe>` elements. However, a design flaw in the `Window.postMessage()` API used to forward keyboard events between webviews and the main editor enables malicious JavaScript to simulate keystrokes. By chaining five VSCode behaviors, an attacker can: 1. Trigger arbitrary JavaScript via a malicious Jupyter Notebook (`.ipynb`) file or a crafted `.vscode/extensions.json` file. 2. Silently install a malicious extension by dispatching a synthetic `Ctrl+Shift+A` keystroke to bypass notification prompts. 3. Bypass publisher trust checks by placing the extension in the local `.vscode/extensions/` directory, exploiting github.dev’s default "trusted workspace" setting. 4. Access the preloaded GitHub OAuth token, which is unscoped and grants access to all of a user’s repositories not just the opened one. 5. Exfiltrate the token and repository list via API requests to `api.github.com`, enabling full control over private code. On github.dev, the attack requires no further interaction beyond the initial link click. On the desktop version, the exploit can escalate to Remote Code Execution (RCE) due to VSCode extensions’ unrestricted Node.js API access. ### Impact and Mitigations The vulnerability poses a significant risk, as stolen OAuth tokens allow attackers to read, modify, or push code to any private repository the victim can access. Since github.dev lacks CSRF protections, any external link can redirect users into the attack. Temporary mitigations include: - Clearing github.dev site data in browsers to re-enable a warning dialog. - Avoiding untrusted github.dev links until a patch is released. - Auditing and removing unrecognized extensions in github.dev. ### Defense-in-Depth Limitations VSCode’s security measures, such as strict Content Security Policies (CSP) and DOMPurify for Markdown sanitization, partially contained the exploit’s scope. However, Askar’s full disclosure published without prior coordination with Microsoft highlights persistent concerns about the MSRC’s vulnerability handling. GitHub was notified one hour before the public release.

New Extortion Group "Pink" Targets Organizations with Vishing and Cloud Data Theft A recently identified extortion group, tracked as Pink, is leveraging voice phishing (vishing) and fake IT help-desk calls to infiltrate corporate networks, steal sensitive data, and demand ransom payments. First detected by Palo Alto Networks’ Unit 42, the group classified as cluster CL-CRI-1147 launched its data-leak site on May 31, 2026. Pink’s tactics mirror those of other cybercriminal collectives, including Lapsus$, Scattered Spider, and ShinyHunters, which have previously targeted high-profile organizations like Nvidia, Microsoft, Okta, MGM Resorts, and AT&T. These groups typically impersonate IT staff or employees to phish credentials and bypass multi-factor authentication (MFA), then exfiltrate data from cloud storage platforms such as SharePoint and OneDrive. Unit 42 analysts linked Pink to The Com, a loosely organized network of hackers, SIM swappers, and extortionists, some of whom have ties to violent crime. After monitoring multiple extortion attacks, researchers observed Pink’s operators re-engaging with a victim on June 1, 2026, via a free webmail account, providing a new qTox ID and a leak site under the Pink brand. The group sets a 72-hour deadline for ransom negotiations before leaking stolen data. Once inside a victim’s environment, Pink exfiltrates files and uses compromised accounts to send internal extortion messages via Microsoft Teams. The group reuses second-level domains for phishing, tailoring third-level domains to specific targets. Indicators of compromise include the domains passkeyadd[.]com, passkeydeploy[.]com, and deploypasskey[.]com, as well as IP addresses 185[.]178.208[.]153, 172[.]93.100[.]252, and 96[.]232.20[.]66. Observed user-agent strings during data exfiltration include Microsoft.Graph.Client/5.62.0 and python-requests/2.28.1.

Microsoft Warns of Large-Scale Credential Theft Campaign Targeting Global Organizations Microsoft has issued a warning about an ongoing credential theft campaign impacting 35,000 users across 13,000 organizations in 26 countries. The attack, which remains active, appears to be a coordinated effort to harvest login credentials, potentially for further exploitation, including data breaches, lateral movement, or ransomware deployment. While Microsoft has not disclosed specific attack vectors or threat actors, the scale of the campaign underscores the persistent risk of credential-based attacks, which remain a favored tactic for cybercriminals and state-sponsored groups. Organizations are advised to monitor for unusual authentication attempts, enforce multi-factor authentication (MFA), and review access logs for signs of compromise. The incident highlights the critical need for robust identity and access management (IAM) controls, as well as continuous threat detection to mitigate the fallout from stolen credentials. Further details on the attack’s methodology and affected sectors are expected as investigations progress.

Critical Windows BitLocker Zero-Day Vulnerability Exposes Encrypted Data via Physical Access Microsoft has revealed a severe zero-day vulnerability in Windows BitLocker (CVE-2026-45585) that allows attackers with physical access to bypass full-disk encryption, potentially exposing sensitive data in minutes. Disclosed on May 19, 2026, the flaw is rated "Exploitation More Likely" by Microsoft, though no active attacks have been confirmed. The vulnerability, classified as a Security Feature Bypass with an "Important" severity rating, resides in the Windows Recovery Environment (WinRE) and is linked to the "YellowKey" exploit chain, published on GitHub by researcher Nightmare-Eclipse. By injecting a malicious binary (autofstx.exe) into the BootExecute registry value, attackers can execute code before the OS loads, circumventing BitLocker’s pre-boot authentication without requiring credentials or decryption keys. Affected Systems: - Windows 11 - Windows Server 2022 - Windows Server 2025 No patch is available yet, but Microsoft has released a six-step manual mitigation process to modify the WinRE image, including mounting the recovery environment, editing the registry, and re-establishing BitLocker trust. Additionally, Microsoft recommends upgrading from TPM-only to TPM+PIN BitLocker protectors to reduce risk, enforceable via PowerShell, Command Prompt, or Group Policy. The public availability of the YellowKey exploit lowers the barrier for attackers, increasing risks for lost or stolen enterprise devices. Security teams managing affected systems are advised to prioritize WinRE remediation and enforce TPM+PIN policies ahead of an official patch.

Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Operation Microsoft has dismantled Fox Tempest, a sophisticated malware-signing-as-a-service (MSaaS) operation that enabled cybercriminals to bypass security defenses by making malicious software appear legitimate. The takedown, revealed in a U.S. District Court filing on Tuesday, targeted a service active since May 2025 that weaponized Microsoft’s Artifact Signing system designed to verify software authenticity to distribute malware and ransomware. Cybercriminals, including affiliates of Rhysida, INC, Qilin, and Akira, used Fox Tempest to obtain fraudulent code-signing certificates, allowing malware to evade detection. The service provided short-lived certificates that mimicked trusted software like AnyDesk, Teams, Putty, and Webex, tricking users and security tools into executing malicious payloads. Microsoft’s investigation found that the group created over 1,000 certificates and established hundreds of Azure tenants to support its operations. The disruption included seizing Fox Tempest’s website, taking down virtual machines, and revoking compromised certificates. Evidence showed cybercriminals complaining about the takedown, with some ransomware affiliates losing access to critical attack tools. Microsoft’s Digital Crimes Unit linked the service to the distribution of malware families such as Oyster, Lumma Stealer, and Vidar, delivered via malicious ads and fake download sites. Fox Tempest operated as a well-resourced criminal enterprise, with dedicated teams for infrastructure, customer support, and financial transactions. Cryptocurrency analysis revealed the group earned millions of dollars from ransomware affiliates, with attacks targeting organizations in the U.S., China, France, and India. Unlike lower-cost cybercrime services, Fox Tempest charged thousands per operation, reflecting the growing sophistication of the cybercriminal ecosystem. The takedown highlights how code-signing abuse undermines trust in digital security, allowing attackers to bypass defenses by masquerading as legitimate software. Microsoft’s actions aim to increase the cost of cybercrime by disrupting critical infrastructure used in large-scale attacks.

Critical Zero-Click Outlook Vulnerability Patched in Microsoft’s Latest Update Microsoft’s June Patch Tuesday addressed 137 vulnerabilities, including a severe zero-click remote code execution (RCE) flaw in Outlook, tracked as CVE-2026-40361. The vulnerability, reported by security researcher Haifei Li developer of the zero-day detection system Expmon affects a shared DLL used by both Outlook and Word, enabling exploitation without user interaction. Li described the flaw as a use-after-free bug that triggers automatically when a victim reads or previews a malicious email, bypassing the need for clicks or attachments. Since the vulnerability resides in Outlook’s email rendering engine, traditional mitigations such as blocking attachments or links are ineffective. However, forcing Outlook to display emails in plain text could reduce risk. The researcher warned that the flaw mirrors CVE-2015-6172 (BadWinmail), a decade-old Outlook vulnerability he dubbed an “enterprise killer” due to its ability to compromise high-profile targets (e.g., CEOs or CFOs) via a single email. Like its predecessor, CVE-2026-40361 evades enterprise firewalls, delivering threats directly to inboxes. Microsoft rated the vulnerability as "exploitation more likely," though Li noted he only developed a proof-of-concept (PoC) rather than a fully weaponized exploit. While crafting a functional exploit may be challenging, Li cautioned that threat actors’ ingenuity should not be underestimated. The patch is critical for organizations relying on Outlook and Exchange Server environments.

