Definitely Tzar @definitelytzar - Tumblr Blog

Dutch Police Dismantle 17 Million-Device Botnet: Asocks Proxy Network Disrupted

In a landmark international cybersecurity operation, the Dutch National Police and the National Cyber Security Centre (NCSC) have successfully dismantled one of the largest botnet infrastructures ever recorded. The operation, concluded in late May 2026, disrupted a massive proxy network controlling an estimated 17 million infected devices worldwide, ranging from home routers and IoT gadgets to smartphones and personal computers.

The Operation: Scale and Execution

The takedown involved the seizure of more than 200 servers located within the Netherlands that served as the command-and-control (C2) infrastructure for the botnet. The investigation was initiated after a security researcher reported suspicious activity related to the sprawling proxy network to the NCSC.

Upon confirming the criminal nature of the infrastructure, the hosting provider cooperated with authorities to take the servers offline, while police seized the hardware for forensic analysis. Although no arrests were announced at the time of the disruption, the operation has significantly degraded the capability of the criminals behind the network to launch large-scale attacks.

Local media and cybersecurity analysts have linked the disrupted botnet to "Asocks," a commercial service that sold access to residential and mobile proxies. By leveraging compromised devices, Asocks provided customers with IP addresses that appeared to belong to legitimate home users, making malicious traffic difficult to distinguish from normal browsing activity.

How the Botnet Operated

The botnet functioned as a residential proxy network, a type of infrastructure highly prized by cybercriminals for its ability to evade detection:

- Infection Vector: Devices were compromised through malware infections, often delivered via phishing emails, malicious downloads, or exploitation of unpatched vulnerabilities in routers and IoT firmware. - Traffic Routing: Once infected, devices silently routed internet traffic from criminals through their own legitimate residential IP addresses. - Anonymity Layer: This routing made cyberattacks appear to originate from ordinary internet users in specific geographic locations, bypassing IP-based blocklists and fraud detection systems used by banks, e-commerce platforms, and social media sites.

This "legitimacy" allowed the botnet to facilitate a wide range of criminal activities with a high success rate.

Criminal Activities Enabled

The 17 million compromised devices were weaponized to support numerous illicit operations:

- Distributed Denial-of-Service (DDoS) Attacks: Overwhelming target servers with traffic from millions of分散 sources. - Credential Stuffing & Brute-Force Attacks: Testing billions of stolen username/password pairs against banking, email, and social media logins without triggering rate limits. - Phishing Campaigns: Hosting phishing pages on residential IPs to evade blacklists and improve deliverability. - Click Fraud: Generating fake ad clicks to defraud advertisers and inflate revenue for accomplice websites. - Spamming: Distributing massive volumes of unsolicited emails for scams and malware distribution. - SMS Pumping Fraud: Artificially inflating SMS traffic to generate revenue from telecom carriers. - Malware Distribution: Serving as staging grounds for delivering ransomware, infostealers, and banking trojans.

The Rise of "Botnet-as-a-Service"

The Asocks-linked botnet exemplifies the commoditization of cybercrime infrastructure. Rather than building their own botnets, attackers can now rent access to millions of IPs on demand:

- Low Barrier to Entry: Affordably priced subscriptions allow even low-skill actors to launch sophisticated attacks. - Plausible Deniability: Service operators claim they are merely providing "proxy services," obscuring the criminal intent of their customer base. - Global Reach: With devices in nearly every country, criminals can geo-target attacks with precision.

This model has fueled an explosion in automated attacks, with the Verizon 2026 Data Breach Investigations Report noting that vulnerability exploitation and automated credential stuffing are now the leading causes of corporate breaches.

Impact on Victims

The owners of the 17 million infected devices were unwitting participants in this criminal ecosystem:

- Performance Degradation: Infected devices often experience slower internet speeds, reduced battery life (on mobiles), and increased data consumption. - Legal Risk: Victims could theoretically face legal scrutiny if their IP addresses are linked to serious crimes (e.g., child exploitation material distribution, financial fraud) before the takedown. - Privacy Exposure: Compromised devices may have been subject to additional surveillance, with attackers potentially accessing local network traffic or connected devices.

Recommendations for Protection

The Dutch National Police and NCSC issued the following guidance to prevent devices from becoming part of such botnets:

- Update Firmware and OS: Regularly patch routers, IoT devices, smartphones, and computers. Many botnets exploit known vulnerabilities that have had patches available for months or years. - Change Default Credentials: Immediately replace factory-default passwords on routers and IoT devices with strong, unique passwords. - Enable Two-Factor Authentication (2FA): Protect online accounts to prevent unauthorized access even if credentials are stolen via credential stuffing. - Download from Trusted Sources: Avoid pirated software, cracked applications, and unofficial app stores, which are common malware vectors. - Avoid Suspicious Links: Do not click links in unsolicited emails, SMS messages, or social media posts. - Use Security Software: Install and maintain reputable antivirus/anti-malware solutions on all capable devices. Regularly scan for infections. - Monitor Network Traffic: Use router admin panels or network monitoring tools to identify unusual outbound connections or data spikes. - Disable Unused Features: Turn off remote management (WAN access) on routers and disable UPnP if not needed.

Broader Implications for IoT Security

The sheer scale of this botnet—17 million devices—underscores the systemic insecurity of the Internet of Things (IoT):

- Lack of Patching Mechanisms: Many IoT manufacturers do not provide firmware updates, leaving devices vulnerable indefinitely. - Hardcoded Credentials: Some devices ship with unchangeable default passwords, making them trivial to compromise via automated scanners. - Short Product Lifecycles: Manufacturers often abandon support for devices within 1-2 years, long before they are physically obsolete. - Consumer Awareness Gap: Most users do not realize their smart bulbs, cameras, or thermostats can be weaponized as part of a botnet.

Regulatory efforts, such as the EU's Cyber Resilience Act and the U.S. IoT Cybersecurity Improvement Act, aim to mandate minimum security standards for connected devices. However, enforcement remains challenging, and the installed base of insecure legacy devices will remain a threat for years to come.

Conclusion

The Dutch police takedown of the 17 million-device botnet is a significant victory for global cybersecurity, disrupting a major source of criminal infrastructure. However, it also serves as a stark reminder of the fragility of our connected ecosystem.

As long as manufacturers prioritize speed-to-market over security, and consumers neglect basic hygiene like patching and password changes, botnets will continue to emerge. The shift toward "Botnet-as-a-Service" models lowers the barrier for cybercrime, enabling more actors to inflict harm at scale.

For individuals and organizations, the lesson is clear: every unpatched device is a potential soldier in someone else's army. Securing your corner of the internet is not just about protecting your own data—it's about denying criminals the resources they need to attack others.

#AndroidMalware #cybercrime #cybersecurity #DDoS #IoTBotnet

ShinyHunters Leaks 42M Charter Communications Records: Third-Party Risk in Focus

In a significant escalation of cybercriminal activity targeting telecommunications infrastructure, the notorious ShinyHunters data extortion group has leaked what it claims to be 42 million customer records from Charter Communications, one of the largest broadband providers in the United States. The breach represents one of the largest telecom data exposures of 2026 and raises critical questions about third-party vendor risk management.

The Breach: Scope and Impact

According to ShinyHunters' announcement on May 30-31, 2026, the compromised dataset includes:

- Customer PII: Names, email addresses, phone numbers, and physical addresses for approximately 4.9 million unique email addresses. - Employee Directory: Internal data for roughly 85,000 employees, including job titles and organizational structure. - Verification Claims: The group released sample data to verify authenticity, though full database contents remain under investigation.

