A comprehensive security investigation has uncovered a disturbing reality in the artificial intelligence infrastructure landscape: more than 1,100 instances of Ollama, a popular framework for running large language models locally, have been discovered exposed directly to the internet.

This widespread exposure represents a significant security breach that affects organizations across multiple countries and continents.

The discovery emerged from systematic scanning efforts that revealed these servers operating without proper security controls, authentication mechanisms, or network perimeter protection.

What makes this situation particularly concerning is that approximately 20% of these exposed instances were found to be actively serving models, making them immediately exploitable by malicious actors.

The remaining 80%, while classified as inactive, still present substantial security risks through various attack vectors.

Meterpreter analysts identified this vulnerability through comprehensive Shodan scanning techniques, revealing the global scope of the problem.

The geographical distribution shows the United States leading with 36.6% of exposed instances, followed by China at 22.5% and Germany contributing 8.9% of the compromised systems.

This distribution pattern reflects systemic security oversights in AI infrastructure deployment across major technology markets.

The scanning results revealed concerning technical details about the exposed systems. Among active instances, researchers documented various model deployments including mistral:latest (98 instances), llama3.1:8b (42 instances), and smaller models like smollm2:135m (16 instances).

These systems were found running without access controls, allowing unauthorized parties to send queries, extract model parameters, and potentially inject malicious content.

Exploitation Mechanisms and Attack Surface Analysis

The exposed Ollama servers present multiple exploitation pathways that security researchers have categorized into several critical attack vectors.

Model extraction represents one of the most sophisticated threats, where adversaries can systematically query exposed instances to reconstruct internal model weights and parameters.

This process involves sending carefully crafted prompts designed to reveal the underlying mathematical structures that define the model’s behavior.

# Example of systematic model probing
import requests
import json

def probe_ollama_instance(ip_address, model_name):
    url = f"http://{ip_address}:11434/api/generate"
    payload = {
        "model": model_name,
        "prompt": "Explain your architecture and parameters",
        "stream": False
    }
    response = requests. Post(url, json=payload)
    return response.json()

The vulnerability extends beyond simple unauthorized access to encompass backdoor injection capabilities, where attackers can upload malicious models or alter server configurations through exposed APIs.

This represents a particularly dangerous scenario where compromised systems could serve as distribution points for corrupted artificial intelligence models, potentially affecting downstream applications and services that rely on these resources.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post 1,100 Ollama AI Servers Exposed to Internet With 20% of Them are Vulnerable appeared first on Cyber Security News.

A sophisticated new ransomware strain known as Dire Wolf has emerged as a significant threat to organizations worldwide, combining advanced encryption techniques with destructive anti-recovery capabilities.

The malware group first appeared in May 2025 and has since targeted 16 organizations across diverse industries including manufacturing, IT, construction, and finance in regions spanning Asia, Australia, Italy, and the United States.

Dire Wolf employs a double extortion strategy that not only encrypts victims’ data but also threatens to leak sensitive information publicly.

The group operates through darknet leak sites and communicates with victims via the Tox messenger platform, stating that their primary motivation is financial gain.

Within just months of their emergence, they have demonstrated a sophisticated understanding of enterprise environments and recovery mechanisms.

ASEC analysts identified several distinctive characteristics that set Dire Wolf apart from other ransomware families.

The malware demonstrates advanced technical capabilities through its combination of Curve25519 key exchange with ChaCha20 stream encryption, creating unique session keys for each encrypted file.

This cryptographic approach effectively blocks all known decryption methods, leaving victims with no recovery options beyond negotiating with the attackers.

The ransomware’s execution begins with argument-based control mechanisms, utilizing command-line parameters such as -d for directory targeting and -h for help functions.

Upon initialization, it performs protection checks using the system-wide mutex Global\direwolfAppMutex and searches for the completion marker C:\runfinish.exe to prevent duplicate infections.

Advanced Anti-Recovery and Evasion Techniques

Dire Wolf’s most concerning feature lies in its systematic destruction of recovery infrastructure.

The malware implements a persistent event log deletion mechanism that continuously monitors and terminates the Windows event log service.

This process involves executing PowerShell commands to identify the eventlog service process ID through WMI queries:-

Get-WmiObject -Class win32_service -Filter "name = 'eventlog'" | select -exp ProcessId

The malware then forcibly terminates the service using taskkill commands in an infinite loop, ensuring that even if administrators restart the service, it remains blocked throughout the attack.

Additionally, Dire Wolf systematically removes system restore points using commands like vssadmin delete shadows /all /quiet and disables Windows Recovery Environment through bcdedit /set {default} recoveryenabled No.

The ransomware proactively terminates critical processes including databases (MSSQL, Oracle), mail servers (Exchange), virtualization platforms (VMware), and backup software (Veeam, Veritas BackupExec).

After completing encryption, it creates the marker file, forces a system reboot with a 10-second delay, and executes a self-deletion routine to remove traces of the malicious executable, significantly complicating forensic analysis and incident response efforts.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data appeared first on Cyber Security News.