Microsoft Teams Android Vulnerability (CVE-2026-32185) Exposes Users to Spoofing Attacks On May 12, 2026, Microsoft disclosed CVE-2026-32185, a security flaw in Microsoft Teams for Android that could enable attackers to spoof local devices and manipulate trusted application elements. The vulnerability was revealed as part of Microsoft’s May 2026 Patch Tuesday updates. The issue stems from improper file and directory access controls in Teams, allowing unauthorized local attackers to impersonate legitimate content and deceive users into interacting with malicious communications. While exploitation requires user interaction and is confined to a local attack vector, the flaw poses a high risk to data confidentiality, particularly in enterprise environments. With a CVSS 3.1 base score of 5.5 (adjusted environmental score: 4.8) and a severity rating of Important, the vulnerability does not require elevated privileges, lowering the barrier for exploitation in shared or compromised local environments. Microsoft’s assessment categorizes the flaw as "Exploitation Less Likely", and no active exploitation or proof-of-concept code has been confirmed. The vulnerability affects Microsoft Teams for Android, with the patched version (1.0.0.2026092103) available via the Google Play Store. Microsoft has released an official fix, and users are advised to update immediately. Security researcher Ofek Levin of Enclave is credited with responsibly disclosing the issue. Organizations using Teams in regulated or high-security environments, particularly on mobile devices, should prioritize applying the patch to mitigate potential risks.

Microsoft 365 Android Apps Exposed to Silent Account Takeover via Forgotten Debug Flag A critical vulnerability, dubbed FlagLeft, allowed any third-party Android app to silently steal Microsoft account tokens from six major Microsoft 365 apps Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote without user interaction or consent. The flaw stemmed from a single debug flag, `setIsDebugMode(true)`, mistakenly left active in production code, disabling a critical authorization check in Microsoft’s shared SDK. The issue bypassed the Family of Client IDs (FOCI) token-sharing mechanism, which normally enables seamless single sign-on across Microsoft apps. With the debug flag enabled, any co-installed app could request and receive long-lived, refreshable tokens, granting attackers access to emails, OneDrive files, calendar data, and more all under the victim’s identity. Microsoft Teams was unaffected, as its debug flag was correctly disabled. Discovered by researchers at Enclave and Ofek Levin, the vulnerability exposed billions of Android users globally, with no visible indicators of compromise. Microsoft assigned multiple CVEs, including CVE-2026-41100 (Copilot, CVSS 4.4), CVE-2026-41101 (Word, CVSS 7.1), CVE-2026-41102 (PowerPoint, CVSS 7.1), and CVE-2026-41099 (Office for Android, CVSS 7.7), all classified under CWE-284: Improper Access Control. Microsoft patched all affected apps on May 12, 2026, requiring users to update to the latest versions. Enterprise administrators were advised to verify deployments and monitor OAuth token activity for anomalies. The incident highlighted how a single overlooked development artifact could undermine an entire authentication framework, with a shared SDK amplifying the risk across multiple high-profile apps. Enclave’s AI-assisted analysis played a key role in mapping the vulnerability’s full scope.

Microsoft GitHub Repositories Hit by Miasma Supply Chain Attack Microsoft’s GitHub repositories have been targeted in the ongoing Miasma self-replicating supply chain attack, affecting 73 repositories across four organizations Azure, Azure-Samples, Microsoft, and MicrosoftDocs. GitHub has disabled access to the compromised repositories, displaying a terms-of-service violation notice for affected projects, including Azure/azure-functions-host. Among the impacted repositories are key projects such as durabletask (and its related .NET, Go, JavaScript, and MSSQL implementations), azure-search-openai-demo-purviewdatasecurity, and windows-driver-docs. Notably, the durabletask PyPI package was previously compromised by TeamPCP in May to distribute an information stealer on Linux systems, suggesting the same threat actors may still retain access. Miasma, a variant of the Mini Shai-Hulud worm released by TeamPCP in mid-2026, has evolved its tactics, infecting additional packages in recent days. Attackers have created new repositories with deceptive descriptions like "Miasma: The Spreading Blight" and "Hades - The End for the Damned", with 95 such repositories identified so far. The campaign has also bypassed traditional registry-based attacks, directly injecting malicious code into repositories like icflorescu/mantine-datatable and related projects. The payload a 4.3 MB runner executes automatically when developers open affected repositories in AI coding tools such as Claude Code, Gemini CLI, Cursor, or VS Code, or via the npm test script. Security researchers highlight that Miasma exploits the trust model underpinning open-source ecosystems, propagating through legitimate channels without relying on platform vulnerabilities. By compromising maintainer credentials and mimicking routine updates, the attack evades conventional defenses, making it one of the most persistent and far-reaching supply chain campaigns to date.

Linux Kernel Vulnerability "Copy Fail" Exploited in the Wild, CISA Warns The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about active exploitation of CVE-2026-31431, a critical Linux kernel vulnerability dubbed Copy Fail. The flaw, present in all Linux distributions since 2017, allows authenticated attackers with code execution privileges to escalate to root access by manipulating the kernel’s AEAD template. Disclosed on April 29, the bug was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Friday, with federal agencies directed to patch within two weeks. While exploitation remains limited primarily involving proof-of-concept (PoC) testing Microsoft warns of its broad applicability and the release of a working exploit, heightening risks for defenders. The vulnerability enables full root privilege escalation, posing severe threats to confidentiality, integrity, and availability. Attackers can leverage it for container breakout, multi-tenant compromise, and lateral movement in shared environments. Its stealthy in-memory exploitation and cross-platform compatibility make it particularly dangerous in cloud, CI/CD, and Kubernetes setups, where untrusted code execution is common. Exploitation requires only local, unprivileged access and can be chained with SSH, malicious CI jobs, or container access to achieve root shell. An attack typically begins with reconnaissance to identify vulnerable kernels, followed by a script to overwrite in-memory data and escalate privileges. Microsoft advises organizations to prioritize patching, isolate vulnerable systems, enforce access controls, and monitor logs for signs of compromise. The flaw’s decade-long presence underscores the ongoing risks of long-undetected kernel vulnerabilities in critical infrastructure.

CISA Issues Urgent Warning for Actively Exploited Windows Zero-Day Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed real-world attacks. Tracked as CVE-2026-32202, the flaw affects the Windows Shell, a core component managing the operating system’s graphical interface. The vulnerability stems from a protection mechanism failure (CWE-693), allowing attackers to conduct network spoofing disguising malicious activity as trusted communications. Successful exploitation enables threat actors to intercept sensitive data, bypass access controls, or deceive users with fake prompts, potentially serving as an initial foothold for broader attacks. While it remains unclear whether ransomware groups have adopted this exploit, spoofing techniques are commonly used to bypass defenses, escalate privileges, or move laterally within compromised networks. Cybersecurity teams are actively monitoring its weaponization in the wild. CISA has mandated that Federal Civilian Executive Branch agencies patch or mitigate the flaw by May 12, 2026, though all organizations including private-sector and critical infrastructure operators are strongly urged to prioritize updates. Microsoft has released official patches, and CISA recommends immediate deployment, alongside traffic monitoring for spoofing attempts. If mitigations are unavailable, discontinuing use of the affected component is advised. The addition to the KEV catalog underscores the global security risk posed by this actively exploited flaw.