Charter Communications has issued a statement denying that sensitive Customer Proprietary Network Information (CPNI) was exfiltrated. CPNI includes call detail records, location data, and service usage patterns—information that would be significantly more damaging if exposed. However, the sheer volume of personal identifiable information (PII) alone presents substantial risks for phishing campaigns, identity theft, and targeted social engineering attacks.

ShinyHunters: A Persistent Threat Actor

The ShinyHunters group has established a pattern of high-profile breaches throughout 2025-2026, demonstrating a focus on organizations with large consumer databases:

- 7-Eleven (Earlier 2026): Approximately 185,000 individuals affected with similar PII exposure. - Carnival Cruise (April 2026): Nearly 6 million people affected in a breach also claimed by ShinyHunters. - Instructure/Canvas LMS: Claimed theft of data from approximately 275 million users. - Medtronic: Medical device maker targeted, though listing was later removed from leak site.

This pattern suggests ShinyHunters prioritizes organizations where stolen data can be monetized through multiple channels: direct sale on dark web markets, extortion of the victim company, and long-term use in credential stuffing or business email compromise (BEC) campaigns.

The Third-Party Risk Vector

While Charter has not disclosed the specific attack vector, industry analysts suggest this breach likely originated through a third-party vendor or business process outsourcing (BPO) partner rather than a direct compromise of Charter's core infrastructure. This aligns with broader 2026 trends identified in the Verizon Data Breach Investigations Report (DBIR):

- Third-Party Breaches Surged 60%: Supply chain and vendor-related incidents are now the dominant entry point for large-scale data theft. - Vulnerability Exploitation Leads: For the first time in nearly two decades, exploiting software vulnerabilities (31% of breaches) has surpassed stolen credentials as the primary initial access method. - AI-Powered Acceleration: Threat actors are using generative AI to identify and weaponize vulnerabilities faster than defenders can patch, compressing the window from disclosure to exploitation.

Regulatory and Compliance Implications

This breach occurs during a critical period for telecommunications regulation:

- FCC Scrutiny: The FCC has increased enforcement around CPNI protections following several 2025-2026 telecom breaches. Charter's assertion that CPNI was not compromised may be an attempt to limit regulatory exposure. - State Notification Laws: With 4.9 million unique emails potentially affected, Charter will face mandatory notification requirements across all 50 U.S. states, each with different timelines and content requirements. - Class Action Risk: Given the scale, plaintiff attorneys are likely to file consolidated class action lawsuits alleging negligence in vendor oversight and data protection practices.

Recommendations for Affected Customers

Charter customers and employees should take immediate protective measures:

- Enable Multi-Factor Authentication (MFA): Secure Charter account credentials with MFA to prevent unauthorized access even if passwords are compromised. - Monitor for Phishing: Expect highly targeted phishing emails referencing real account details. Verify all communications independently before clicking links or providing information. - Credit Monitoring: Consider placing fraud alerts or credit freezes with major bureaus (Equifax, Experian, TransUnion) to prevent new account fraud. - Password Rotation: Change passwords for any accounts using the same credentials as Charter services, especially email and financial accounts.

Broader Industry Lessons

The Charter breach underscores several critical lessons for enterprise security teams:

- Vendor Due Diligence: Organizations must conduct rigorous security assessments of BPO partners and vendors with access to customer data. Contractual indemnification is insufficient without technical verification. - Data Minimization: Limiting the amount of PII retained by third parties reduces blast radius when breaches occur. Consider tokenization or pseudonymization for non-essential data fields. - Continuous Monitoring: Implement dark web monitoring and threat intelligence feeds to detect leaked credentials or data associated with your organization before criminals can weaponize them. - Incident Response Readiness: Have pre-drafted notification templates, call center scripts, and regulatory reporting procedures ready. Delays in communication erode customer trust and invite regulatory scrutiny.

Conclusion

The ShinyHunters leak of Charter Communications data represents a stark reminder that even well-resourced enterprises remain vulnerable to supply chain compromises. As threat actors increasingly leverage AI to accelerate vulnerability discovery and automate social engineering at scale, the traditional perimeter defense model is insufficient. Organizations must adopt a zero-trust approach to vendor relationships, assuming that any third party with data access could become the weakest link in the security chain.

For Charter's 42 million customers, the breach is a call to action: assume your data is compromised, secure your accounts, and remain vigilant against the inevitable wave of follow-on attacks that will exploit this stolen information for years to come.

#cybersecurity #data-breach #privacy #ransomware #ShinyHunters

Critical Flowise RCE Exploit CVE-2026-40933: One-Click AI Platform Compromise

A critical Remote Code Execution (RCE) vulnerability, designated CVE-2026-40933, has been disclosed in Flowise, a widely adopted open-source platform for building Large Language Model (LLM) workflows and AI agents. With a near-perfect CVSS score of 9.9, this flaw allows attackers to execute arbitrary code on vulnerable servers simply by tricking an administrator into importing a malicious chatflow configuration.

The Vulnerability: Command Injection via MCP

Discovered by Obsidian Security, the vulnerability stems from a systemic command injection issue within the Anthropic Model Context Protocol (MCP) adapter used by Flowise. Specifically, the flaw arises from unsafe serialization of stdio (standard input/output) commands within the MCP adapter.

The attack vector is deceptively simple:

- Malicious Payload Creation: An attacker creates a specially crafted chatflow JSON file containing a malicious Custom MCP Tool configuration with embedded shell commands. - Social Engineering: The attacker convinces a Flowise administrator to import this chatflow—potentially disguised as a useful template, integration, or community contribution. - One-Click Exploitation: Upon import, Flowise processes the MCP configuration without proper validation, triggering immediate server-side code execution.

Crucially, no further interaction is required. The act of importing the chatflow is sufficient to compromise the system.

Impact: Full Server Compromise

Successful exploitation grants attackers OS-level execution privileges. In typical containerized deployments (Docker, Kubernetes), this often translates to root access within the container, enabling:

- Credential Theft: Extraction of API keys, database passwords, LLM provider tokens (OpenAI, Anthropic, etc.), and environment variables stored in plaintext. - Lateral Movement: Pivoting from the Flowise instance to connected services, internal networks, or cloud infrastructure using stolen credentials. - Data Exfiltration: Access to conversation logs, user inputs, proprietary workflows, and any data processed by the AI agents. - Persistence: Installation of backdoors, web shells, or cryptocurrency miners that survive service restarts.

For organizations using Flowise in production environments—particularly those handling sensitive customer data or integrating with critical business systems—this vulnerability represents an existential threat.

Affected Versions and Patch Status

Vulnerable: All Flowise versions prior to 3.1.0

Patched: Flowise 3.1.0 and later include input validation checks designed to prevent malicious MCP configurations from being imported.

However, security researchers have raised concerns about the comprehensiveness of the initial fix. Some reports suggest that alternative exploitation paths may still exist, warranting continued vigilance even after patching.

Flowise Cloud: The managed cloud offering is not affected, as stdio MCP is disabled by default in the hosted environment.

Immediate Mitigation Steps

If you operate a self-hosted Flowise instance, take the following actions immediately:

1. Upgrade to Version 3.1.0 or Later npm update flowise # Or, if using Docker: docker pull flowiseai/flowise:latest docker-compose restart 2. Disable Stdio MCP (Recommended)

If your deployment does not require stdio-based MCP integrations, disable them entirely by setting the following environment variable before starting Flowise:

CUSTOM_MCP_PROTOCOL=sse

This forces Flowise to use Server-Sent Events (SSE) for MCP communication, which is not vulnerable to this injection attack.

