In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performance metrics, and specialized attack teams. The leaked materials provide an unprecedented window into how this Islamic Revolutionary Guard Corps Intelligence […]
NVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system access to execute arbitrary code, escalate privileges, and tamper with sensitive data, potentially compromising robotic systems and their underlying infrastructure. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, affect all versions […]
A massive supply chain attack targeting the NPM accounts of automation giant Zapier and the Ethereum Name Service (ENS).
Identified by Aikido Security, the campaign is being orchestrated by the same threat actors responsible for the “Shai Hulud” self-propagating worm that first surfaced in September.
This latest wave, self-titled “Shai Hulud: The Second Coming,” has compromised multiple core packages and created over 19,000 public repositories containing stolen credentials.
The threat actor behind this campaign has pivoted from previous targets to inject malicious code directly into widely used dependencies within the Zapier and ENS ecosystems.
Unlike typical static malware, this attack uses a self-propagating worm that can rapidly expand. Once a developer installs an infected package, the malware activates to harvest sensitive secrets, including NPM tokens, GitHub Personal Access Tokens (PATs), and cloud infrastructure keys.
These stolen credentials are then immediately utilized to spread the infection further, creating a cascading effect across the open-source community. The speed of this propagation is alarming, with the impact surpassing the actor’s initial September campaign within just five hours of detection.
Data Exfiltration Tactics
The primary objective of this attack appears to be maximum disruption and data exposure. The malware employs TruffleHog, a tool designed to hunt for secrets, to exfiltrate sensitive data from infected environments.
The attackers are not just keeping these credentials to themselves. They are also sharing them publicly on GitHub in repositories with descriptive titles “Shai Hulud: The Second Coming.”
This public exposure exponentially increases the risk, as it allows other opportunistic threat actors to weaponize the exposed keys before organizations can rotate them, Aikido Security said to Cybersecurity News.
The sheer volume of created repositories suggests a highly automated execution meant to overwhelm security teams and incident responders.
The following packages have been confirmed as compromised and should be considered actively malicious.
Ecosystem
Package Name
Status
Zapier
zapier-platform-core
Infected / Malicious
Zapier
zapier-platform-cli
Infected / Malicious
Zapier
zapier-platform-schema
Infected / Malicious
Zapier
@zapier/secret-scrubber
Infected / Malicious
ENS
@ensdomains/ens-validation
Infected / Malicious
ENS
@ensdomains/content-hash
Infected / Malicious
ENS
ethereum-ens
Infected / Malicious
ENS
@ensdomains/react-ens-address
Infected / Malicious
ENS
@ensdomains/ens-contracts
Infected / Malicious
ENS
@ensdomains/ensjs
Infected / Malicious
ENS
@ensdomains/ens-archived-contracts
Infected / Malicious
ENS
@ensdomains/dnssecoraclejs
Infected / Malicious
Organizations utilizing any of the listed packages must assume a full compromise of their development environments. Security teams are urged to immediately rotate all GitHub, NPM, and cloud credentials to prevent unauthorized access.
It is critical to audit all dependencies and specifically scan GitHub organizations and employee accounts for repositories matching the “Shai Hulud” description.
To halt further spread, DevOps teams should temporarily disable NPM postinstall scripts in CI/CD pipelines where possible and enforce Multi-Factor Authentication (MFA) for all package maintainers.
Locking dependency versions and utilizing tools like SafeChain can help block the automatic execution of this malware while the ecosystem recovers.
Indicator Type
Value / Description
Repo Name Pattern
Shai Hulud: The Second Coming
Malware Behavior
Automated execution of TruffleHog for secret scanning
Zapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently distributed across the npm ecosystem. The attack represents a significant supply chain threat, with the affected packages collectively generating approximately 132 million monthly downloads across critical infrastructure and development tools. The malware-laden packages span multiple […]
The Linux kernel development team has released version 6.18-rc7, marking another step toward the final 6.18 release expected next weekend. According to kernel maintainer Linus Torvalds, the release cycle remains on track despite a minor setback in the previous version that required immediate attention. What’s New in rc7 The release candidate includes a more modest […]
Cybersecurity researchers have uncovered a sophisticated Python-based malware that employs process injection techniques to hide inside legitimate Windows binaries.
This threat represents a new evolution in fileless attack strategies, combining multi-layer obfuscation with trusted system utilities to evade detection.
The malware’s ability to masquerade as harmless files while deploying a full Python runtime environment marks a significant advancement in delivery mechanisms that challenge traditional security approaches.
During a routine analysis at K7 Labs, security researchers identified this novel threat that uses a 65 MB blob containing mostly filler data with a small valid marshalled .pyc fragment hidden at the end.
This fragment contains the actual malicious code designed to inject processes into legitimate Windows executables.
The sample demonstrates several advanced features including multi-layer encoding, archive type masquerading, and bundling of a Python runtime with a signed executable name that appears legitimate to casual observation.
K7 Labs security analysts noted that the malware’s impact extends beyond initial infection, establishing persistent command-and-control communications that continue even after the original loader terminates.
The infection chain begins with a PE dropper that reconstructs a batch script through runtime decryption using SIMD operations.
This script drops config.bat into the public user directory, which then downloads a file disguised as a PNG image from cloud storage.
In reality, this PNG file is a RAR archive—a simple but effective trick that bypasses security filters treating image files as harmless.
The batch script extracts this archive using the built-in tar command, revealing three components: AsusMouseDriver.sys (a password-protected RAR disguised as a system file), Interput.json (renamed to Install.bat), and a legitimate WinRAR executable used for further extraction.