UNC6692 Threat Group Exploits Microsoft Teams in Sophisticated Social Engineering Attack A newly identified cyber threat group, UNC6692, is targeting enterprises through a multi-stage attack combining social engineering and custom malware, leveraging Microsoft Teams and cloud services to evade detection. The attack begins with an email bombing campaign, flooding victims with spam to create confusion. While targets are distracted, attackers impersonate IT helpdesk staff via Microsoft Teams, using external accounts to offer a fake "local patch" as a solution. Victims are directed to a spoofed "Mailbox Repair Utility" page, where they are prompted to enter credentials intentionally rejected on the first attempt to ensure password capture before exfiltration to an attacker-controlled AWS server. Once credentials are stolen, the attack deploys a modular malware toolkit dubbed the SNOW ecosystem, including: - SNOWBELT: A malicious Chromium extension for persistent access. - SNOWGLAZE: A Python-based tunneling tool for encrypted communication. - SNOWBASIN: A remote access tool enabling command execution, screenshots, and data theft. After gaining a foothold, UNC6692 moves laterally across the network using Python scripts to scan systems, targeting backup servers and dumping LSASS memory to extract password hashes. These hashes are cracked offline and used in Pass-the-Hash attacks to compromise domain controllers. Attackers then exfiltrate the Active Directory database using legitimate forensic tools like FTK Imager, delivered via Microsoft Edge, and transfer data via platforms such as LimeWire. The campaign exemplifies "living off the cloud" tactics, abusing trusted services like Microsoft Teams and AWS to bypass traditional security measures. Indicators of compromise (IoCs) include: - Phishing/payload delivery: `service-page-25144-30466-outlook.s3.us-west-2.amazonaws[.]com` - SNOWBELT C2: `cloudfront-021.s3.us-west-2.amazonaws[.]com` - SNOWGLAZE WebSocket: `wss://sad4w7h913-b4a57f9c36eb.herokuapp[.]com/ws` - Data exfiltration: `service-page-11369-28315-outlook.s3.us-west-2.amazonaws[.]com` The attack underscores the risks of external Teams communications and the need for enhanced monitoring of browser-based activity and cloud service abuse.

Zero-Day Windows Flaws Exploited in Targeted Attacks Following Leak Security researchers at Huntress Labs have confirmed that three recently leaked Windows zero-day vulnerabilities BlueHammer, RedSun, and UnDefend are being actively exploited in real-world attacks. The flaws were publicly disclosed after a researcher released proof-of-concept exploit code, prompting threat actors to weaponize them before patches were fully available. The vulnerabilities target Microsoft Defender and can be chained to bypass security controls. BlueHammer and RedSun are local privilege-escalation flaws allowing attackers with limited access to gain system-level control, while UnDefend enables the disabling of Defender’s security updates. When combined, these exploits allow attackers to neutralize defenses, escalate privileges, and maintain persistence on compromised systems. Huntress observed manual, "hands-on-keyboard" attacks leveraging this exploit chain, indicating targeted intrusions rather than automated campaigns. While Microsoft released a patch for BlueHammer in its April 2026 Patch Tuesday update, RedSun and UnDefend remain unpatched, leaving millions of Windows systems exposed. Organizations are advised to apply available patches immediately, restrict local admin privileges, and monitor for suspicious activity such as attempts to disable Defender or unusual privilege escalation. The ongoing exploitation underscores the risks of unpatched zero-days in critical security components.

Palo Alto Networks Patches Critical Flaw in Cortex XSOAR and XSIAM Microsoft Teams Integration Palo Alto Networks has released an urgent security update to address a high-severity vulnerability (CVE-2026-0234) in the Microsoft Teams integration for Cortex XSOAR and Cortex XSIAM. The flaw, classified as an "Improper Verification of Cryptographic Signature" (CWE-347), could allow unauthenticated attackers to bypass security controls and access or modify sensitive data. The vulnerability stems from the integration’s failure to properly validate cryptographic signatures, enabling attackers to forge authentication tokens. With no prior privileges or user interaction required, threat actors could remotely exploit the flaw to manipulate security playbooks, access confidential incident data, or disrupt defensive operations. The flaw carries a CVSS base score of 9.2, with an adjusted operational severity score of 7.2, reflecting its high potential impact despite requiring advanced technical expertise to exploit. Affected versions include Cortex XSOAR and XSIAM Microsoft Teams Marketplace integrations (1.5.0 through 1.5.51). Palo Alto Networks has confirmed no active exploitation in the wild but warns that no temporary mitigations exist patching to version 1.5.52 or later is the only remediation. The vulnerability was discovered by an external researcher identified as "quinn." Organizations using these platforms are advised to apply the update immediately to prevent potential breaches.

FBI Warns of Kali365 Phishing-as-a-Service Platform Targeting Microsoft 365 Users The FBI has issued a cybersecurity alert about Kali365, a rapidly spreading phishing-as-a-service (PhaaS) platform that enables threat actors to steal OAuth access tokens and bypass multi-factor authentication (MFA) for Microsoft 365 accounts. First observed in April 2026, the platform is distributed via Telegram channels, allowing even low-skilled attackers to launch sophisticated phishing campaigns with minimal effort. Unlike traditional credential theft, Kali365 exploits Microsoft’s legitimate device code authentication flow to trick users into authorizing malicious access. Attackers send phishing emails often impersonating Microsoft or document-sharing services containing a device code and instructions. When victims enter the code on a legitimate Microsoft verification page, they unknowingly grant attackers OAuth tokens, enabling persistent access to Outlook, Teams, OneDrive, and other services without triggering MFA again. The platform’s built-in features lower the barrier for cybercriminals, including: - AI-generated phishing email templates - Automated campaign deployment tools - Real-time victim tracking dashboards - OAuth token capture mechanisms Once compromised, attackers can exfiltrate emails, access sensitive files, monitor Teams communications, and maintain long-term persistence using refresh tokens. Because the attack does not directly steal credentials, traditional security alerts may fail to detect it, increasing dwell time. The FBI and CISA recommend restricting device code flow authentication, implementing conditional access policies, and monitoring for unusual sign-in patterns. Organizations are advised to audit existing device code dependencies before applying restrictions and maintain emergency access accounts to prevent lockouts. Victims are encouraged to report incidents to the FBI’s Internet Crime Complaint Center (IC3), providing details such as phishing email samples, suspicious login activity, and unauthorized devices. The rise of Kali365 underscores a growing shift toward token-based attacks that evade conventional defenses.

Microsoft Edge Password Manager Flaw Exposes Credentials in Plain Text A Norwegian security researcher, Tom Jøran Sønstebyseter Rønning, has uncovered a critical vulnerability in Microsoft Edge’s built-in Password Manager, where saved credentials remain exposed in plain text within the browser’s process memory even after the browser is closed and reopened. The issue affects all devices running Edge, particularly shared or enterprise machines, where unauthorized access could lead to credential theft. Rønning demonstrated that Edge decrypts all stored passwords at startup, keeping them in memory regardless of whether the user visits the associated sites. Unlike Google Chrome, which employs App Bound Encryption to secure browser data, Microsoft’s approach leaves passwords vulnerable to extraction with minimal technical effort. The researcher plans to release a tool on GitHub to verify the flaw, reinforcing concerns about its accessibility to attackers. Microsoft has dismissed the issue as "by design," a stance criticized by cybersecurity experts, including Beauceron Security CEO David Shipley. Shipley argued that Microsoft’s response reflects a lack of motivation to prioritize security in its free browser, contrasting it with competitors like Google, which have implemented stronger protections. The flaw effectively lowers the barrier for cybercriminals, particularly info-stealers, to exploit compromised systems. The discovery follows a pattern of Microsoft downplaying security concerns, with similar incidents where vulnerabilities were labeled as "working as intended." While Microsoft has not commented further, the issue underscores broader risks in browser-based password management, especially for organizations relying on Edge in enterprise environments. Other browsers, such as Chrome, do not exhibit the same vulnerability.

Cybercriminals Exploit Bubble’s No-Code Platform to Bypass Phishing Detection Threat actors are leveraging Bubble, a no-code app-building platform, to host malicious web apps that evade phishing detection in campaigns targeting Microsoft accounts. By abusing the platform’s legitimate infrastructure, attackers create apps that redirect users to fake Microsoft login portals often hidden behind Cloudflare checks to steal credentials for Microsoft 365 access. Security researchers at Kaspersky identified the tactic, noting that apps hosted on Bubble’s trusted bubble.io domain bypass email security filters. The malicious apps use complex JavaScript bundles and Shadow DOM structures, making them difficult for automated analysis tools to flag as threats. Even manual inspection is challenging, as the generated code appears as a "massive jumble" of legitimate-looking scripts. Once victims enter credentials on the fake login pages, attackers harvest them to access emails, calendars, and other sensitive data. The method’s stealth and scalability raise concerns that phishing-as-a-service (PhaaS) platforms may adopt it, integrating it into kits that already include 2FA bypasses, session cookie theft, and AI-generated phishing emails. Bubble has not yet responded to inquiries about potential anti-abuse measures. The abuse of no-code platforms marks a growing trend in evasion techniques, complicating detection for both automated systems and security teams.

