Triaging the Week 094
AI-powered malware and autonomous code-fixing agents, state-sponsored attacks, critical vulnerabilities, and sophisticated fraud networks
Hello there 👋
Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week's top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top News Stories
OpenAI Unveils Aardvark: A GPT-5 Agent That Autonomously Finds and Fixes Code Flaws
OpenAI has introduced “Aardvark,” an autonomous AI security agent powered by GPT-5, designed to help developers and security teams automatically discover, validate, and patch vulnerabilities at scale. The new tool, currently in private beta, integrates directly into the software development pipeline to provide continuous code analysis.
Key takeaways:
🤖 Autonomous Agent: Aardvark acts as an “agentic security researcher,” using GPT-5’s reasoning to analyze code repositories, understand security objectives, and monitor new code commits for potential flaws.
🛡️ Sandbox Validation: To reduce false positives, Aardvark attempts to exploit suspected vulnerabilities in an isolated sandbox environment to confirm they are real-world risks before reporting.
💡 Automated Patching: Upon confirming a vulnerability, the agent leverages OpenAI Codex to generate a targeted patch, which is then provided to developers for review and one-click application.
📈 Proven Effectiveness: In benchmark tests, Aardvark has successfully identified 92% of known and synthetically introduced vulnerabilities, and it has already been used to identify at least 10 new CVEs in open-source projects.
🌐 Proactive Defense: This tool represents a major shift towards “defender-first” security, aiming to strengthen security and patch flaws early in the development cycle without slowing innovation.
UPenn Breach Alert: Hacker Claims 1.2M Donor & Alumni Records Stolen
A hacker claims to have infiltrated the University of Pennsylvania’s network, exfiltrating a massive 1.2 million-record database of donor, student, and alumni information. The attackers leveraged compromised access to critical systems to steal sensitive data before sending offensive mass emails to the university community.
Key takeaways:
🔒 High-Value Data Targeted: The breach aimed explicitly at the “vast” and “wealthy” donor database, reportedly accessing sensitive data including donation history and estimated net worth.
🌐 Compromised Cloud Access: Attackers allegedly used a connected Salesforce Marketing Cloud account to send mass emails to ~700,000 recipients, demonstrating a significant third-party platform risk.
🛡️ Lateral Movement: The hacker claims to have gained access to a wide range of core systems, including the VPN, Salesforce, SAP, and Qlik analytics, highlighting a critical need for network segmentation.
📢 Reputational & Data Threat: This incident poses a dual threat: not only was sensitive data allegedly stolen, but the attackers also exploited their access to cause significant reputational harm through offensive emails.
💡 Single Point of Failure: This attack underscores the immense risk from a single compromised account and the necessity of stringent multi-factor authentication (MFA) and access controls.
ASD Issues Urgent Warning: “BADCANDY” Malware Actively Exploiting Critical Cisco Flaw
The Australian Signals Directorate (ASD) has released a high-priority bulletin regarding an ongoing attack campaign deploying a new implant known as “BADCANDY.” These attacks target unpatched Cisco IOS XE devices by exploiting a critical (10.0 CVSS) vulnerability to gain complete, unauthenticated control of systems.
Key takeaways:
🚨 Critical Vulnerability: The core of the attack is the exploitation of CVE-2023-20198, a flaw in the Cisco IOS XE web UI that allows a remote attacker to create a privileged user account.
🔒 New Malware Implant: “BADCANDY” is the name of the new malware being installed post-compromise, which allows attackers to maintain persistence and control over the network device.
🌐 Active & Widespread Exploitation: This vulnerability has been actively exploited in the wild, with China-linked actors previously leveraging it. The ASD notes hundreds of devices in Australia are estimated to have been compromised by BADCANDY in recent months.
🛡️ Attacker Goal: By gaining privileged access, attackers can seize full control of the network, monitor traffic, and move laterally into connected systems.
Hackers Breach Freighters Using RMM Tools to Steal High-Value Cargo
Threat actors are infiltrating maritime logistics networks by deploying legitimate Remote Monitoring and Management (RMM) tools. This stealthy access allows them to track and physically intercept high-value cargo shipments, blending cyber intrusion with real-world theft.