3. Audit Imported Chatflows

Review all chatflows imported in the last 90 days, especially those sourced from community repositories, GitHub gists, or third-party marketplaces. Look for:

- Custom MCP Tool nodes with unfamiliar configurations - Shell command executions or script invocations - Connections to unknown external endpoints 4. Rotate Compromised Credentials

If you suspect your instance may have been exploited prior to patching:

- Rotate all API keys stored in Flowise environment variables - Change database passwords and connection strings - Revoke and regenerate LLM provider tokens (OpenAI, Anthropic, Azure OpenAI) - Audit cloud IAM roles attached to the deployment for unauthorized access 5. Implement Network Segmentation

Restrict Flowise's network access to only required endpoints:

- Block outbound connections to unknown IPs/domains - Place Flowise behind a firewall or in a isolated VPC/subnet - Use egress filtering to prevent data exfiltration

Broader Implications for AI Infrastructure Security

CVE-2026-40933 highlights a growing class of vulnerabilities at the intersection of AI orchestration and traditional application security:

The "Import" Attack Surface

Many AI platforms (Flowise, LangChain, LlamaIndex) allow users to import/export workflow configurations as JSON or YAML files. These files are often treated as data rather than code, bypassing security reviews. However, as this vulnerability demonstrates, configuration files can be executable payloads when deserialized without strict validation.

MCP and the Expanding Trust Boundary

The Model Context Protocol (MCP) enables AI agents to interact with external tools, databases, and APIs. While powerful, MCP significantly expands the trust boundary of AI systems. Each integrated tool represents a potential injection point, and unsafe serialization of tool parameters can lead to RCE, SQL injection, or SSRF vulnerabilities.

AI-Specific Supply Chain Risks

The AI ecosystem relies heavily on community-contributed components, templates, and integrations. Unlike traditional software supply chains, AI component marketplaces often lack rigorous security vetting. A single malicious chatflow template distributed through a popular repository could compromise thousands of downstream deployments.

Recommendations for AI Platform Operators

Beyond immediate patching, organizations deploying AI orchestration platforms should adopt the following security practices:

- Treat Configuration as Code: Apply the same security review processes to chatflow JSON files as you would to application source code. Use version control, peer review, and automated scanning for imported configurations. - Principle of Least Privilege: Run Flowise and similar platforms with minimal permissions. Avoid running as root, and use read-only filesystems where possible. - Secret Management: Never store API keys or credentials in environment variables accessible to the application. Use dedicated secret management solutions (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) with fine-grained access controls. - Runtime Protection: Deploy runtime application self-protection (RASP) or container security tools that can detect and block suspicious process execution, network connections, or file access patterns. - Vendor Due Diligence: Before adopting AI orchestration platforms, evaluate their security posture: frequency of security audits, bug bounty programs, incident response capabilities, and transparency around vulnerability disclosures.

Conclusion

CVE-2026-40933 serves as a stark reminder that the rapid innovation cycle in AI infrastructure often outpaces security hardening. The convenience of one-click integrations and community templates comes with inherent risks that must be actively managed.

For Flowise administrators, the window of exposure is closing—but only if action is taken immediately. Upgrade to version 3.1.0, disable stdio MCP, audit your chatflows, and rotate credentials. For the broader AI industry, this vulnerability underscores the urgent need for secure-by-design architectures that treat configuration files as potential attack vectors and enforce strict boundaries between AI agents and the systems they control.

The age of AI-driven automation demands a new paradigm of security—one where every imported workflow is scrutinized, every tool integration is validated, and every credential is protected as if it were the key to the kingdom. In many cases, it is.

#AISecurity #ai-vulnerability #cybersecurity #dynamicworkforce #llm #open-source

The Rise of the Agentic Economy: How Crypto is Powering the New AI Agent Ecosystem

The synergy between Artificial Intelligence (AI) and Blockchain technology has evolved from a conceptual experiment into a fully realized economic engine. A recent report reveals that a "developed ecosystem" based on cryptocurrency has sprung up for AI agents, transitioning these autonomous entities from mere tools into active participants of a global, decentralized economy.

The Rise of the Agentic Economy

In 2026, AI agents are no longer just executing prompts; they are operating as primary users of blockchain technology. By equipping agents with their own digital wallets, developers have granted them financial autonomy. This allows software to hold funds, sign transactions, and execute complex agreements without the need for traditional banking intermediaries or continuous human oversight.

This shift has birthed the "Agentic Economy," where AI agents independently manage resources, procure data, and settle payments, fundamentally altering the nature of digital commerce.

Infrastructure: Enabling Machine-to-Machine (M2M) Payments

The core of this ecosystem is the transition from traditional API subscriptions to real-time machine-to-machine payments. The traditional credit card and billing cycle model is economically unfeasible for the micro-transactions required by AI agents.

Several critical infrastructure developments are driving this change:

- Micropayment Protocols: Tools like Coinbase's x402 and the Machine Payments Protocol (MPP) allow agents to pay for compute and data per request. - The Dominance of Stablecoins: USDC has become the default settlement asset. Between May 2025 and April 2026, AI agents settled over $73 million across 176 million transactions, with 98.6% conducted in USDC due to its stability and near-instant finality. - Secure Wallet Permissions: The Ethereum network's EIP-7702 upgrade now allows users to grant temporary, scoped permissions to AI agents via session keys, ensuring agents can act on a user's behalf without possessing full custody of their assets.

Verifiability and the Role of DePIN

As AI agents handle more financial transactions, the "black box" transparency problem has become a critical risk. The industry is solving this through Zero-Knowledge Machine Learning (ZKML), which provides mathematical proof that an AI's output is untampered and follows specific rules.

Furthermore, Decentralized Physical Infrastructure Networks (DePIN), such as Render and Akash, provide the uncensored, cost-effective GPU power necessary for AI training and inference. This ensures that the agentic economy is not solely dependent on a few centralized cloud providers, reducing the risk of systemic outages or censorship.

Challenges: From KYC to KYA

Despite the rapid growth, the ecosystem faces significant hurdles. The most pressing is the shift from "Know Your Customer" (KYC) to "Know Your Agent" (KYA). As agents begin to outnumber humans in on-chain transactions, identifying the intent and origin of an autonomous entity becomes the primary bottleneck for security and regulation.

Other emerging concerns include:

- Legal Liability: Current legal frameworks do not define who is responsible when an autonomous agent enters a contract or commits a financial error. Data Sovereignty: New protocols are emerging that allow individuals to monetize their own data for AI training, shifting value from Big Tech back to the users. - The "Invisible Tax": AI agents often extract data from ad-supported websites without contributing to their revenue, necessitating new usage-based compensation models for the open web.

Conclusion: A New Paradigm for Value Transfer

The integration of AI and crypto is not merely about adding a wallet to a bot; it is about creating a system where intelligence and value transfer are seamlessly integrated. As AI agents begin making a significant percentage of daily financial decisions autonomously, the blockchain provides the only viable ledger capable of supporting a global, trustless, and machine-native economy.

#AIandBlockchain #AutonomousAIAgents

Bitcoin ETFs Face Net Outflows for 2026 After Six-Day Loss Streak Drains .55 Billion

US spot Bitcoin Exchange-Traded Funds (ETFs) are facing a critical inflection point in 2026. Following a six-day consecutive loss streak that concluded on May 24, approximately $1.55 billion has been drained from these funds, pushing cumulative net inflows for the year down to just $536 million. The market now teeters on the edge of recording net outflows for the full year—a stark reversal from the record-breaking performance of 2024 and 2025.

