A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted multiple nations surrounding the South China Sea, including Indonesia, Singapore, the Philippines, Cambodia, and Laos, […]
The National Security Agency (NSA), CISA, FBI, and international cybersecurity partners have released groundbreaking guidance to help internet service providers and network defenders combat bulletproof hosting providers. This new framework, published November 19, 2025, represents a coordinated effort to mitigate cybercriminal infrastructure that actively supports ransomware, data extortion, and other malicious activities targeting critical infrastructure and financial […]
A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea.
The campaign, which has been actively monitored since early 2025, demonstrates advanced persistent threat characteristics with a focus on nations including Laos, Cambodia, Singapore, the Philippines, and Indonesia.
The attack chain begins with a seemingly legitimate file named “Proposal_for_Cooperation_3415.05092025.rar” that exploits CVE-2025-8088, a path traversal vulnerability in WinRAR software.
The attackers employ a multi-stage infection process that showcases their technical expertise and strategic planning.
Initial compromise occurs through spear-phishing emails containing the malicious RAR archive, which automatically triggers the vulnerability when victims attempt to extract the contents.
This exploitation allows the threat actors to install a persistence script in the user’s startup folder using path traversal combined with an Alternative Data Stream technique.
CyberArmor security researchers identified this sophisticated operation while tracking sustained espionage activities targeting critical infrastructure and information sectors.
The campaign demonstrates a clear preference for DLL sideloading techniques throughout multiple stages of infection.
Governments and media organizations represent high-value targets because they directly influence policy decisions, shape public opinion, and determine international strategic alignment.
The WinRAR file will drop a batch file, which in turn will download the next (Source – CyberArmor)
The malicious campaign operates through four distinct stages, each designed to maintain persistence while avoiding detection by security products.
After the initial dropper executes, a batch script named “Windows Defender Definition Update.cmd” downloads additional payloads from Dropbox and establishes registry-based persistence.
The subsequent stages involve legitimate software components like OBS browser and Adobe Creative Cloud Helper being exploited to load malicious DLL files through search-order hijacking.
Technical Breakdown of the DLL Sideloading Mechanism
The DLL sideloading technique represents the core evasion strategy employed throughout this campaign. In Stage 2, the threat actors abuse a legitimate OBS open-source browser executable to automatically load a modified libcef.dll file.
This altered library executes malicious code while maintaining the appearance of normal software operation. The backdoor communicates with operators through Telegram using an encrypted bot token, providing three primary commands: shell execution, screenshot capture, and file upload capabilities.
Stage 3 continues the DLL sideloading approach by exploiting Adobe’s Creative Cloud Helper component. The legitimate “Creative Cloud Helper.exe” loads a malicious CRClient.dll file, which contains functionality to decrypt and execute the final backdoor payload stored as “Update.lib.”
The decryption process uses a simple XOR encoding technique, demonstrating that sophisticated encryption is not always necessary for successful operations.
The following code snippet shows the decryption function:-
// XOR decryption with hardcoded key
for (size_t i = 0; i < payload_size; i++) {
decrypted_data[i] = encrypted_data[i] ^ 0x3c;
}
The final backdoor provides comprehensive remote access capabilities through HTTPS communication with command-and-control servers located at public.megadatacloud[.]com and IP address 104.234.37[.]45.
Network traffic remains encrypted using XOR operations, making detection challenging for traditional security monitoring systems.
The backdoor supports eight distinct command operations, including command execution, DLL loading, shellcode execution, file manipulation, and a kill switch function that terminates operations after random intervals.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Rhadamanthys, a sophisticated information-stealing malware active since 2022, has drawn renewed attention from security researchers who recently published an in-depth analysis of its native loader component. The loader’s significance lies not in its capabilities but in the advanced obfuscation and evasion techniques it employs to evade detection by security tools and analysis environments. The Rhadamanthys […]
A dangerous vulnerability in ServiceNow’s Now Assist AI platform allows attackers to execute second-order prompt injection attacks via default agent configuration settings.