Key takeaways:
💻 Legit Tools as Weapons: Attackers are using legitimate RMM software to gain persistent, often undetected, access to logistics systems after an initial breach (likely phishing).
🎯 Targeted Industry: The campaign specifically targets the shipping and freight industry, aiming to compromise employees with access to cargo manifests and tracking information.
📦 Cyber-to-Physical Theft: This isn’t just data theft. Hackers monitor shipping data to identify valuable goods, then manipulate schedules or pickup details to steal the physical cargo.
🛡️ Evasion by Design: By utilizing trusted RMM tools, attackers can bypass many traditional security solutions that are configured to allow these applications, making detection more difficult.
🔒 Mitigation: Organizations must strictly control and monitor all RMM software, enforce multi-factor authentication (MFA), and train employees to spot the phishing lures used for initial access.
Fake ‘Solidity’ VS Code Extension on Open VSX Backdoors Developers
A malicious Visual Studio Code extension named “Solidity,” discovered on the Open VSX marketplace, is actively stealing credentials and deploying backdoors on developers’ systems. The trojanized extension impersonates a legitimate and popular tool for Ethereum development.
Key takeaways:
🚨 Malicious Impersonation: A fake extension named “Solidity” on the Open VSX registry was found to contain malicious code, targeting blockchain and smart contract developers.
🔒 Credential Theft: Upon installation, the extension exfiltrates sensitive data, including browser credentials, system information, and credentials for services like AWS and Discord.
💻 Persistent Backdoor: The malware downloads and executes a remote JavaScript file, effectively installing a backdoor that gives attackers persistent access to the compromised system.
🛡️ Supply Chain Threat: This attack highlights significant supply chain risks in open-source registries, where malicious actors can upload poisoned tools to target developers directly.
💡 Action Required: Developers using the Open VSX marketplace should immediately verify their installed extensions. The malicious extension has been removed; however, anyone who downloaded it remains at risk.
Hackers Steal $120M from Badger DeFi Platform via Frontend Exploit
The decentralized finance (DeFi) platform BadgerDAO has suffered a significant breach, with attackers draining an estimated $120.3 million in cryptocurrency. The attack compromised the platform’s user interface, injecting malicious code to hijack user transactions.
Key takeaways:
🚨 Frontend Compromise: Attackers exploited the platform’s frontend by using a compromised Cloudflare API key to inject malicious scripts into the Badger application.
🔒 Transaction Hijacking: These scripts intercepted transactions, prompting users to approve a malicious contract to operate on their wallets. Once approved, the attacker siphoned the funds.
💰 Massive Losses: The heist totaled over $120 million at the time, including more than 2,100 Bitcoin and 151 Ether stolen from user accounts.
🛡️ Platform Response: BadgerDAO confirmed the hack in a statement and immediately froze its platform and smart contracts to investigate the breach and prevent further losses.
💡 UI Risk: This attack underscores that DeFi vulnerabilities are not limited to smart contracts; the web-based user interface (UI) represents a critical and attractive target for threat actors.
Europol and Eurojust Bust €600 Million Crypto Fraud Network
A massive international law enforcement operation has dismantled a sophisticated fraud ring responsible for stealing over €600 million. The group lured victims to dozens of fake investment platforms using social media ads and fraudulent celebrity endorsements.
Key takeaways:
🚨 Fake Platforms: Attackers created dozens of professional-looking, fake cryptocurrency investment websites that promised high returns to lure in victims.
🎣 Sophisticated Lures: The criminals used a variety of methods to find victims, including social media advertising, cold calling, and fake news articles with bogus celebrity endorsements.
🔒 Unrecoverable Funds: Once victims transferred money or crypto to the platforms, the funds were laundered through complex blockchain transactions and could not be recovered.
🛡️ Global Takedown: The coordinated operation, involving five countries, led to nine arrests and the seizure of over €1.5 million in cash, bank funds, and cryptocurrencies.
💡 Stay Vigilant: Always be skeptical of “guaranteed” high returns and unsolicited investment offers. Thoroughly vet any investment platform before transferring funds.