The Scale of the Exodus

The magnitude of this downturn becomes apparent when comparing current performance to previous years. BlackRock's iShares Bitcoin Trust (IBIT), despite leading the market with $2.7 billion in year-to-date inflows, is trailing significantly behind the $25 billion it attracted throughout 2025. On Friday alone, IBIT saw $68.9 million in outflows, while Fidelity Wise Origin Bitcoin Fund (FBTC) recorded $36.3 million in withdrawals.

This trend extends beyond the major players. Most competing Bitcoin ETFs have experienced net outflows this year, signaling a broad-based shift in institutional sentiment rather than isolated fund-specific issues.

Macroeconomic Headwinds: The Treasury Yield Factor

The primary driver behind this reversal appears to be macroeconomic rather than crypto-specific. Rising Treasury yields have dampened expectations for imminent Federal Reserve interest rate cuts, prompting institutional investors to adopt a more risk-averse stance.

This development highlights a growing correlation between Bitcoin ETF performance and traditional financial market indicators. As yields on government bonds become more attractive, the risk-adjusted return profile of Bitcoin becomes less compelling for conservative institutional allocators. This marks a maturation of Bitcoin's market dynamics—where it increasingly trades as a macro asset rather than an uncorrelated alternative investment.

Structural Underperformance in 2026

Market analysts describe the current environment as a "structural underperformance" of Bitcoin spot ETF inflows compared to the previous two years. Bitcoin itself has experienced an over 11% decline year-to-date, compounding the negative sentiment.

The sustained ETF outflows point to institutional position-taking without a corresponding visible spot demand. This divergence suggests that while institutions may be reducing their ETF exposure, they are not necessarily exiting Bitcoin entirely—some may be moving holdings to self-custody or alternative investment vehicles.

Bright Spot: Morgan Stanley's MSBT

Amidst the broader trend of outflows, the Morgan Stanley Bitcoin Trust ETF (MSBT) stands out as a positive performer. Since its launch on April 8, MSBT has attracted $264 million in net inflows. This success is potentially attributed to its competitive market-low fee of 0.14%, suggesting that cost-conscious investors are gravitating toward lower-expense options even in a bearish environment.

What This Means for the Market

The potential for net outflows in 2026 represents a psychological threshold for the Bitcoin ETF market. After two years of unprecedented inflows that legitimized Bitcoin as an institutional asset class, a negative year could signal:

- Profit-Taking Phase: Early adopters may be locking in gains from the 2024-2025 bull run. - Macro Sensitivity: Bitcoin ETFs are now subject to the same interest rate dynamics as traditional risk assets. - Market Maturation: The initial euphoria has worn off, and ETF flows are beginning to reflect genuine investment cycles rather than speculative fervor.

Key Data Points:

- Six-Day Outflow Total: ~$1.55 billion - 2026 Net Inflows (Remaining): ~$536 million - IBIT YTD Inflows: $2.7 billion (vs. $25 billion in 2025) - MSBT Inflows (Since Launch): $264 million - Bitcoin YTD Performance: -11%

#AIandBlockchain #Bitcoin #BitcoinETF #cryptoregulation #marketanalysis

Crypto Entrepreneur Chun Wang to Command SpaceX's First Crewed Mars Mission

In a landmark announcement that bridges the cryptocurrency and aerospace industries, SpaceX has selected Chun Wang to command its first crewed interplanetary mission. The ambitious journey will utilize the Starship spacecraft for a flyby of Mars, marking a significant milestone in the privatization of deep space exploration.

From Bitcoin to Mars: Chun Wang's Journey

Wang, a Chinese-born Maltese citizen and co-founder of the renowned Bitcoin mining pool F2Pool, is no stranger to spaceflight. In March 2025, he commanded and funded the historic Fram2 mission—a three-day polar orbit around Earth aboard a SpaceX Crew Dragon. That mission achieved the first human flight in a polar retrograde orbit with an all-civilian crew, demonstrating Wang's commitment to pushing the boundaries of commercial spaceflight.

The upcoming Mars mission represents an even greater leap. Planned as a two-year round trip, the mission will not attempt a landing but will conduct a comprehensive flyby of the Red Planet. Before this interplanetary voyage, Wang also plans to participate in a week-long Starship trip around the Moon alongside engineer and investor Dennis Tito.

Mission Architecture and Timeline

SpaceX made the announcement during a webcast in May 2026, though a specific launch date has not yet been disclosed. Industry analysts note that Starship cargo flights to Mars are not anticipated before 2028, suggesting the crewed flyby mission will likely occur in the early 2030s.

The mission will leverage SpaceX's next-generation Starship vehicle, which is designed for full reusability and deep-space operations. This architecture allows for extended mission durations and the capability to return crew safely to Earth after the Mars flyby.

Inspiring the Next Generation

Wang has framed the mission as a catalyst for public engagement with space exploration. In his statement, he expressed hope that the mission will "light the fire, ignite the imagination, and build the momentum" for future Mars endeavors. His perspective emphasizes the importance of maintaining momentum in space exploration rather than deferring these ambitions to future generations.

Crypto Industry's Expanding Horizons

Wang's selection signals a growing trend of cryptocurrency entrepreneurs investing in and participating in high-profile ventures beyond blockchain technology. His transition from mining Bitcoin to commanding interplanetary missions illustrates the expanding influence of the crypto industry in sectors traditionally dominated by government agencies and legacy aerospace corporations.

Key Mission Facts:

- Commander: Chun Wang (Co-founder, F2Pool) - Spacecraft: SpaceX Starship - Mission Type: Mars flyby (no landing) - Duration: Approximately 2 years round trip - Pre-Mission: Week-long lunar Starship trip with Dennis Tito - Previous Experience: Fram2 polar orbit mission (March 2025)

#AIandBlockchain #cryptoregulation

Megalodon Supply Chain Attack Infects 5,500 GitHub Repositories via CI/CD Pipelines

In a startling display of automated aggression, a supply chain attack dubbed "Megalodon" has infected over 5,500 GitHub repositories in a single six-hour window. Discovered by cybersecurity researchers at SafeDep on May 18, 2026, this campaign represents a significant escalation in the targeting of CI/CD pipelines, leveraging a technique known as direct Poisoned Pipeline Execution (d-PPE) to harvest sensitive credentials at scale.

The Attack Vector: Direct Poisoned Pipeline Execution

Unlike traditional supply chain attacks that compromise package dependencies, Megalodon targeted the build process itself. Attackers utilized accounts with write access to inject malicious GitHub Actions workflows directly into repository definitions. When these workflows executed, they triggered attacker-controlled commands designed to exfiltrate secrets from the CI/CD environment.

The primary targets were high-value credentials, including:

- Cloud Provider Keys: AWS, Google Cloud, and Microsoft Azure credentials. - Authentication Tokens: SSH keys, API tokens, and GitHub Actions OIDC tokens. - Deployment Secrets: Environment variables used for production deployments.

Automation and Evasion Tactics

The Megalodon campaign was characterized by its industrial-scale automation. Attackers deployed a network of fake GitHub accounts with random eight-character names, often impersonating automated services such as "build-bot," "auto-ci," and "pipeline-bot."

SafeDep analysis identified two primary infection methods:

- SysDiag: Adding a new, seemingly benign workflow file that exfiltrates data in the background. - Optimize-Build: Replacing existing system files with a dormant backdoor that can be activated remotely via the GitHub API.

Real-World Impact: The Tiledesk Incident

The downstream consequences of Megalodon extend beyond code repositories. Live chat and chatbot service Tiledesk was a notable victim, with hackers compromising nine of its GitHub code areas. This led to the unintentional publication of seven infected versions of their product to the public npm package registry, effectively spreading the infection from the source code level to the package ecosystem.