Over Half a Million Outdated Microsoft IIS Servers Expose Global Cybersecurity Risk Security researchers at The Shadowserver Foundation have identified a critical security threat affecting over 511,000 internet-facing Microsoft Internet Information Services (IIS) servers running end-of-life (EOL) versions. Of these, 227,000 have surpassed Microsoft’s Extended Security Updates (ESU) program, leaving them completely unsupported and vulnerable to exploitation. The findings, revealed on March 23, 2026, highlight a widespread failure to update or decommission outdated systems. These servers, now in an End-of-Support (EOS) state, no longer receive security patches even for paid updates making them prime targets for cyberattacks. Threat actors frequently scan for such systems to exploit known vulnerabilities, deploy ransomware, or gain initial access to corporate networks. The majority of affected servers are concentrated in China and the United States, though the issue spans globally. To aid remediation, Shadowserver has updated its Vulnerable HTTP reporting system, tagging outdated servers as "eol-iis" (end-of-life) or "eos-iis" (end-of-support) to help organizations identify and prioritize high-risk assets. IIS servers often serve as front-facing web infrastructure, meaning a successful compromise could provide attackers with a direct pathway into internal systems. Government agencies, including CISA, have repeatedly warned against using unsupported software on internet-facing systems, as they are frequently exploited by initial access brokers who sell compromised access to other malicious actors. Shadowserver has made its scan data available to network operators and national CERTs, while its live dashboards offer real-time visibility into the distribution of vulnerable systems. Organizations are urged to identify, upgrade, or isolate outdated IIS instances to mitigate risks. The discovery underscores the ongoing challenge of legacy system management and the urgent need for improved asset visibility to reduce the global attack surface.

Microsoft Authenticator Vulnerability Exposes MFA Codes to Malicious Apps A critical vulnerability (CVE-2026-26123) in Microsoft Authenticator for iOS and Android could allow malicious apps on the same device to intercept one-time sign-in codes or authentication deep links. The flaw affects users relying on the app for multi-factor authentication (MFA), including those using BYOD (Bring Your Own Device) setups for corporate access. ### How the Exploit Works Microsoft Authenticator generates time-based one-time passwords (TOTP) and processes deep links specialized URIs that trigger app actions, such as logging into accounts. If a user installs a malicious app and accidentally selects it to handle an authentication link, the app could capture the one-time code or sign-in credentials, granting attackers access to the victim’s accounts. A successful exploit could enable attackers to: - Complete login flows for services trusting Microsoft Authenticator codes. - Access sensitive data, including emails, files, cloud apps, or corporate systems. - Pivot to additional accounts if they are also protected by Authenticator on the same device. ### Mitigation & Updates Microsoft has patched the vulnerability in current releases. Users should: - Update Microsoft Authenticator via the App Store (iOS) or Google Play Store (Android). - Avoid installing new apps that request handling of authentication links or QR-based sign-ins until the update is applied. - Verify the app handling authentication requests ensuring it is Microsoft Authenticator or another trusted application. - Use alternative MFA methods (e.g., password manager integrations or platform-specific solutions) if updates are delayed. The flaw underscores the risks of malicious app interactions on mobile devices, particularly in BYOD environments where corporate and personal data intersect.

Stryker Hit by Destructive Cyberattack Linked to Iranian-Backed Group A global medical technology firm, Stryker, suffered a devastating wiper cyberattack on Wednesday, suspected to be orchestrated by Handala Hack, a group with ties to the Iranian regime. The attack targeted the company’s Cork, Ireland headquarters, where up to 5,000 employees including 4,000 in Cork are based, crippling critical IT systems and manufacturing operations. The National Cyber Security Centre (NCSC) in Dublin is responding to the incident, which involved the permanent deletion of data from infected systems a hallmark of wiper attacks, typically politically motivated rather than financially driven. Devices connected to Stryker’s network, including employee phones with Outlook installed, were wiped, and login screens were defaced with the Handala logo, a symbol of Palestinian resistance. The attack has disrupted production of Stryker’s medical devices, with some manufacturing machines still operational but their long-term functionality uncertain. Staff were instructed to avoid connecting to the company’s network via any device, including mobile apps like Microsoft Teams and Outlook, while recovery efforts continue. Employees have been sent home, relying on WhatsApp groups for updates. Stryker, which operates six manufacturing sites and three innovation centers in Ireland, is one of the country’s largest medical tech employers. The company confirmed the incident in a staff memo, stating that security experts and law enforcement are involved in the response, emphasizing that sites and personnel remain safe while efforts focus on restoring systems. Handala Hack, linked to Iran’s cyber warfare campaigns, has recently targeted Israeli, Jordanian, and Saudi oil and gas facilities, as well as the Academy of the Hebrew Language, according to Israeli media. The Israeli National Cyber Directorate has warned of a surge in Iranian cyberattacks against civilian companies, suggesting Stryker may have been targeted due to its business ties with Israel. The attack underscores Iran’s expanding cyber-economic warfare, extending beyond regional conflicts to global operations. With Ireland serving as Stryker’s largest hub outside the U.S., the incident highlights the growing threat of state-backed cyber sabotage in critical industries.

Microsoft 365 Copilot Vulnerability Exposes Users to Cross-Prompt Injection Attacks Researchers at Permiso Security uncovered a critical cross-prompt injection vulnerability (CVE-2026-26133) in Microsoft 365 Copilot’s email summarization feature, allowing attackers to manipulate AI-generated outputs for phishing and data exfiltration. The flaw, disclosed in January 2026, was patched by Microsoft between February and March 2026. The vulnerability exploits cross-prompt injection attacks (XPIA), where malicious instructions embedded in an email are treated as executable commands by Copilot’s large language model (LLM). Attackers craft emails containing hidden prompts that steer Copilot’s summaries to include attacker-controlled content such as fake security alerts without requiring traditional exploit methods like macros or attachments. The attack leverages trust transfer, where users inherently trust AI-generated summaries, bypassing skepticism typically applied to raw email content. Permiso’s testing revealed varying susceptibility across Copilot’s interfaces: - Outlook Summarize Button: Occasionally leaked injected commands when emails contained natural padding. - Outlook Copilot Pane: Generally cautious but still vulnerable under specific conditions. - Teams Copilot: Consistently produced attacker-shaped summaries, embedding malicious links or exfiltrating internal data (e.g., Teams messages, SharePoint files) via seemingly legitimate prompts. The flaw mirrors CVE-2025-32711 (EchoLeak), where hidden email prompts triggered Copilot to exfiltrate data via crafted image URLs, underscoring XPIA as a repeatable threat vector. Microsoft’s patch, fully deployed by March 11, 2026, mitigates the issue, but organizations were advised to restrict Copilot’s data access, enforce Purview sensitivity labels, and monitor activity logs for unusual retrieval patterns. The discovery highlights the security risks of integrating AI assistants into trusted workflows without robust boundary controls.

Microsoft Patches 83 Flaws in March 2026 Update, Including Zero-Click Excel AI Exploit Microsoft’s March 2026 Patch Tuesday addressed 83 vulnerabilities, including a high-severity flaw in Excel (CVE-2026-26144) that enables zero-click data theft via AI-driven attacks. The bug, rated 7.5/10, combines cross-site scripting (XSS) with indirect prompt injection to exploit Microsoft’s Copilot assistant. The vulnerability stems from Excel’s failure to properly neutralize malicious input in web-generated content. Attackers could embed harmful links in Excel files, which execute when viewed in the preview pane without requiring the user to open the file. If Copilot is active, the AI could be tricked into exfiltrating sensitive data to an external server. While patching is the recommended fix, temporary mitigations include restricting outbound traffic from Office apps, monitoring Excel network requests, or disabling Copilot. Alongside this flaw, Microsoft resolved eight critical vulnerabilities among the 83 total fixes in this month’s update. The incident highlights the growing risks of AI integration in productivity tools.

Microsoft Discloses Critical RCE Vulnerability in Office Suite (CVE-2026-26110) On March 10, 2026, Microsoft revealed a high-severity Remote Code Execution (RCE) vulnerability in its Office suite, tracked as CVE-2026-26110, with a CVSS score of 8.4. The flaw stems from a type confusion weakness (CWE-843), where Office misinterprets data types during processing, leading to memory corruption. Exploiting this vulnerability allows attackers to execute arbitrary code on a victim’s system without user interaction or elevated privileges, making it a prime target for cybercriminals. The attack vector is classified as local, meaning threat actors must first gain access to a system often via phishing, malicious downloads, or other initial access methods. Once exploited, the flaw grants full system control, enabling attackers to deploy ransomware, steal sensitive data, or pivot deeper into corporate networks. Microsoft has confirmed that while no active exploits have been observed in the wild, the public disclosure increases the risk of reverse-engineering by ransomware groups and state-sponsored actors. To mitigate the threat, Microsoft has released a patch, urging organizations to apply updates immediately through official channels, enable automatic updates, and deploy Endpoint Detection and Response (EDR) solutions to monitor suspicious Office processes. Restricting user privileges is also recommended to limit potential damage from secondary attack vectors. The vulnerability’s high impact on confidentiality, integrity, and availability underscores the urgency of remediation.