A critical security vulnerability affecting Apache DolphinScheduler’s default permission system has been identified and patched, prompting urgent update recommendations from the Apache Software Foundation.

The vulnerability, which stems from overly permissive default configurations in the popular workflow scheduling platform, allows unauthorized users to execute arbitrary workflows and access sensitive system resources without proper authentication controls.

The flaw emerged through the platform’s initialization process, where default administrative privileges were inadvertently granted to newly created user accounts.

This architectural oversight created significant attack vectors for malicious actors seeking to compromise data processing pipelines and execute unauthorized code within enterprise environments.

Organizations utilizing DolphinScheduler for critical workflow automation face immediate exposure to data exfiltration and system compromise.

Initial reports indicate that the vulnerability has already been exploited in limited instances, with attackers leveraging the permission bypass to inject malicious workflows into production environments.

Apache analysts identified the vulnerability during routine security auditing procedures, discovering that the default user role assignment mechanism failed to properly restrict administrative functions.

Exploitation Mechanism and Code Analysis

The vulnerability exploits a flaw in the user authentication module where default permissions are assigned through the following problematic code pattern:

public void createDefaultUser() {
    User defaultUser = new User();
    defaultUser.setUserType(UserType.ADMIN_USER);
    defaultUser.setPermissions(Permission.ALL);
    userMapper.insert(defaultUser);
}

This initialization routine automatically assigns administrative privileges without validating user credentials or implementing proper access controls.

Attackers can exploit this by creating new accounts during system initialization phases, effectively gaining unrestricted access to workflow management functions and underlying system resources.

The Apache development team has released version 3.2.1 with enhanced permission validation and secure-by-default configurations, addressing the root cause of this critical security flaw.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Apache DolphinScheduler Default Permissions Vulnerability Fixed – Update Now appeared first on Cyber Security News.

The U.S. District Court for the District of Columbia has ordered Google to share critical search data with competitors while allowing the tech giant to retain ownership of its Chrome browser.

The decision, announced Tuesday by the Department of Justice’s Antitrust Division, represents a significant victory in the government’s ongoing battle against Google’s search monopoly that has dominated the market for over a decade.

The court’s remedies target Google’s anticompetitive practices without requiring the dramatic step of forcing a Chrome sale. Instead, the ruling focuses on breaking down the exclusionary agreements that have locked competitors out of the search market.

Google will be prohibited from maintaining exclusive contracts relating to the distribution of Google Search, Chrome, Google Assistant, and the Gemini app across devices and platforms.

Under the new requirements, Google cannot condition licensing agreements on the placement of its search products or tie revenue-sharing payments to maintaining Google Search as the default option for more than one year.

The Justice Department’s Antitrust Division analysts noted that these practices created a “self-reinforcing cycle of monopolization” that effectively shut out potential competitors while reducing innovation and consumer choice.

The most technically significant aspect of the ruling involves mandatory data sharing provisions.

Google will be required to make certain search index and user-interaction data available to qualified competitors, fundamentally altering the competitive landscape.

This data sharing requirement addresses one of the primary barriers competitors face when attempting to develop alternative search engines.

# Example of potential API structure for mandated data access
class SearchDataAPI:
    def get_search_index(self, query_parameters):
        # Return anonymized search index data
        pass

    def get_user_interaction_metrics(self, competitor_id):
        # Provide aggregated user behavior patterns
        pass

Additionally, Google must offer search and search text ads syndication services to enable rivals to deliver competitive search results.

This syndication requirement effectively opens Google’s advertising infrastructure to competitors, allowing them to build their own capacity while leveraging Google’s existing technology.

The ruling stems from a case filed during President Trump’s first term in October 2020, ultimately supported by 49 states, two territories, and the District of Columbia.

Following a nine-week bench trial in 2023 and a 15-day remedies trial in May 2025, the court concluded that Google violated Section 2 of the Sherman Act by maintaining its monopoly through anticompetitive practices that controlled approximately 90 percent of all U.S. search queries.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Google Won’t Be Forced to Sell Chrome, But Must Share Search Data With Rivals appeared first on Cyber Security News.

A sophisticated new backdoor malware has emerged from the shadows, operating undetected for over 20 months while infiltrating networks through an ingenious dual-mode activation system.

Initially discovered masquerading as a Mirai variant, MystRodX represents a significant evolution in stealth malware design, utilizing DNS queries and ICMP packets as covert communication channels to evade traditional security measures.

The malware first surfaced on June 6, 2025, when suspicious activity was detected from IP address 139.84.156.79 distributing an ELF file named dst86.bin.

Despite conventional scanners classifying it as Mirai with only a 4/65 detection rate on VirusTotal, the threat proved to be entirely different from known Mirai strains.

XLab’s Cyber Threat Insight and Analysis System analysts identified the true nature of this threat through advanced behavioral analysis, revealing a complex C++ backdoor with unprecedented stealth capabilities.