GitHub's Security Posture

While GitHub has not publicly commented on the Megalodon attack specifically, the incident coincides with a separate disclosure regarding unauthorized access to approximately 3,800 internal GitHub-owned repositories via a compromised employee device. This dual revelation underscores a critical vulnerability in the software supply chain: even platforms designed for secure development are not immune to credential-based attacks.

For developers and maintainers, we recommend:

- Audit Workflow Files: Review all .github/workflows files for unauthorized changes or suspicious job steps. - Rotate Secrets: Immediately rotate any cloud credentials, API tokens, or SSH keys that may have been exposed to CI/CD pipelines. - Pin Actions: Use SHA-hashed references for GitHub Actions instead of version tags to prevent tampering. - Review Commit History: Look for commits from unknown accounts, especially those with bot-like names pushing workflow changes.

#ci-cd-security #cybersecurity #devops-security #github #SupplyChainAttack

DocketWise Data Breach Impacts 143,000 Users: Critical Risks for Immigration Clients

DocketWise, a widely used immigration and legal case management platform, has confirmed a significant data breach impacting over 143,000 users. The incident, discovered in October 2025, highlights critical vulnerabilities in third-party data migration pipelines and poses severe risks to affected individuals, many of whom are immigration clients with highly sensitive legal and medical records.

Breach Vector: Valid Credentials, Not Software Exploit

According to DocketWise's disclosure, the attackers did not exploit a software vulnerability. Instead, they utilized valid credentials to access and clone data from third-party partner repositories integrated into DocketWise's data migration pipeline. This distinction is crucial: the attack bypassed technical defenses by leveraging authorized access, underscoring the growing threat of compromised credentials and supply chain vulnerabilities in legal tech.

While DocketWise has stated that the unauthorized access has been closed and there is no evidence that the data has been published online, the nature of the compromised information makes this breach particularly dangerous.

Scope of Compromised Data

The exposed data represents a goldmine for identity thieves and fraudsters. Depending on the individual, the compromised records may include:

- Personal Identifiers: Full names, addresses, dates of birth, and Social Security numbers. - Government IDs: Driver's license numbers, passport numbers, and other government-issued ID details. - Financial Data: Financial account numbers, payment card information, and related access credentials. - Tax Information: Tax identification numbers. - Medical Records: Health insurance policy numbers and medical treatment information. - Account Credentials: Usernames and access credentials for non-financial accounts.

Heightened Risk for Immigration Clients

This breach carries unique implications for immigration clients. The exposed documentation often includes proof of legal status, asylum claims, and medical history. This sensitive information could be weaponized for:

- Immigration Fraud: Bad actors could use cloned identities to file fraudulent immigration applications or claims. - Targeted Extortion: Knowledge of an individual's legal status or medical history could be used for blackmail or targeted scams. - Identity Theft: The comprehensive nature of the data (SSN, financial, and government IDs) facilitates full-spectrum identity theft.

Response and Mitigation

DocketWise has begun notifying affected individuals as of April 2026 and is offering two years of complimentary credit monitoring and identity restoration services. Several class-action law firms have already announced investigations into the incident.

For affected users, we recommend:

- Activate Credit Monitoring: Enroll in the provided services immediately. - Monitor Financial Accounts: Scrutinize bank and credit card statements for unauthorized transactions. - Beware of Phishing: Expect targeted phishing attempts referencing your real data. Verify all communications independently. - Freeze Credit: Consider placing a freeze on your credit reports with major bureaus to prevent new account fraud.

#cybersecurity #databreach

TrapDoor: Multi-Registry Supply Chain Attack Targeting AI and Web3 Developers

The developer ecosystem is facing a sophisticated new threat dubbed "TrapDoor," a coordinated supply chain campaign that has compromised over 34 malicious packages across three major registries: npm, PyPI, and Crates.io. This attack is not merely a simple credential stealer; it is a calculated operation targeting the most sensitive segments of the modern development stack, specifically focusing on AI researchers and Web3/DeFi developers.

The Multi-Vector Execution Strategy

TrapDoor is notable for its ecosystem-specific delivery methods, ensuring that the malware executes silently regardless of the language environment:

1. npm (JavaScript/TypeScript)

The attack utilizes postinstall hooks to deploy a shared payload called trap-core.js. Once active, this script performs a comprehensive scan for AWS and GitHub tokens, validating them via API calls before exfiltration. It also attempts lateral movement via SSH and establishes persistence through systemd, cron, and surprisingly, AI configuration files like .cursorrules and CLAUDE.md.

2. PyPI (Python)

The Python implementation employs a more dynamic approach. Upon import, the malicious package downloads a remote JavaScript payload from attacker-controlled GitHub Pages. This allows the threat actors to update the malware behavior in real-time without having to publish new versions to PyPI, effectively bypassing many static analysis tools.

3. Crates.io (Rust)

Targeting the high-performance world of Rust, TrapDoor leverages malicious build.rs scripts. These scripts execute during the compilation phase, specifically hunting for Sui and Move developer keystores. The stolen data is XOR-encrypted using the key cargo-build-helper-2026 before being uploaded to GitHub Gists.

The AI Angle: Weaponizing AI Tooling

Perhaps the most alarming aspect of TrapDoor is its attempt to exploit AI-powered coding assistants. Attackers have been found injecting hidden instructions—sometimes utilizing zero-width Unicode characters—into .cursorrules and CLAUDE.md files.

By manipulating these files, the malware tricks AI agents (like Cursor or Claude) into performing tasks under the guise of "security scans." These AI-driven workflows are then used to uncover and exfiltrate secrets that a traditional script might have missed, marking a new frontier in social engineering where the "victim" is the AI assistant itself.

Impact and Mitigation

The campaign specifically targets cryptocurrency wallets (Sui, Solana, Aptos), SSH keys, and cloud credentials. With a median detection time of only 5 minutes and 27 seconds, the window for reaction is incredibly small.

To protect your environment, we recommend:

- Strict Dependency Auditing: Use tools like npm audit or pip-audit, but complement them with behavioral analysis tools. - Secret Management: Move away from .env files and hardcoded keys toward dedicated secret managers (e.g., HashiCorp Vault, AWS Secrets Manager). - AI Config Hygiene: Be wary of any automatically generated or third-party .cursorrules or CLAUDE.md files in your repositories. - Credential Rotation: If you have installed any packages claiming to be "security auditors" or "performance helpers" since May 2026, rotate your API keys and SSH credentials immediately.

#AISecurity #AndroidMalware #cybersecurity #npm #PyPI #SupplyChainAttack #Web2toWeb3Bridge

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

For decades, typosquatting was seen as a "user error." It was the digital equivalent of a wrong turn—a user mistyping a URL, landing on a phishing site, and falling for a scam. But in 2026, the landscape has shifted. Typosquatting has evolved from a simple user mistake into a sophisticated, silent, and systemic supply chain problem.

The Shift: From URLs to Packages

Traditional typosquatting targeted the browser address bar. Modern typosquatting targets the developer's terminal. In the modern software development lifecycle, we rely on thousands of third-party libraries and packages via managers like npm, PyPI, and RubyGems. Attackers now publish malicious packages with names nearly identical to popular, legitimate ones (e.g., request-s instead of requests). A single keystroke error during a package installation can lead to a compromised development environment, a breached CI/CD pipeline, and eventually, a trojanized production application.

The AI Amplifier: "Slopsquatting" and LLM Hallucinations

Artificial Intelligence has drastically accelerated this threat. Large Language Models (LLMs) can now generate thousands of convincing domain and package name variants in seconds. More dangerously, we are seeing the rise of "slopsquatting." This occurs when AI-generated code—or an LLM used by a developer to suggest libraries—"hallucinates" a package name that sounds realistic but doesn't actually exist. Attackers monitor these hallucinations and preemptively register those names, creating a "trap" for any developer who trusts the AI's suggestion without verification.