Ransomware Groups Abuse Microsoft’s AzCopy for Stealthy Data Exfiltration Ransomware operators are exploiting Microsoft’s trusted Azure data transfer tool, AzCopy, to covertly exfiltrate sensitive data before encryption. By leveraging this legitimate utility commonly used for cloud migrations and backups attackers evade detection, blending malicious activity into routine IT operations. How the Attack Works AzCopy, a command-line utility for moving large datasets to and from Azure Storage, is rarely flagged by endpoint detection and response (EDR) solutions due to its widespread corporate trust. Threat actors, including groups like BianLian and Rhysida, use AzCopy to bulk-upload stolen files to attacker-controlled Azure Blob storage via HTTPS connections to domains like `*.blob.core.windows.net`, which often bypass firewall restrictions. Attackers gain access through compromised Azure credentials or storage keys, then generate Shared Access Signature (SAS) tokens embedded with permissions and time windows to execute transfers without interactive logins. To avoid detection, they throttle transfer speeds using the `--cap-mbps` flag and filter files with `--include-after` to target recent, high-value data. Evasion and Detection Challenges AzCopy’s use of legitimate cloud infrastructure and standard HTTPS traffic makes it difficult to distinguish from normal operations. In some cases, exfiltration went undetected by endpoint security tools, with attackers deleting local log files (`%USERPROFILE%\.azcopy`) to erase evidence. Traditional detection methods, which focus on third-party exfiltration tools, often miss these "living-off-the-land" attacks. Mitigation and Response Security teams must monitor for anomalous AzCopy activity, such as off-hours transfers or unusual data volumes under service accounts. User and Entity Behavior Analytics (UEBA) can flag abnormal file access, while network monitoring should restrict direct internet access from servers to known endpoints. Application control policies can limit AzCopy execution to approved hosts and accounts. Incident response plans should include steps to revoke SAS tokens, rotate keys, and coordinate with cloud providers to mitigate data loss. As ransomware groups increasingly weaponize trusted cloud tools, organizations must adapt detection strategies to account for legitimate utilities being turned against them.

OAuth Device Code Phishing Emerges as a Major Cybersecurity Threat Cybercriminals are increasingly shifting from traditional credential theft to OAuth device code phishing, a stealthy attack method that bypasses multi-factor authentication (MFA) to hijack corporate accounts. By exploiting legitimate Microsoft 365 authorization flows, threat actors steal access tokens, enabling account takeovers, email compromise, and ransomware deployment all without needing a victim’s password. Previously a niche red-team tactic, this attack vector has surged in scale, fueled by AI-driven phishing kits and Phishing-as-a-Service (PhaaS) platforms like EvilTokens, Tycoon, and ODx. These kits, sold on Telegram, provide cybercriminals with dynamic code generation, AI-crafted landing pages mimicking trusted brands (e.g., DocuSign, Adobe, SharePoint), and pre-built infrastructure for large-scale campaigns. A key evolution in this threat is the real-time generation of device codes once short-lived (15 minutes), these codes are now dynamically created the moment a victim clicks a malicious link. Victims are directed to Microsoft’s legitimate device login portal, where they unknowingly authorize the attacker’s access. Since the process uses official Microsoft endpoints, traditional security training (e.g., spotting fake URLs) is ineffective. Notable threat actors, including the financially motivated group TA4903, have abandoned older business email compromise (BEC) tactics in favor of these kits. Recent campaigns have impersonated HR departments or federal courts, using malicious QR codes embedded in PDFs to evade email filters. While attackers leverage advanced AI tools, poor operational security often exposes their infrastructure. However, detection remains challenging, as victims interact with genuine Microsoft pages. Mitigation strategies recommended by researchers include: - Blocking device code authorization entirely via Conditional Access policies. - Allow-listing device code usage to approved networks or compliant devices if blocking isn’t feasible. Security teams can reference Indicators of Compromise (IOCs) such as domains like onedrive-7tu[.]techroboticslabmade-techie-com-s-account[.]workers[.]dev to hunt for malicious activity. These IOCs, observed as recently as May 2026, highlight the ongoing evolution of this threat.

Microsoft Word Zero-Day Vulnerability (CVE-2026-21514) Exploited in the Wild On February 10, 2026, security researchers disclosed CVE-2026-21514, a critical zero-day vulnerability in Microsoft Word that allows attackers to bypass key security protections. The flaw, classified under CWE-807 (improper security decision-making based on untrusted inputs), exploits weaknesses in how Word processes Object Linking and Embedding (OLE) controls. OLE enables documents to embed and interact with external objects, but the vulnerability permits attackers to circumvent Microsoft’s mitigations against malicious COM/OLE controls. This bypass could facilitate unauthorized code execution or further exploitation when users open specially crafted documents. Reports confirm active exploitation in the wild, with threat actors leveraging the flaw to deliver phishing attacks via compromised enterprise email accounts. The vulnerability poses a significant risk to organizations relying on Microsoft Office for document processing, particularly those handling sensitive or high-value data. Microsoft has not yet released a patch for CVE-2026-21514, leaving users exposed until an official fix is deployed. Security teams are advised to monitor for updates and implement mitigations where possible.

Ransomware Threat Actors Exploit Windows Minifilter Drivers for Evasion Ransomware remains the most financially destructive cyberattack targeting organizations globally. A key defensive tool in Windows minifilter drivers has become a double-edged sword in this battle. Positioned within the file system I/O pipeline, minifilters enable real-time monitoring, interception, and blocking of malicious file operations, serving as a critical early-warning mechanism for endpoint detection and response (EDR) systems. The Filter Manager, a kernel-mode component, simplifies minifilter development by providing a robust API, eliminating the need for legacy filter drivers. However, operating in kernel-mode (Ring 0) introduces significant risks. Poorly coded callbacks or conflicts in driver "altitude" can trigger Blue Screens of Death (BSOD) on critical servers, undermining security rather than enhancing it. Threat actors are increasingly exploiting these vulnerabilities through BYOVD (Bring Your Own Vulnerable Driver) attacks, which disable or blind minifilters to evade detection. While minifilters offer strong visibility into file activity, their effectiveness hinges on stability if the security agent crashes the OS before the attacker does, the defense fails. This tactic highlights a growing trend in ransomware operations, where adversaries target foundational security mechanisms to bypass protections and maximize impact.

Stryker Cyberattack Disrupts Global Medical Equipment Operations U.S.-based medical technology giant Stryker confirmed that a cyberattack disrupted its global networks, impacting operations across its systems. The incident, disclosed in recent reports, highlights growing cybersecurity threats targeting critical healthcare infrastructure. Stryker, a leading manufacturer of surgical equipment, implants, and medical devices, has not released details on the nature of the attack, its origin, or whether ransomware or data exfiltration was involved. The company has not specified the duration of the disruption or the extent of the operational impact, though such incidents often lead to delays in production, supply chain interruptions, and potential risks to patient care. The attack underscores the vulnerability of healthcare and medical device companies to cyber threats, which have increasingly become high-value targets for malicious actors. No further updates on recovery efforts or regulatory responses have been provided at this time.

Russian APT28 Exploits Microsoft Office Zero-Day Within Days of Patch Release Russia-linked advanced persistent threat (APT) group APT28 (also known as Fancy Bear, Sofacy, or Sednit) has rapidly weaponized CVE-2026-21509, a recently patched zero-day vulnerability in Microsoft Office, to conduct cyber-espionage attacks targeting organizations in Central and Eastern Europe. The flaw, a security feature bypass in Microsoft 365 and Office, allows attackers to execute arbitrary code via unsafe COM/OLE behavior. Microsoft released a patch on January 26, 2026, after confirming active exploitation, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog the same day. APT28 began exploiting the vulnerability just three days later, on January 29, as part of a campaign tracked by Zscaler as Operation Neusploit. The attacks use malicious Microsoft Rich Text Format (RTF) documents to trigger a multistage infection chain, delivering payloads designed to steal emails and establish persistence on compromised systems. ### Key Attack Details - Exploitation Method: APT28 leverages phishing lures in English, Romanian, Slovak, and Ukrainian, employing server-side filtering to deliver malicious DLLs only to targeted regions and systems with expected headers. - Malware Payloads: - MiniDoor: A lightweight Visual Basic for Applications (VBA) tool designed to exfiltrate emails from Microsoft Outlook. - PixyNetLoader: A more complex dropper that deploys nested malicious code, ultimately loading a Covenant Grunt backdoor (a repurposed penetration testing tool). - Command-and-Control (C2): APT28 abuses Filen.io, a legitimate cloud service, for C2 communications, prompting recommendations to monitor or block related traffic. - Evasion Techniques: The attack chain includes WebDAV downloads, COM hijacking, shellcode hidden in PNG files, and the use of the Covenant framework for post-exploitation. ### Impact & Response Security researchers, including Zscaler’s Deepen Desai and Xcape’s Noelle Murata, emphasize the speed and sophistication of APT28’s exploitation. While no other threat groups have been observed abusing the flaw yet, proof-of-concept (PoC) exploits have been released, increasing the risk of broader adoption. Microsoft has provided registry configurations to mitigate the vulnerability, though organizations must restart Office applications for protections to take effect. The incident underscores the rapid weaponization of vulnerabilities by state-sponsored actors, particularly those with the resources to exploit complex flaws before widespread patching occurs.