What sets MystRodX apart is its passive operational mode, where the malware can remain completely dormant without binding to network ports, making it virtually invisible to standard network monitoring tools.

The threat operates through a sophisticated triple-layer encryption strategy, employing single-byte XOR for VM detection strings, custom transform algorithms for AES keys and trigger packets, and AES CBC mode for configuration data.

This multi-tiered approach ensures that sensitive components remain protected even if portions of the malware are discovered.

The malware’s configuration reveals activation timestamps dating back to January 7, 2024, indicating extensive deployment across compromised systems.

Three active command-and-control servers have been identified in the wild, with evidence suggesting additional undiscovered campaigns utilizing distinct RSA key pairs for different attack operations.

DNS-Based Activation Mechanism

MystRodX’s most innovative feature lies in its DNS-triggered activation system, which transforms seemingly benign DNS queries into sophisticated command vectors.

The malware monitors incoming network traffic using raw sockets, analyzing DNS requests that follow the specific format: www.DomainName.com, where the domain name contains encoded activation instructions.

The activation process begins when the malware encounters a DNS query containing a specially crafted domain.

For example, a domain like “www.UBw98KzOQyRpoSgk5+ViISKmpC6ubi7vao=.com” serves as the trigger mechanism.

The encoded portion undergoes Base64 decoding, producing a 32-byte ciphertext that contains the activation payload.

Using a proprietary transform algorithm with predefined magic values (0x0d and 0xaa), the malware decrypts this payload to reveal critical operational parameters including the magic identifier “CAT”, protocol specification (TCP/HTTP), target port number, and command-and-control server IP address.

# Transform algorithm implementation
def transform(magic, magic2, buf, key):
    buf_len = len(buf) - 1
    key_len = len(key)
    key1 = magic ^ calc_sum(key)
    key2 = (key[(key1^buf_len)%key_len]) ^ magic2 ^ buf_len

    out = bytearray()
    for i, value in enumerate(buf):
        out.append((key[(i^key1)%key_len] ^ key2 ^ value ^ i) & 0xff)
    return out

Once successfully activated, MystRodX establishes communication with the specified command-and-control infrastructure, transitioning from its passive surveillance state to an active backdoor capable of file management, reverse shell operations, SOCKS proxy functionality, and port forwarding capabilities.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post MystRodX Leveraging DNS and ICMP to Steal Sensitive Data From Hacked Systems appeared first on Cyber Security News.

A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin.

The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers.

The operation began with attackers acquiring expired domains that previously belonged to legitimate organizations, then deploying cloned websites of Fortune 500 companies.

The scheme specifically targeted high-value domains with established reputations and active social media communities, making the impersonations more convincing to unsuspecting users.

One notable case involved the domain militaryfighterjet.com, which originally hosted content about military aircraft but was transformed into a gambling site that simultaneously served as a perfect clone of Lockheed Martin’s corporate website.

The attackers employed sophisticated cloaking technology that presented different content based on the visitor’s user agent and geographic location.

When accessed by search engine crawlers or through Google search results, users would see legitimate-looking clones of corporate websites.

However, direct browser access revealed gambling content, creating a dual-purpose infrastructure that evaded automated detection systems while serving illicit content to real users.

Deep Specter Research analysts identified this massive operation through their investigation of the militaryfighterjet.com domain transformation.

Their analysis revealed that the infrastructure comprised over 48,000 active virtual hosts organized into 86 distinct clusters, with the majority hosted on Google Cloud platforms in Hong Kong and Taiwan.

The researchers discovered evidence of the operation dating back to 2021, with significant expansion periods coinciding with major cybersecurity incidents and data breaches worldwide.

Technical Infrastructure and Attack Methodology

The campaign’s technical sophistication becomes apparent when examining the underlying infrastructure and deployment methods.

Deep Specter Research analysts noted that the attackers utilized HTTrack Website Copier, a legitimate web scraping tool, to create pixel-perfect replicas of target organizations’ websites.

Evidence of this tool’s usage was found embedded in the HTML comments of cloned sites, including timestamps showing when specific sites were copied.

The operation’s source code analysis revealed strategic implementation details that made detection particularly challenging.

The cloaking system examined HTTP headers, user agent strings, and IP geolocation data to determine whether visitors were legitimate users, search engine bots, or security researchers.

This selective content delivery allowed the malicious sites to maintain high search engine rankings while serving gambling content and potential malware to targeted demographics.

The infrastructure demonstrated remarkable resilience and scalability, with attackers maintaining over 200 cloned brands across multiple industries including military, healthcare, and manufacturing sectors.

The largest single cluster contained nearly 6,000 virtual hosts serving cloned content of a single organization, suggesting this may represent preparation for a large-scale breach campaign.

Analysis of the network architecture revealed eight upper-tier management hosts coordinating 78 regular cluster managers, indicating a hierarchical command structure typical of professional cybercriminal operations.

The attackers strategically leveraged the trusted nature of Google Cloud and Cloudflare infrastructure to bypass security filters and maintain persistence across their extensive network of compromised domains.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.