Case Study: The Trust Wallet Attack (Dec 2025)

The danger of this evolution was starkly illustrated by the Trust Wallet attack in December 2025. This wasn't a case of a user mistyping a link. Instead, attackers used a self-replicating npm worm to harvest developer credentials and pushed a trojanized version of the official Chrome extension. The malicious code executed silently in the background, capturing seed phrases and transmitting them to the attacker's infrastructure—all while disguised as a legitimate analytics endpoint. Because the "trust" was established at the supply chain level, traditional firewalls, WAFs, and EDRs remained silent. No server was breached, yet $8.5 million was stolen in just 48 hours.

Why Traditional Security is Failing

Our current security stacks are designed to guard the perimeter. However, supply chain typosquatting operates *inside* the perimeter. - Visibility Gaps: Most security tools monitor the server, but they lack visibility into what a third-party script is doing once it executes in the client's browser. - Blind Trust in Signed Code: We often trust a package simply because it's in a public repository or signed by a certificate, ignoring the fact that the identity of the "signer" may be a fraud. - CI/CD Blindspots: Automated pipelines often pull the "latest" version of a dependency, which might be a freshly registered typosquatted package.

How to Defend the Supply Chain

Moving forward, the industry must move beyond "user education" and toward structural engineering: - Software Composition Analysis (SCA): Integrate tools that automatically verify package names and metadata against known-good registries before they enter the build. - Lockfiles and Pinning: Never use floating versions. Use package-lock.json or requirements.txt with strict hashes to ensure that the code you tested is the exact code you deploy. - Private Artifact Repositories: Stop pulling directly from public registries. Use a controlled gateway (like Artifactory or Nexus) to curate and approve allowed packages. - Dynamic Script Analysis: Implement monitoring that analyzes the actual behavior and network calls of third-party scripts in real-time, rather than relying on static domain reputation.

The Bottom Line

Typosquatting is no longer about a user being "careless" with a URL. It is a high-scale, AI-driven attack on the very foundation of how we build software. When the mistake happens in the supply chain, the impact is not a single phished user, but an entire compromised organization. It's time to treat typosquatting as a systemic risk, not a user error.

#SupplyChainSecurity #Typosquatting

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

In a significant blow to the ransomware ecosystem, Microsoft has successfully dismantled "Fox Tempest," a sophisticated malware-signing-as-a-service (MSaaS) operation that has been fueling cybercriminal activity since at least May 2025. The takedown, codenamed "OpFauxSign," marks a critical victory in the ongoing battle against supply chain attacks and ransomware distribution.

What Was Fox Tempest?

Fox Tempest operated as a underground service that allowed cybercriminals to purchase valid code-signing certificates for their malicious software. For fees ranging between $5,000 and $9,000, attackers could have their malware digitally signed, making it appear as legitimate software to Windows security defenses. The service acquired these certificates through Microsoft's Artifact Signing service by using stolen identities and impersonating legitimate organizations. This abuse of trust infrastructure allowed malware to bypass SmartScreen filters and other security controls that rely on code signatures as a trust indicator.

The Ransomware Connection

Microsoft's investigation uncovered direct links between Fox Tempest and several notorious ransomware groups, including: - INC Ransomware - Qilin - Akira - Rhysida One particularly active customer, identified as "Vanilla Tempest," used the service to create malicious installers for popular enterprise software such as AnyDesk, Microsoft Teams, PuTTY, and Webex. These fake installers were distributed through SEO poisoning and malvertising campaigns, leading to the deployment of backdoors, infostealers, and ransomware across thousands of systems globally.

The Takedown Operation

Microsoft's disruption effort involved multiple coordinated actions: - Infrastructure Seizure: The Fox Tempest website and associated infrastructure were seized and taken offline. - Certificate Revocation: Over 1,000 fraudulently obtained code-signing certificates were revoked, instantly invalidating malware signed with them. - VM Takedown: Hundreds of virtual machines used by the service were disabled. - Legal Action: Microsoft filed a lawsuit targeting both Fox Tempest and Vanilla Tempest operators.

Global Impact

The reach of Fox Tempest's operations was extensive, with attacks targeting critical sectors including: - Healthcare - Education - Government - Financial Services Victims spanned multiple countries, including the U.S., France, India, and China. The service's shift to pre-configured virtual machines on a major VPS provider in February 2026 indicated an escalation in operational sophistication before the takedown.

What This Means for Defenders

While this takedown removes a significant threat actor from the ecosystem, it also highlights a persistent vulnerability: the abuse of legitimate code-signing infrastructure. Organizations should: - Monitor Certificate Revocation Lists: Ensure security tools are checking for revoked certificates. - Implement Defense-in-Depth: Never rely solely on code signatures as a trust indicator. - Verify Software Sources: Download enterprise tools only from official vendor websites. - Enable Enhanced Logging: Track code-signing certificate validation events for anomalies.

The Bottom Line

Microsoft's takedown of Fox Tempest demonstrates the value of public-private collaboration and proactive threat hunting. However, as long as code-signing certificates hold trust value in security ecosystems, criminals will seek to abuse them. This operation is a victory, but not the end of the war on malware signing.

#FoxTempest #MalwareSigning

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has taken a significant step toward securing the future of AI development by open-sourcing two critical tools: RAMPART and Clarity. Released on May 20, 2026, these tools represent a shift from treating AI safety as a one-time checkpoint to embedding it as a continuous engineering discipline throughout the development lifecycle.

RAMPART: Continuous Red Teaming for AI Agents

Risk Assessment and Measurement Platform for Agentic Red Teaming (RAMPART) is an open-source, pytest-native framework designed for continuous safety and security testing of AI agents. Built on Microsoft's earlier PyRIT (Python Risk Identification Tool), RAMPART enables engineering teams to encode adversarial and benign scenarios as repeatable tests within their CI/CD pipelines. As AI systems evolve from simple text generators to autonomous agents capable of executing actions across connected systems, the attack surface expands dramatically. RAMPART addresses this by focusing on: - Cross-prompt injection attacks – preventing malicious prompts from hijacking agent behavior - Unintended behavioral regressions – catching safety issues before they reach production - Data exfiltration risks – ensuring agents don't leak sensitive information The framework allows teams to convert red-team findings and AI incidents into lasting regression coverage, ensuring that once a vulnerability is discovered and fixed, it stays fixed.

Clarity: Design-Time Safety Before Code

While RAMPART handles testing during development, Clarity operates even earlier in the process. Described as a "structured sounding board," Clarity guides development teams through critical conversations before a single line of code is written. Clarity walks engineers through four key phases: - Problem Clarification – defining what the agent should actually do - Solution Exploration – considering multiple approaches and their trade-offs - Failure Analysis – identifying what could go wrong and how to prevent it - Decision Tracking – documenting design intentions and assumptions for future reference By forcing teams to think through risks upfront, Clarity helps prevent costly design mistakes that are far harder to fix after deployment.

Why Open Source Matters

Microsoft's decision to open-source both tools signals a recognition that AI security cannot be solved by any single organization. As AI agents gain more autonomy and integrate deeper into enterprise systems, the entire ecosystem benefits from shared, practical tools that operationalize safety. Both RAMPART and Clarity can be deployed flexibly—RAMPART integrates into existing testing pipelines, while Clarity can run as a desktop app, web UI, or even embedded directly into a coding agent.