The flaw enables unauthorized actions, including data theft, privilege escalation, and exfiltration of external email, even with ServiceNow’s built-in prompt injection protection enabled.
The vulnerability stems from three default configurations that, when combined, create a dangerous attack surface. ServiceNow Assist agents are automatically assigned to the same team and marked as discoverable by default.
This enables inter-agent communication through the AiA ReAct Engine and Orchestrator components, which manage information flow and task delegation between agents.
ServiceNow AI Prompt Injection Attacks
Attackers exploit this by injecting malicious prompts into data fields that other agents will read when a safe agent encounters the compromised data.
It can be tricked into recruiting more powerful agents to execute unauthorized tasks on behalf of the highly privileged user who triggered the initial interaction.
In proof-of-concept demonstrations, Appomni researchers successfully performed Create, Read, Update, and Delete (CRUD) operations.
On sensitive records and sent external emails containing confidential data, all while avoiding existing security protections.
The attack succeeds primarily because agents execute with the privileges of the user who initiated the interaction, not the user who inserted the malicious prompt.
A low-privileged attacker can therefore leverage administrative agents to bypass access controls and access data they would otherwise be unable to reach.
Appomni advises organizations using ServiceNow to immediately implement these protective measures: Enable Supervised Execution Mode: Configure powerful agents performing CRUD operations or email sending to require human approval before executing actions.
Disable Autonomous Overrides: Ensure the sn_aia.The enable_usecase_tool_execution_mode_override system property remains set to false.
Segment Agent Teams: Separate agents into distinct teams based on function, preventing low-privilege agents from accessing powerful ones.
Monitor Agent Behavior: Deploy real-time monitoring solutions to detect suspicious agent interactions and deviations from expected workflows.
ServiceNow confirmed that these behaviors align with the intended functionality but updated the documentation to clarify configuration risks. Security teams must prioritize auditing their AI agent deployments immediately to prevent exploitation of these default settings.
Cline is an open-source AI coding agent with 3.8 million installs and over 52,000 GitHub stars. Contains four critical security vulnerabilities that enable attackers to execute arbitrary code and exfiltrate sensitive data through malicious source code repositories.
Mindgard researchers discovered the flaws during an audit of the popular VSCode extension, which supports Claude Sonnet and the free Sonic model.
The vulnerabilities stem from inadequate prompt-injection protections during Cline’s analysis of source code files. Attackers can embed malicious instructions in Python, Markdown, and shell scripts to override the agent’s safety guardrails.
Notably, exploitation requires nothing more than opening a compromised repository and requesting analysis.
Mindgard reports that all vulnerabilities were disclosed to the vendor before publication, though the team did not respond to repeated coordination attempts.
Cline AI Coding Agent Vulnerabilities
DNS-based Data Exfiltration allows attackers to leak sensitive API keys and environment variables. By hiding instructions in code comments, attackers can trick Cline into running ping commands that embed system information in DNS requests sent to their own servers.
.clinerules Arbitrary Code Execution exploits Cline’s custom rules system. Attackers place malicious Markdown files in a project’s .clinerules directory.
To force all execute_command operations to run with requires_approval=false, bypassing user consent mechanisms and enabling silent code execution.
The TOCTOU Vulnerability uses time-of-check-time-of-use logic to gradually modify shell scripts across multiple analysis requests.
An attacker can first add harmless code to a script, then later change it to add harmful code while the background task is still running.
Information Leakage reveals the underlying model infrastructure through error messages, exposing that the Sonic model is powered by grok-4.
Cline’s development team implemented mitigations in version 3.35.0, including enhanced prompt injection detection.
Mindgard researchers note the vendor’s delayed response raises concerns about the velocity of LLM agent exploitation relative to security remediation timelines.
The findings underscore that system prompts are not harmless configuration files but core security boundaries.