Critical RCE Flaw (9.8 CVSS) Found in React Native CLI
A critical vulnerability (CVE-2025-11953) has been discovered in the @react-native-community/cli npm package, affecting millions of developers. The flaw allows remote unauthenticated attackers to execute arbitrary OS commands on machines running the development server.
Key takeaways:
🚨 Remote Code Execution: The vulnerability (CVSS 9.8) allows attackers to take over a developer’s machine simply by it being connected to the development server.
🌐 Wide Impact: The flaw affects the popular @react-native-community/cli package as well as @react-native-community/cli-server-api.
🛡️ Affected Versions: All versions of @react-native-community/cli-server-api from 4.8.0 through 20.0.0-alpha.2 are vulnerable.
🔒 Patch Immediately: A patch has been released. Developers are urged to update to version 20.0.0 or later to mitigate this critical risk.
Microsoft Teams Flaws Allowed Impersonation and Message Manipulation
Security researchers discovered four vulnerabilities in Microsoft Teams that could have exposed users to serious social engineering and impersonation attacks. The flaws, which have since been patched, allowed attackers to manipulate conversations and spoof identities.
Key takeaways:
🕵️♂️ Impersonation Risk: Attackers could alter their display name in private chats or forge caller IDs in video and audio calls to impersonate colleagues or executives.
💬 Message Manipulation: A flaw made it possible to alter message content without leaving the usual “Edited” label, allowing for sophisticated fraud or disinformation.
🚨 Notification Spoofing: Malicious users could modify notifications to make a message appear to come from a trusted source, like a CEO, to trick users into opening it.
🔒 Patches Deployed: The issues (including CVE-2024-38197) were responsibly disclosed and have been addressed by Microsoft in patches rolled out between August 2024 and October 2025.
Hackers Increasingly Use Virtualization to Evade Detection
Threat actors are adopting a stealthy new tactic: using legitimate virtualization technologies, like hypervisors (e.g., Hyper-V, KVM), to run their malware. By isolating malicious code inside a “guest” virtual machine, they can effectively hide it from security tools running on the main “host” operating system.
Key takeaways:
🕵️♂️ Evasion Technique: Malware running inside a guest VM is invisible to most host-based security tools (antivirus, EDR), as they cannot scan the guest’s isolated memory and processes.
🛡️ Hiding in Plain Sight: Attackers abuse built-in, trusted system tools. This allows the malicious VM to blend in with legitimate IT infrastructure, evading suspicion.
🚨 Persistent Threat: A backdoor hidden in a VM can be extremely persistent. It may survive even if the host operating system is wiped and reinstalled, as long as the malicious VM file remains.
🔒 Detection Challenge: This advanced technique highlights a significant challenge for defenders, requiring layered security, network monitoring, and hypervisor-level integrity checks.
SonicWall Confirms State-Sponsored Hackers Breached Cloud Backup Files
SonicWall has officially confirmed that state-sponsored hackers were behind the September breach that exposed firewall configuration backup files. The attack, isolated to a specific cloud environment via an API call, is unrelated to the global Akira ransomware campaigns.
Key takeaways:
🕵️♂️ Actor Identified: SonicWall attributes the attack to a “state-sponsored threat actor,” confirming the breach’s sophistication.
🛡️ Attack Vector: The breach was not a product vulnerability but was isolated to unauthorized API calls accessing a specific cloud backup environment.
⚠️ Data Exposed: Threat actors gained unauthorized access to firewall configuration backup files for customers who had enabled the cloud backup service.
🛠️ Remediation Tools: SonicWall has released an “Online Analysis Tool” and a “Credentials Reset Tool” to help customers identify and perform necessary remediation tasks.
🔒 Customer Action: Customers are advised to log in to MySonicWall.com, check their devices, and immediately reset credentials for any impacted services.
Google Warns: New AI-Powered Malware Families Found in the Wild
Google’s Threat Intelligence Group (GTIG) reports a major shift in the threat landscape, identifying new malware families that integrate Large Language Models (LLMs) during execution. This “just-in-time” self-modification allows malware to dynamically alter itself mid-attack, creating a new challenge for detection.