The Bottom Line

For organizations building AI agents, these tools offer a pragmatic path forward. Instead of treating safety as an afterthought or a compliance checkbox, RAMPART and Clarity embed security into the fabric of development—catching issues early, testing continuously, and documenting decisions transparently. In an era where AI agents can execute transactions, access databases, and interact with users autonomously, this shift from reactive to proactive security isn't just best practice—it's essential.

#ClarityAI #MicrosoftRAMPART

Critical Drupal Core Vulnerability: PostgreSQL SQLi Leads to Potential RCE

A critical security flaw has emerged in Drupal Core, potentially allowing unauthenticated attackers to execute arbitrary code on servers using PostgreSQL databases. Tracked as CVE-2026-9082, the vulnerability is a high-severity SQL injection within Drupal's database abstraction API, posing an immediate risk to thousands of enterprises and government websites worldwide.

The Vulnerability: SQL Injection in the Database API

The heart of the issue lies in how Drupal Core handles certain queries specifically when interfacing with PostgreSQL. Due to an oversight in the database abstraction layer, an anonymous user can craft a malicious request that "breaks out" of the intended query structure. This allows the attacker to inject their own SQL commands.

While SQL injection is often used for data exfiltration (stealing passwords or user lists), the severity here is amplified because it can lead to Remote Code Execution (RCE). By manipulating the database's response or using specific PostgreSQL functions, an attacker can pivot from a database query to executing commands directly on the underlying operating system.

Affected Versions and Remediation

Drupal released critical security updates on May 20, 2026. Because this flaw can be exploited by anonymous users without any prior authentication, the risk of rapid mass-exploitation is extremely high.

Immediate Action Required: Site administrators should update to the following versions immediately:

- Drupal 11.3.x $ ightarrow$ Update to 11.3.10 - Drupal 11.2.x $ ightarrow$ Update to 11.2.12 - Drupal 10.6.x $ ightarrow$ Update to 10.6.9 - Drupal 10.5.x $ ightarrow$ Update to 10.5.10 - Drupal 11.1/11.0/10.4 $ ightarrow$ Apply the "best-effort" security patches provided by Drupal.

The "PostgreSQL Specific" Danger

Many CMS vulnerabilities are generic, but this specific focus on PostgreSQL is a reminder of the importance of Database-Aware Security. Developers often assume that using an abstraction layer (like Drupal's API) automatically sanitizes all inputs. However, as seen in CVE-2026-9082, a specific implementation detail in how the API interacts with one particular database engine can create a critical hole that doesn't exist for MySQL or SQLite users.

Insights for System Administrators

Beyond just clicking "update," security-conscious admins should consider the following layers of defense:

- Principle of Least Privilege: Ensure the database user that Drupal uses does not have superuser privileges. If the DB user cannot execute system-level commands, the pivot from SQLi to RCE is significantly harder. - WAF Tuning: Deploy a Web Application Firewall (WAF) to detect and block common SQL injection patterns (e.g., UNION SELECT or pg_sleep()). - Egress Filtering: If an attacker manages to achieve RCE, they usually attempt to "phone home" to a Command & Control (C2) server. Strict egress filtering on the web server can block this communication.

Reflection

The Drupal Core PostgreSQL vulnerability is a textbook example of why "patching today" is the only acceptable response to a critical RCE disclosure. In the modern threat landscape, the gap between a vulnerability disclosure and a public exploit is often measured in hours, not days.

The most dangerous phase of this vulnerability is the "window of ignorance"—the time between the patch release and the moment an admin actually applies it. For any organization running Drupal on PostgreSQL, that window must be closed immediately.

#critical-vulnerability #cybersecurity #drupal #patch-management #postgresql #rce #sqli #web-security

Nx Console 18.95.0 Compromised: Credential Stealer Targets 2.2M VS Code Developers

A compromised version of the Nx Console extension for VS Code has been discovered stealing credentials from over 2.2 million developers. Version 18.95.0 of the popular extension (rwl.angular-console) contained a multi-stage credential stealer that silently harvested secrets from developer workstations within seconds of opening any workspace.

The Attack Vector

The breach originated from a compromised developer machine that leaked GitHub credentials. Attackers used these credentials to push an unsigned orphan commit to the official nrwl/nx repository, introducing stealer malware that triggered immediately upon workspace initialization.

The malicious payload, a 498 KB obfuscated script, was fetched from a dangling orphan commit hidden inside the official repository. It launched as a detached background process and began harvesting credentials from:

- 1Password vaults - Anthropic Claude Code configurations - npm tokens - GitHub credentials - AWS secrets

Sigstore Integration: A Dangerous Capability

What makes this attack particularly dangerous is the payload's full Sigstore integration, including Fulcio certificate issuance and SLSA provenance generation. Combined with stolen npm OIDC tokens, attackers could publish downstream npm packages with valid, cryptographically signed provenance attestations—making malicious packages appear as legitimate, verified builds.

Indicators of Compromise

The Nx team confirmed that a "few users were compromised" during the exposure window: May 18, 2026, 2:36 PM CEST to 2:47 PM CEST (approximately 11 minutes).

Affected users should check for:

- Files: ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist, /var/tmp/.gh_update_state, /tmp/kitty-* - Processes: Python running cat.py or any process with __DAEMONIZED=1 in environment variables

Remediation

Developers must update to Nx Console version 18.100.0 or later immediately. If version 18.95.0 was installed during the exposure window, all credentials reachable from the affected machine must be rotated—including tokens, secrets, and SSH keys.

Reflection

This marks the second time the Nx ecosystem has been targeted within a year. In August 2025, the s1ngularity campaign infected several npm packages with credential stealers. The shift from npm packages to VS Code extensions represents an evolution in supply chain attacks: instead of waiting for a build pipeline to execute malicious code, attackers now compromise the developer's workstation directly.

The lesson is clear: developer workstations are now part of the software supply chain. Protecting them requires the same rigor as protecting CI/CD pipelines—multi-factor authentication, hardware security keys, and continuous monitoring for anomalous behavior.

#credential-stealer #cybersecurity #developer-security #github-actions #npm #nx-console #sigstore #supply-chain-attack #vs-code-extension

GitHub Actions Compromised: Imposter Commits Steal CI/CD Credentials

A sophisticated supply chain attack has compromised the popular actions-cool/issues-helper GitHub Action, redirecting all existing tags to imposter commits designed to steal CI/CD credentials. The attack represents a new evolution in software supply chain exploitation, bypassing traditional code review processes entirely.

The Imposter Commit Technique

Unlike traditional supply chain attacks that inject malicious code through pull requests or direct commits, this attack used "imposter commits"—deceptive references that point to malicious code existing only in an adversary-controlled fork, rather than the original trusted repository.

StepSecurity researcher Varun Sharma explained: "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history. That commit contains malicious code that exfiltrates credentials from CI/CD pipelines that run the action."

How the Attack Worked

When a GitHub Actions workflow referenced the compromised action by version tag, the following sequence occurred:

- The workflow pulled the malicious commit (thinking it was legitimate) - The action downloaded the Bun JavaScript runtime to the runner - It read memory from the Runner.Worker process to extract credentials - Stolen data was exfiltrated via HTTPS to t.m-koschecom

Connection to Mini Shai-Hulud Campaign

The exfiltration domain overlaps with the Mini Shai-Hulud campaign that recently compromised @antv npm packages, suggesting both attacks are part of a coordinated operation. Philipp Burckhardt, head of threat intelligence at Socket, confirmed: "That points to the same Mini Shai-Hulud activity cluster, not a separate npm-only incident."

Scope of Compromise

In addition to issues-helper, 15 tags associated with actions-cool/maintain-one-comment were also compromised with identical functionality. GitHub has since disabled access to both repositories due to violations of its terms of service.