Massive Credential Breach Exposes 149 Million Logins in Unsecured Database A security researcher recently uncovered a staggering data exposure involving 149 million usernames and passwords left unprotected on the internet. The database, hosted by a Canadian service provider, was freely accessible via a standard web browser, allowing anyone to search and extract sensitive login details without authentication. The breach remained active for about a month, with new credentials continuously added before the hosting provider took it offline following notification. The compromised data spanned a wide range of platforms, including: - Email services: 48 million Gmail, 4 million Yahoo, and 1.5 million Microsoft Outlook accounts - Social media: 17 million Facebook, 780,000 TikTok, and 100,000 OnlyFans logins - Streaming & entertainment: 3.4 million Netflix subscriptions - Financial services: 420,000 Binance cryptocurrency accounts, along with banking and credit card details - Government & education: 1.4 million .edu domain credentials and other official systems Investigators traced the breach to infostealing malware, which infects devices through phishing, malicious downloads, or compromised websites. The malware logs keystrokes and captures login credentials, funneling them into centralized databases like the one discovered. Each entry included unique identifiers, suggesting the database was designed for large-scale criminal operations, such as account takeovers or ransomware attacks. The implications of this breach are severe, with risks ranging from identity theft and financial fraud to potential espionage via compromised government and academic accounts. The incident reflects a broader trend of unsecured databases and the growing accessibility of cybercrime tools renting infrastructure for such operations can cost as little as $200–$300 per month, enabling even low-skilled threat actors to amass vast troves of data. While no immediate exploits have been confirmed, the exposure underscores persistent vulnerabilities in data security practices. Similar breaches have repeatedly demonstrated how quickly stolen credentials circulate on underground forums, prolonging the threat long after the initial leak. The full impact of this incident may unfold over time as attackers exploit the exposed information.

Massive Exposed Database Containing 149 Million Credentials Discovered Online Security researcher Jeremiah Fowler uncovered a publicly accessible database containing 149 million usernames and passwords, including credentials for major platforms and sensitive systems. The unsecured collection, which was freely accessible via a web browser, included 48 million Gmail accounts, 17 million Facebook logins, 420,000 Binance credentials, 3.4 million Netflix accounts, 780,000 TikTok logins, and 100,000 OnlyFans accounts. Additionally, it held 1.5 million Microsoft Outlook, 900,000 Apple iCloud, and 1.4 million .edu credentials, along with login details for government systems and consumer bank accounts. Fowler reported the database to the Canadian hosting provider, which took it offline after nearly a month for violating its terms of service. During this period, the database continued to grow, suggesting ongoing data collection. Fowler suspects the credentials were harvested via infostealing malware, which logs keystrokes when victims enter login details on compromised sites. The discovery highlights the thriving infostealer market, where stolen credentials are sold for as little as $10 per log on the dark web. The simplicity of such malware makes it a popular tool for cybercriminals, enabling large-scale credential theft with minimal effort. The incident underscores the risks of unsecured databases and the widespread impact of infostealer-driven breaches.

Microsoft Patches Critical SQL Server Privilege Escalation Flaw (CVE-2026-20803) On January 13, 2026, Microsoft released security updates to address a critical elevation of privilege vulnerability in SQL Server, tracked as CVE-2026-20803. The flaw allows authenticated attackers to bypass authentication controls and gain elevated system privileges remotely, posing a significant risk to affected systems. The vulnerability stems from missing authentication mechanisms in the database engine and impacts multiple SQL Server versions, including SQL Server 2022 and 2025. With a CVSS score of 7.2, Microsoft rated the issue as "Important" severity. End-of-life SQL Server instances, which no longer receive security updates, are particularly vulnerable, as attackers actively target known weaknesses in unpatched systems. Organizations running affected versions are advised to apply the latest patches promptly. For systems that cannot be upgraded, mitigation measures such as isolation, restricted access, and heightened monitoring are recommended to reduce exposure. The flaw also introduces risks related to memory dumping in SQL Server 2022 and 2025, further emphasizing the need for immediate action.

TeamPCP Exploits Cloud Misconfigurations in Large-Scale Cybercrime Operation A threat actor known as TeamPCP (also operating under aliases like PCPcat and ShellForce) is conducting automated, worm-like attacks on misconfigured and exposed cloud management services, compromising at least 60,000 servers worldwide since late December. The group’s campaign primarily targets Azure (60% of attacks), AWS (37%), and Google and Oracle cloud environments, exploiting well-documented vulnerabilities and misconfigurations rather than developing new attack methods. TeamPCP’s operations involve scanning for exposed Docker APIs, Kubernetes clusters, Ray dashboards, and systems with leaked secrets (such as `.env` files). Once inside, the group deploys malicious Python and Shell scripts to install proxies, tunneling software, and persistence mechanisms, effectively converting compromised infrastructure into a self-propagating botnet. A key tool in their arsenal is the React2Shell vulnerability (CVE-2025-29927), which allows remote command execution and data exfiltration. The group monetizes its attacks through multiple revenue streams, including: - Cryptocurrency mining using hijacked compute resources. - Data theft and extortion, with stolen records including personal IDs, employment records, and résumés published on a leak site operated by an affiliate, ShellForce. - Selling access to compromised systems for use as proxies or command-and-control infrastructure. - Ransomware deployment, leveraging infected systems as launchpads for further attacks. Notably, TeamPCP has targeted JobsGO, a Vietnamese recruitment platform, exfiltrating over two million records containing sensitive personal and professional data. Most victims are located in South Korea, Canada, the U.S., Serbia, and the UAE, with stolen information often used for phishing, impersonation, or account takeovers. Despite its sophistication, TeamPCP’s techniques are not novel the group relies on automated exploitation of known vulnerabilities and recycled tooling. Security firm Flare warns that the threat actor’s strength lies in its large-scale automation, turning exposed cloud infrastructure into a distributed criminal ecosystem. The group also maintains a Telegram channel (launched in November, with ~700 members) for updates and reputation-building, though researchers suggest it may have operated under previous aliases. The campaign underscores the risks of unsecured cloud control planes, leaked credentials, and poor access controls, as TeamPCP continues to industrialize existing attack vectors with alarming efficiency.

TeamPCP Launches Large-Scale Cloud Exploitation Campaign Targeting Misconfigured Infrastructure A threat group tracked as TeamPCP (also known as PCPcat, ShellForce, and DeadCatx3) has orchestrated a widespread cloud exploitation campaign, converting vulnerable cloud infrastructure into a self-propagating cybercrime platform. Active since late 2025, the group focuses on exposed cloud control planes rather than traditional endpoint malware, leveraging weak configurations and publicly accessible management interfaces for initial access. The campaign peaked around December 25, 2025, with hundreds of compromised servers running attacker-controlled containers. Researchers identified at least 185 confirmed Docker compromises in one phase, though the true scale is likely far larger. Targets include exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and applications vulnerable to React2Shell (CVE-2025-29927). ### Automated Worm-Like Propagation At the core of the operation is proxy.sh, a script that deploys tunneling tools (FRPS, gost), scanners, and persistence mechanisms. If running inside Kubernetes, it executes kube.py, which enumerates cluster resources, harvests credentials, and spreads laterally via privileged DaemonSets that mount host filesystems. Another module, react.py, exploits React2Shell vulnerabilities in Next.js applications, extracting environment variables, cloud credentials, SSH keys, and Git tokens before exfiltrating data to attacker-controlled servers. A high-volume scanner, pcpcat.py, pulls CIDR ranges from public cloud providers and automatically deploys malicious containers on exposed Docker and Ray APIs, creating a worm-like feedback loop where each infected system becomes a new propagation node. ### Hybrid Monetization: Mining, Proxies, and Data Theft TeamPCP repurposes compromised servers for multiple revenue streams: - Cryptomining (XMRig, often obfuscated with double base64 encoding) - Proxy and tunneling infrastructure - C2 relays and internet scanning platforms - Data theft staging servers While mining revenue appears modest, the group has leaked sensitive data, including 2.3 million job applicant records from a recruitment platform, containing names, birthdates, employment histories, and contact details. ### Cloud-First Targeting Strategy Most compromised infrastructure is hosted on public cloud providers, with Azure accounting for 61% of observed victims and AWS 36%. The campaign demonstrates the industrialization of known weaknesses abusing exposed Docker, Kubernetes, and Redis services rather than relying on novel exploits. Defensive measures against such attacks include restricting public access to management APIs, enforcing authentication, preventing privileged containers, and monitoring for unauthorized DaemonSets and job submissions.