Execution Flow Chart (Source – K7 Labs)
Once executed, the Python interpreter processes command-line arguments “dcconsbot” and “dcaat” to trigger a sophisticated de-obfuscation chain through Base64 decoding, BZ2 decompression, Zlib decompression, and finally marshal loading to reconstruct the compiled Python bytecode in memory.
This code immediately targets cvtres.exe, a legitimate Microsoft resource conversion utility, for process injection.
Infection Mechanism Deep Dive
The core infection mechanism leverages a carefully orchestrated multi-stage extraction process that demonstrates the attackers’ deep understanding of Windows internals and security tool behaviors.
After the initial PE dropper executes, the config.bat script establishes C:\DragonAntivirus as a working directory before downloading the disguised archive.
The Install.bat script then renames the bundled WinRAR executable and uses it to extract the password-protected AsusMouseDriver.sys archive with a hardcoded password into C:\Users\Public\WindowsSecurityA.
This directory contains the fake ntoskrnl.exe (actually a bundled Python runtime) and the Lib\image blob containing the obfuscated payload.
Deobfuscated content (Source – K7 Labs)
A decoy PDF opens to distract users while malicious code executes silently, parsing the image file through the layered de-obfuscation routine before injecting into cvtres.exe and establishing encrypted C2 communications.
The malware’s ability to hide within legitimate Microsoft processes while maintaining encrypted communications channels makes it particularly dangerous for enterprise environments where traditional signature-based detection may fail to identify the threat.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The rapid proliferation of large language models has transformed how organizations approach automation, coding, and research. Yet this technological advancement presents a double-edged sword: threat actors are increasingly exploring how to weaponize these tools for creating next-generation, autonomously operating malware. Recent research from Netskope Threat Labs reveals that GPT-3.5-Turbo and GPT-4 can be manipulated to […]
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China.
“We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it
A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.
By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.
This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.
When placed closely together, the kerning between ‘r’ and ‘n’ often mimics the structure of the letter ‘m’, fooling the brain into autocorrecting the error.
Harley Sugarman, CEO of Anagram, recently highlighted this specific vector, noting that the emails often mirror the official logo, layout, and tone of legitimate Microsoft correspondence.
Visual Deception to Steal Logins
The effectiveness of this attack vector lies in its subtlety. On high-resolution desktop monitors, the discrepancy might be visible to a keen observer, but the brain’s tendency to predict text often masks the anomaly.
The threat becomes even more acute on mobile devices, where screen real estate is limited, and the address bar often truncates the full URL. Attackers exploit this by registering these look-alike domains to facilitate credential phishing, vendor invoice scams, and internal HR impersonation campaigns.
Once the user is convinced the email is from a trusted entity, they are more likely to click on malicious links or download weaponized attachments.
The “rn” swap is just one of several variations attackers use. Other common tactics include swapping the letter ‘o’ for a zero or adding hyphens to legitimate brand names to create a sense of authenticity.
Defending against these homoglyph and typosquatting attacks requires a shift in user behavior rather than relying solely on automated filters. Security experts advise that users must expand the full sender address before interacting with any unsolicited email.
Hovering over hyperlinks to reveal the actual destination URL or long-pressing the link on mobile devices can expose the deception before a connection is made.
Furthermore, analyzing email headers, specifically the “Reply-To” field, can reveal if a scammer is routing responses to an external, uncontrolled inbox.
In scenarios involving unexpected password reset requests, the safest course of action is to ignore the email link entirely and navigate directly to the official service via a new browser tab.
Organizations are encouraged to rehearse these identification scenarios to stop teams from reflexively clicking on familiar-looking notifications.
Common Typosquatting Variations
Technique
Visual Example
Deception Method
Letter Combination
rnicrosoft(.)com
Uses ‘r’ and ‘n’ to mimic ‘m’.
Number Swapping
micros0ft(.)com
Replaces the letter ‘o’ with the number ‘0’.
Hyphenation
microsoft-support(.)com
Adds legitimate-sounding subdomains or suffixes.
TLD Switching
microsoft(.)co
Uses a different Top Level Domain (dropping the ‘m’).
A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending maliciously crafted prompt embeddings.
The vulnerability resides in the tensor deserialization process within vLLM’s entrypoints/renderer.py at line 148.
When processing user-supplied prompt embeddings, the system loads serialized tensors using torch.load() without adequate validation checks.
The Vulnerability Explained
A change introduced in PyTorch 2.8.0 disabled sparse tensor integrity checks by default, creating an attack vector for malicious actors.
Without proper validation, attackers can craft tensors that bypass internal bounds checks, triggering an out-of-bounds memory write during the to_dense() conversion.
This memory corruption can cause the vLLM server to crash and potentially enable arbitrary code execution within the server process.
This vulnerability affects all deployments running vLLM as a server, particularly those deserializing untrusted or model-provided payloads.
Any user with API access can exploit this flaw to achieve denial-of-service conditions and potentially gain remote code execution capabilities.
The attack requires no special privileges, making it accessible to both authenticated and unauthenticated users, depending on the API configuration.
Organizations using vLLM in production environments, cloud deployments, or shared infrastructure face significant risk, as successful exploitation could compromise the entire server and adjacent systems.
The vLLM project has addressed this vulnerability in pull request #27204. Users should immediately upgrade to the patched version.
As a temporary mitigation, administrators should restrict API access to trusted users only and implement input validation layers that inspect prompt embeddings before they reach the vLLM processing pipeline.
The vulnerability was discovered and responsibly disclosed by the AXION Security Research Team, highlighting the importance of coordinated vulnerability disclosure in the AI infrastructure ecosystem.
.png)
.png)