As AI agents become integral development tools, securing the intersection of language, tools, and code execution remains critically underdeveloped.
Critical security vulnerabilities discovered in Ollama, one of GitHub’s most popular open-source projects with over 155,000 stars, could allow attackers to execute arbitrary code on vulnerable systems. The flaws affect Ollama versions before 0.7.0, putting countless AI enthusiasts and developers who use the platform to run large language models locally at risk. Understanding the Vulnerability […]
Cybersecurity researchers have reported active exploitation of a critical vulnerability in 7-Zip, the popular file compression software used by millions worldwide. The flaw, tracked as CVE-2025-11001, poses serious risks as attackers are leveraging it to execute malicious code remotely on vulnerable systems. Vulnerability Details CVE ID Vulnerability Type CVSS Score Affected Product CVE-2025-11001 File Parsing […]
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef.
The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign, per the
Hackers have unleashed over 2.3 million malicious sessions against Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025, according to threat intelligence firm GreyNoise.
This surge, which intensified dramatically within 24 hours to reach a 40-fold increase, represents the highest activity level in the past 90 days and underscores growing risks to remote access systems worldwide.
The attacks primarily target the /global-protect/login.esp URI on Palo Alto PAN-OS and GlobalProtect platforms, focusing on brute-force login attempts that could expose corporate networks to unauthorized access.
GreyNoise researchers noted the rapid buildup starting last week, with activity peaking as organizations rely heavily on these VPNs for secure remote work. This campaign not only threatens data breaches but also highlights persistent vulnerabilities in widely used network security tools.
Surge Linked to Coordinated Threat Actors
GreyNoise has uncovered strong ties between this Palo Alto assault and earlier malicious campaigns, attributing them with high confidence to overlapping threat actors.
Key indicators include consistent TCP and JA4t fingerprints across incidents, shared infrastructure via recurring Autonomous System Numbers (ASNs), and synchronized timing in activity spikes.
These patterns suggest a sophisticated, possibly state-sponsored or cybercrime operation iterating on proven tactics to probe for weaknesses in enterprise defenses.
The infrastructure behind the attacks is highly concentrated, with 62% of sessions originating from AS200373 (3xK Tech GmbH), a German company, forming the campaign’s backbone.
An additional 15% traces to the same ASN but is routed through Canadian clusters, indicating distributed hosting to evade detection. Secondary contributions come from AS208885 (Noyobzoda Faridduni Saidilhom), reinforcing a coordinated footprint that spans continents.
Targets appear geographically focused, with the United States, Mexico, and Pakistan each facing roughly equal volumes of login probes. This distribution may reflect attackers prioritizing high-value regions or leveraging stolen credential lists from diverse sources.
For defensive hunting, GreyNoise highlighted two JA4t fingerprints covering all observed activity: 65495_2-4-8-1-3_65495_7 and 33280_2-4-8-1-3_65495_7.
Indicator Type
Value
ASN (Primary)
AS200373 (3xK Tech GmbH)
ASN (Secondary)
AS208885 (Noyobzoda Faridduni Saidilhom)
JA4t Fingerprint 1
65495_2-4-8-1-3_65495_7
JA4t Fingerprint 2
33280_2-4-8-1-3_65495_7
Target URI
/global-protect/login.esp
This incident echoes historical patterns observed by GreyNoise, where spikes in Fortinet VPN brute-force attacks often precede vulnerability disclosures within six weeks, a trend first noted in July 2025.
Similar surges hit Palo Alto portals in April and October 2025, prompting advisories and linked to broader campaigns against Cisco and Fortinet devices.
Organizations should audit exposed GlobalProtect portals, enforce multi-factor authentication, and monitor for these indicators to prevent potential exploits.
As remote access remains a prime vector for ransomware and espionage, this 2.3 million-attack wave serves as a stark reminder for enterprises to harden VPN configurations amid rising threat sophistication.
.webp)