StepSecurity warned: "Because every tag now resolves to malicious commits, any workflow that references the action by version pulls the malicious code on its next run. Only workflows pinned to a known-good full commit SHA are unaffected."

Remediation

Organizations using these actions must:

- Immediately remove references to actions-cool/issues-helper and actions-cool/maintain-one-comment - Rotate all CI/CD credentials that may have been exposed - Pin future actions to full commit SHAs instead of version tags - Monitor outbound connections from CI/CD runners for suspicious domains

Reflection

The imposter commit technique demonstrates a fundamental weakness in how GitHub Actions resolves dependencies. Tags are mutable references that can be rewritten by anyone with write access to a repository—whether that access was obtained legitimately or through compromise.

For enterprises relying on GitHub Actions for CI/CD, the lesson is unequivocal: never trust tags. Pinning to full commit SHAs provides cryptographic assurance that the code you're running is exactly what you reviewed. Anything less is an invitation to supply chain compromise.

#ci-cd-security #credential-theft #cybersecurity #devops-security #github-actions #imposter-commit #mini-shai-hulud #supply-chain-attack

DirtyDecrypt: PoC Released for Linux Kernel Privilege Escalation Flaw

Proof-of-concept (PoC) exploit code has been released for "DirtyDecrypt" (also known as DirtyCBC), a Linux kernel vulnerability that allows local privilege escalation to root. The release marks the latest in a series of copy-on-write (COW) bypass vulnerabilities affecting the Linux kernel's memory management subsystem.

The Vulnerability

Discovered by the V12 security team, DirtyDecrypt stems from a missing COW guard in the rxgk_decrypt_skb component of the RxGK subsystem. RxGK is a security class for the RxRPC network protocol used by the Andrew File System (AFS) and OpenAFS, providing authentication, confidentiality, and integrity protection.

Due to the missing COW guard, oversized response authenticators are accepted, resulting in data being written to the memory of privileged processes or to the page cache of privileged files, such as SUID binaries.

Affected Systems

The vulnerability only affects distributions that have CONFIG_RXGK compiled in and enabled. This includes:

- Arch Linux - Fedora - openSUSE

In container platforms, all worker nodes running a vulnerable distribution could provide attackers with a path to escape the pod, making this a critical concern for Kubernetes and similar orchestration environments.

Connection to CVE-2026-31635

While the V12 team has not assigned a specific CVE identifier, Tharros Labs senior principal vulnerability analyst Will Dormann has linked the underlying issue to CVE-2026-31635 (CVSS 7.5), which was disclosed and patched on April 24, 2026, for mainline Linux builds.

Part of a Broader Pattern

DirtyDecrypt is a variant of several recently identified Linux kernel bugs that grant root access:

- Fragnesia (CVE-2026-46300): Affects the XFRM ESP-in-TCP subsystem, disclosed last week. - Dirty Frag (CVE-2026-43284/43500): Chains two flaws in xfrm-ESP and RxRPC components, actively exploited in the wild. - CopyFail: Disclosed in late April, enables modification of in-memory setuid-root binaries. Exploitation began shortly after disclosure.

Remediation

Patches were rolled out in April 2026. Administrators of affected distributions must:

- Update immediately to the latest kernel version - Verify CONFIG_RXGK status on all systems - Monitor for exploitation attempts, especially on container worker nodes - Consider disabling RxGK if AFS/OpenAFS is not in use

Reflection

The release of PoC code for DirtyDecrypt—following closely on the heels of Dirty Frag, CopyFail, and Fragnesia—signals a troubling trend: the Linux kernel's memory management subsystem is under intense scrutiny from attackers, and the window between disclosure and exploitation is shrinking.

For enterprises running containerized workloads on affected distributions, the risk is compounded. A single vulnerable worker node can become the beachhead for a full cluster compromise. The lesson is clear: kernel patches must be applied with urgency, and configurations that enable unnecessary subsystems (like RxGK) should be audited and disabled where possible.

#copy-on-write #cve-2026-31635 #cybersecurity #dirtydecrypt #linux-kernel #privilege-escalation #root-exploit #rpcgk

Critical Universal Robots Vulnerability Exposes Industrial Cobot Fleets to Remote Hijacking

Universal Robots has patched a critical vulnerability affecting its PolyScope 5 operating system that could allow attackers to remotely execute arbitrary commands on industrial cobots. The flaw, rated 9.8 out of 10 on the CVSS scale, exposes fleets of collaborative robots to complete compromise if left unpatched.

The Vulnerability: CVE-2026-8153

Tracked as CVE-2026-8153, the vulnerability is an OS command injection flaw in the Dashboard Server interface of PolyScope 5. The Dashboard Server accepts user-controlled input and passes it to the underlying operating system without proper neutralization of special elements, enabling unauthenticated attackers with network access to craft commands that execute directly on the robot's OS.

Universal Robots explained: "An unauthenticated attacker with network access to the Dashboard Server port can craft commands that are executed on the robot's operating system, leading to remote code execution and compromise of the controller with high impact to confidentiality, integrity, and availability."

Attack Requirements

Remote exploitation requires two conditions:

- The robot's Dashboard Server must be enabled in the UI - The Dashboard Server port must be reachable by the attacker

Universal Robots noted that their robots are not designed to be directly accessible from the Internet, and direct inbound access is typically prevented by corporate firewalls. However, this assumption of network isolation is increasingly fragile in modern industrial environments.

The OT Network Reality

Vera Mens, the Claroty security researcher who discovered and reported the vulnerability, highlighted a critical gap between vendor assumptions and real-world deployments:

"While many industrial robots lack a remote management interface, cobots made by Universal Robots have a control box with an Ethernet port that can be used on demand. Customers may use this option to deliver information to a central management unit, to use legacy field protocols such as MODBUS and EtherNet/IP to manipulate other OT equipment, or to control the cobot remotely."

Mens added: "Although these networks are generally not publicly exposed, they are often flat and lack proper segmentation; therefore, gaining an initial foothold may not be difficult."

Impact Escalation

The consequences of exploitation extend far beyond a single compromised robot:

- Single Cobot: Complete control of the robot's movements and operations, potentially posing physical hazards to human workers nearby. - Fleet Compromise: Lateral movement to other cobots and peripherals on the same network segment. - OT Equipment: The control box is a general-purpose Linux computer connected via Ethernet and serial ports to other equipment. Compromise can cascade to PLCs, sensors, and other industrial systems.

Remediation

Universal Robots has patched the vulnerability in PolyScope 5.25.1. Organizations must:

- Update immediately to PolyScope 5.25.1 or later - Disable the Dashboard Server if not actively used - Segment OT networks to isolate cobots from general IT infrastructure - Monitor network traffic for unauthorized access to robot controllers - Implement firewall rules to restrict access to Dashboard Server ports

Reflection

CVE-2026-8153 is a stark reminder that industrial robots are no longer isolated machines—they are networked Linux computers with physical actuation capabilities. The convergence of IT and OT means that a vulnerability in a cobot's software can have consequences far beyond data loss: it can cause physical damage, disrupt production lines, and endanger human workers.

For manufacturers and integrators, the lesson is unequivocal: network segmentation is not optional. Flat OT networks that allow unrestricted lateral movement between IT and OT assets are an invitation to disaster. As Industry 4.0 continues to blur the lines between digital and physical systems, security must be treated as a safety requirement—not an IT afterthought.

#cobot-security #command-injection #cve-2026-8153 #cybersecurity #industrial-robot #ot-security #polyscope #universal-robots

Trending Blogs

Recently Viewed Blogs

Definitely Tzar