VoidLink Malware Framework Exposes Critical Gaps in Kubernetes and AI Workload Security In December 2025, Check Point Research disclosed VoidLink, a sophisticated Linux malware framework designed to infiltrate cloud-native and AI workloads, marking a shift in how threat actors target modern infrastructure. Developed by the previously unknown advanced persistent threat (APT) group UAT-9921 active since at least 2019 VoidLink is purpose-built for stealthy, long-term persistence in containerized and Kubernetes environments, rather than repurposed from legacy Windows tooling. The malware employs advanced evasion techniques, including rootkit-style tactics, in-memory execution, self-modifying code, and anti-analysis checks to remain fileless and undetectable by traditional security tools. It fingerprints its environment to identify major cloud providers (AWS, GCP, Azure, Alibaba, Tencent) and adapts its behavior based on whether it runs on bare metal, VMs, Docker containers, or Kubernetes pods. Once deployed typically via stolen credentials or exploited enterprise services like Java serialization flaws VoidLink harvests cloud metadata, credentials, and secrets, enabling command-and-control (C2), lateral movement, and internal reconnaissance. Cisco Talos highlighted VoidLink’s compile-on-demand capability, describing it as a near-production-ready foundation for AI-enabled attack frameworks that dynamically generate tools for operators. The framework’s design, deemed "defense contractor-grade," underscores a broader trend: adversaries are increasingly focusing on Kubernetes, microservices, and AI workloads as primary attack surfaces. Recent campaigns reflect this evolution. ShadowRay 2.0 and the TeamPCP worm have weaponized AI infrastructure, hijacking GPU clusters and Kubernetes environments to create self-propagating botnets using LLM-generated payloads and privileged DaemonSets. Meanwhile, container escape vulnerabilities like NVIDIAScape (CVE-2025-23266) demonstrated how minor Dockerfile misconfigurations could grant host-level root access, with researchers estimating exposure in over a third of cloud environments. The AI supply chain is also under siege, with threats ranging from LangFlow RCE enabling remote code execution and account takeovers to malicious Keras models executing arbitrary code when loaded from public repositories. Security researchers have identified nearly 100 poisoned machine-learning models on trusted platforms, revealing how even "safe" AI assets can conceal backdoors. Industry data underscores the urgency: Red Hat reports that 90% of organizations experienced at least one Kubernetes security incident in the past year, while container-based lateral movement in Kubernetes environments surged in 2025. VoidLink’s evasion tactics encrypting code, operating in memory, and tampering with user-space observability exploit a critical blind spot in many security programs. Traditional detection methods, reliant on user-space agents and log-based monitoring, struggle to counter threats designed to bypass them. To address this gap, runtime security solutions like Hypershield developed by Isovalent (now part of Cisco) leverage eBPF to provide kernel-level observability and enforcement. By deploying eBPF programs in the Linux kernel, Hypershield monitors process execution, syscalls, file access, and network activity in real time, mapping events to Kubernetes namespaces, pods, and workload identities. Cisco’s analysis demonstrates how Hypershield can track and mitigate VoidLink across its kill chain, circumventing the malware’s evasion tactics by detecting behavior directly at the kernel level. The rise of VoidLink and similar threats such as AI-driven botnets and supply chain exploits highlights a stark reality: many organizations lack visibility and control within Kubernetes environments, where AI models and core business workloads operate. While investments in endpoint, identity, and cloud monitoring have grown, they have not kept pace with the shift to workload-centric security. Integrating kernel-level runtime telemetry into SOC workflows is now critical to detecting and containing these attacks in real time. Cisco’s approach combines Hypershield’s eBPF-based enforcement with platforms like Splunk to correlate workload signals with broader security operations, offering a model for defending against cloud-native, AI-aware threats.

Critical Vulnerabilities in Chainlit AI Framework Expose Sensitive Data and Enable Lateral Movement Security researchers at Zafran Security have uncovered two high-severity vulnerabilities collectively dubbed ChainLeak in Chainlit, a widely used open-source AI framework for building conversational chatbots. The flaws, tracked as CVE-2026-22218 (CVSS 7.1) and CVE-2026-22219 (CVSS 8.3), could allow authenticated attackers to steal sensitive data, escalate privileges, and move laterally within compromised systems. ### Key Vulnerabilities and Exploit Scenarios 1. CVE-2026-22218 (Arbitrary File Read) - Affects the `/project/element` update flow due to insufficient validation of user-controlled fields. - Enables attackers to read any file accessible to the service, including system environment variables (`/proc/self/environ`), which may contain API keys, credentials, and internal file paths. - If Chainlit uses SQLAlchemy with SQLite, attackers could also exfiltrate database files. 2. CVE-2026-22219 (Server-Side Request Forgery - SSRF) - Exploitable when Chainlit is configured with the SQLAlchemy data layer backend. - Allows attackers to send arbitrary HTTP requests to internal network services or cloud metadata endpoints (e.g., AWS EC2 IMDSv1 at `169.254.169.254`). - If deployed on AWS EC2 with IMDSv1, this could lead to retrieving IAM role credentials, enabling further lateral movement within the cloud environment. Zafran researchers warned that combining these flaws could collapse AI application security, turning a seemingly contained issue into full system compromise. ### Impact and Adoption - Chainlit has seen 7.3 million total downloads, with 220,000 in the past week alone, per Python Software Foundation data. - The vulnerabilities were responsibly disclosed on November 23, 2025, and patched in Chainlit v2.9.4 (released December 24, 2025). ### Broader AI Security Concerns Zafran highlighted that as organizations rapidly adopt AI frameworks, traditional vulnerabilities (like SSRF and arbitrary file reads) are being embedded into AI infrastructure, creating new attack surfaces. ### Parallel Discovery: Microsoft MarkItDown MCP Server Flaw Separately, BlueRock disclosed an SSRF vulnerability (MCP fURI) in Microsoft’s MarkItDown Model Context Protocol (MCP) server, affecting AWS EC2 instances using IMDSv1. The flaw allows arbitrary URI calls, enabling: - Privilege escalation via metadata service access. - Data leakage through unrestricted URI requests. - AWS credential theft if an IAM role is attached to the instance. BlueRock’s analysis of 7,000 MCP servers found that 36.7% are likely exposed to similar SSRF risks. While mitigation steps (e.g., IMDSv2, private IP blocking, and allowlists) were suggested, the findings underscore persistent risks in AI and cloud-native environments.

Canada’s House of Commons suffered a cyber attack exploiting a zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770, CVSS 9.8). Hackers, suspected to be the China-linked APT group Salt Typhoon, breached a database containing employee information, including names, job titles, office locations, email addresses, and details of House-managed computers and mobile devices. While no group has claimed responsibility, the attack aligns with a broader pattern of Chinese state-sponsored cyber intrusions targeting Canadian government networks over the past four years. The stolen data poses risks of tailored phishing and impersonation attacks against officials. Investigations are ongoing, but the breach exposes internal configurations and heightens concerns over follow-on social engineering campaigns. The incident underscores vulnerabilities in critical Microsoft platforms, with similar exploits recently affecting organizations like Google and the US Department of Health and Human Services.

Microsoft Disrupts Fox Tempest Cybercrime Operation Selling Code-Signing Certificates to Ransomware Gangs Microsoft has seized websites and dismantled hundreds of virtual machines linked to Fox Tempest, a cybercrime service that sold fraudulent code-signing certificates to ransomware groups, enabling malware to bypass security checks by appearing as legitimate software. The operation, active since May 2025, exploited Microsoft’s Artifact Signing service by creating over 580 fake accounts under stolen identities to obtain and resell valid certificates. Among Fox Tempest’s customers was the ransomware group Vanilla Tempest (also known as Vice Spider, Vice Society, and Rhysida), which used the certificates to sign malware including the Oyster backdoor, Lumma and Vidar infostealers, and Rhysida ransomware facilitating unauthorized access, data theft, and extortion. Microsoft’s investigation also tied the operation to other ransomware affiliates, such as INC, Qilin, and Akira. Between February and March 2025, Microsoft’s Digital Crimes Unit (DCU) conducted undercover test purchases, posing as a buyer to document the service’s operations. Prices ranged from $5,000 for standard certificates to $9,500 for expedited delivery, with payments processed via cryptocurrency. The DCU traced transactions to wallets controlled by the operators, identified in court documents as John Doe 1 and 2 (alias SamCodeSign). The impact was widespread: Microsoft confirmed thousands of infected machines in the U.S., including at least 12 of its own systems, were compromised by malware signed with Fox Tempest’s certificates. The civil complaint, unsealed on Tuesday, describes ongoing criminal activity, including unauthorized access, data exfiltration, and ransomware deployment.

Microsoft 365 Environments Exposed by Chained Vulnerabilities in Email APIs and OAuth Token Leaks Security researchers have uncovered a high-impact attack chain exploiting two medium-severity vulnerabilities in Microsoft 365 environments, enabling authenticated phishing that bypasses email security controls and grants persistent access to corporate systems. The first flaw involves unsecured email API endpoints commonly found in newsletter signup forms or contact pages that lack proper input validation. Attackers can manipulate JSON payloads to send phishing emails directly from an organization’s legitimate mail servers, evading SPF, DKIM, and DMARC protections. These emails appear to originate from trusted internal sources, such as IT or HR, increasing the likelihood of successful deception. The second vulnerability stems from verbose error messages in production environments. When malformed requests trigger stack traces, poorly configured servers may expose active OAuth 2.0 bearer tokens, including JSON Web Tokens (JWT) for Microsoft Graph API. These tokens often grant broad permissions to user directories, Teams channels, and SharePoint files. By chaining these weaknesses, attackers can execute a multi-stage assault: 1. Reconnaissance & Extraction – Triggering verbose errors to harvest valid OAuth tokens. 2. Data Theft – Using the tokens to query Microsoft Graph API and download employee directories, identifying high-value targets. 3. Targeted Phishing – Leveraging the compromised email endpoint to send "authenticated" phishing messages, appearing as legitimate internal communications. 4. Persistence – Regenerating tokens by re-exploiting the error condition, maintaining access even if credentials change. The attack underscores the risks of seemingly minor misconfigurations, as medium-severity flaws can combine to create critical security gaps. Organizations are advised to enforce strict input validation on public-facing forms and restrict error messages in production to prevent sensitive data exposure. According to Verizon’s 2025 Data Breach Investigations Report, email remains the primary attack vector, with human error driving 60% of breaches.

Microsoft Outlook Add-In Hijacked in "Zombie" Phishing Attack, Stealing Credentials and Payment Data Security researchers at Koi AI have uncovered a novel phishing campaign exploiting a dormant Microsoft Outlook add-in, dubbed "AgreeTo", to steal Microsoft account logins, passwords, credit card details, and bank security answers from thousands of users. Originally released in 2022 as a legitimate meeting scheduler, AgreeTo was abandoned by its developer, allowing its hosting domain (outlook-one.vercel.app) to expire. Since Office add-ins function as web pages loaded in an iframe within Outlook rather than static downloads attackers seized control of the abandoned subdomain, instantly gaining access to the add-in’s interface without requiring reapproval from Microsoft. The add-in’s 2022 manifest file, which passed Microsoft’s initial security review, granted it “ReadWriteItem” permissions, enabling it to read and modify emails. Once hijacked, the attackers replaced the original scheduler with a fake Microsoft login page, tricking users into entering credentials. A malicious script then harvested emails, passwords, IP addresses, credit card numbers, and security question answers, exfiltrating the data to a Telegram bot controlled by the attackers. Koi AI infiltrated the bot’s channel, recovering evidence of over 4,000 victims, with attackers actively testing stolen credentials at the time of discovery. While Microsoft removed the add-in from its store, phishing sites remained active, and no CVE has been assigned. The incident highlights a critical flaw in Microsoft’s add-in security model: once approved, add-ins are never rechecked, even if their underlying web content changes. Unlike traditional malware, this "zombie" attack leverages dynamic dependencies add-ins that update silently without user or vendor oversight. While the attackers in this case focused on phishing, the same technique could have enabled email spoofing, inbox surveillance, or further lateral movement within compromised accounts. The attack underscores broader supply chain risks in modern applications, where third-party dependencies can become vectors for exploitation long after initial deployment. Microsoft has not yet announced mitigations, but potential fixes could include runtime URL validation, periodic manifest re-reviews, or sandboxing to limit add-in privileges.

Chinese National Extradited to U.S. in Major Cyber Espionage Case Linked to MSS A Chinese national, Xu Zewei, was extradited from Italy to the United States to face charges for his alleged role in a large-scale cyber espionage campaign orchestrated by China’s Ministry of State Security (MSS). Xu, alongside co-conspirator Zhang Yu who remains at large is accused of breaching thousands of computers worldwide while employed by Shanghai Powerock Network Co. Ltd., a firm prosecutors describe as a front for state-sponsored hacking operations. The campaign targeted U.S. universities, COVID-19 research organizations, and law firms, with attackers seeking sensitive data on vaccines, treatments, and testing. Prosecutors also link Xu to the HAFNIUM operation, which exploited vulnerabilities in Microsoft Exchange Server in 2021 to compromise email systems and infiltrate victim networks. The attacks, disclosed by Microsoft in March 2021, prompted emergency security updates from U.S. agencies, including the FBI and CISA, after affecting over 12,700 U.S. organizations. According to court documents, Xu and his associates installed web shells on exploited servers, enabling remote access and data exfiltration. Victims included a university in Texas and a global law firm with offices in Washington, D.C. The MSS, including its Shanghai State Security Bureau (SSSB), allegedly directed the hacking, leveraging a network of private contractors to obscure its involvement. Xu faces charges of wire fraud, computer intrusion, and aggravated identity theft, with potential prison sentences ranging from two to 20 years per count. U.S. officials emphasized that China’s use of third-party contractors in cyber operations has led to indiscriminate targeting, leaving systems vulnerable to further exploitation and enabling the sale of stolen data to other malicious actors. The case underscores the MSS’s reliance on private entities to conduct state-backed cyber espionage while distancing itself from direct attribution.

Chinese National Extradited to U.S. for Cyber Intrusions Linked to HAFNIUM and COVID-19 Research Theft A 34-year-old Chinese national, Xu Zewei (徐泽伟), was extradited to the U.S. over the weekend and appeared in federal court in Houston on a nine-count indictment for his role in state-sponsored cyber intrusions between February 2020 and June 2021. Xu, along with co-conspirator Zhang Yu (张宇), 44, is accused of participating in the HAFNIUM campaign a large-scale hacking operation that compromised thousands of systems worldwide, including U.S. organizations and targeting COVID-19 research during the pandemic. According to court documents, Xu’s activities were directed by officers of the PRC’s Ministry of State Security (MSS) Shanghai State Security Bureau (SSSB), China’s primary intelligence agency. At the time of the intrusions, Xu worked for Shanghai Powerock Network Co. Ltd., one of many Chinese "enabling" companies used by the PRC government to conduct cyber operations while obscuring its direct involvement. The indictment alleges that in early 2020, Xu and his co-conspirators hacked U.S. universities, immunologists, and virologists working on COVID-19 vaccines, treatments, and testing. On February 19, 2020, Xu confirmed to an SSSB officer that he had breached a Texas-based research university’s network. Days later, the officer instructed him to target specific email accounts belonging to researchers, which Xu later accessed and exfiltrated. From late 2020 into 2021, Xu and Zhang exploited vulnerabilities in Microsoft Exchange Server, a widely used email platform, as part of the HAFNIUM campaign. Microsoft publicly disclosed the state-sponsored attacks in March 2021, prompting the release of patches and detection tools. Despite mitigation efforts, hundreds of U.S. systems remained compromised. In April 2021, the U.S. Justice Department conducted a court-authorized operation to remove web shells installed by the hackers. By July 2021, the U.S. and its allies formally attributed the HAFNIUM campaign to the PRC’s MSS. Among the victims were a second Texas university and a global law firm, where Xu and Zhang installed web shells to maintain access and search for sensitive information. Their searches included terms like "Chinese sources," "MSS," and "HongKong," suggesting an interest in U.S. policy and intelligence-related data. The indictment highlights the PRC’s use of private contractors to conduct cyber espionage, allowing the government to distance itself from the operations. Xu faces charges including conspiracy to commit wire fraud, unauthorized access to protected computers, intentional damage to computer systems, and aggravated identity theft, with potential penalties totaling decades in prison. Zhang remains at large. The case is being investigated by the FBI’s Houston Field Office and prosecuted by the U.S. Attorney’s Office for the Southern District of Texas and the DOJ’s National Security Cyber Section. Xu’s extradition from Italy was secured with assistance from Italian law enforcement, including the Polizia Postale.