Key takeaways:
🤖 “Just-in-Time” Self-Modification: Malware like ‘PromptFlux’ can query LLMs (like Gemini) to generate new, obfuscated code on the fly, creating an “ever-evolving metamorphic script” to evade antivirus software.
🌐 State-Sponsored Abuse: Threat actors, including groups from China, Iran, and North Korea, are abusing AI for the entire attack lifecycle—from finding vulnerabilities and crafting phishing lures to debugging malicious code.
🦠 New AI-Malware Families: The report details several new threats, including ‘PromptSteal’ (a data miner), ‘QuietVault’ (a JavaScript credential stealer), and ‘PromptLock’ (experimental ransomware).
💡 Lowering the Technical Bar: The researchers note a growing interest in malicious AI-based tools on underground forums, which significantly lowers the skill required to deploy complex and evasive attacks.
🛡️ Google’s Response: Google has disabled the malicious accounts it identified and is actively reinforcing its AI model safeguards to disrupt this new vector of abuse.
“AI Slop” Ransomware Test Extension Found on VS Code Marketplace
A malicious VS Code extension with basic ransomware capabilities, likely generated by AI, was discovered on the official marketplace. The extension, which openly describes its file-stealing and encryption functions, highlights potential gaps in platform vetting processes.
Key takeaways:
🕵️♂️ Threat Details: The extension ‘susvsex’ could zip and exfiltrate user files to a hardcoded C2 server before encrypting them with AES-256-CBC.
🤖 AI-Generated Malware: The code exhibited signs of being “AI slop,” suggesting that even unsophisticated, AI-generated threats can evade security checks.
🌐 Marketplace Risk: Official marketplace vetting is not foolproof; this extension’s malicious intent was openly stated in its own description.
🛡️ Developer Action: Always scrutinize new extensions, even from trusted sources. Review descriptions, permissions, and publisher credentials before installing.
ClickFix Malware Evolves with Multi-OS Support & Video Guides
ClickFix malware attacks are now more convincing, using video tutorials and automatic OS detection (Windows, macOS, Linux) to trick users into running malicious code via fake verification pages.
Key takeaways:
🚨 Evolved Deception: Attacks now use video tutorials and countdown timers to pressure victims into self-infecting, often disguised as a fake Cloudflare CAPTCHA.
🌐 Multi-OS Threat: The malware automatically detects your OS (Windows, macOS, Linux) and provides the specific malicious commands for it.
🔒 Payload Delivery: The primary goal is to execute a payload, usually an information-stealing malware, to compromise your system.
💡 User Action: Be highly suspicious of any site asking you to paste code into your terminal for “verification.” Legitimate services will never require this.
Sandworm Hackers Deploy Data Wipers to Disrupt Ukraine’s Grain Sector
Russian state-backed hackers (Sandworm) are escalating cyber attacks against Ukraine, now targeting its vital grain sector with destructive data-wiping malware. This represents a new tactic aimed at disrupting Ukraine’s economy by destroying data permanently, unlike ransomware, which seeks a payout.
Key takeaways:
🎯 New Target: Attacks have expanded to Ukraine’s grain industry, a critical source of revenue, in a clear attempt to cause economic damage.
💥 Destructive Intent: The group is using multiple data-wipers (like ZeroLot and Sting) for pure sabotage, making data recovery impossible.
🤝 Actor Collaboration: The report notes initial access was sometimes gained by one threat actor (UAC-0099) and then passed to Sandworm to deploy the wiper.
🛡️ Critical Defense: The best defense against wipers is having secure, offline backups that are unreachable by attackers on the network.
Top Tips of the Week
Threat Intelligence
Implement CTI in cloud security strategies. Adapt threat intelligence for the unique challenges of cloud environments.
Threat Hunting
Share threat intelligence with industry-ISACs. Contribute to collective defense efforts against sector-specific threats.
Implement a response plan in cyber threat hunting. Be prepared to act swiftly when a threat is detected. A well-defined strategy is crucial.
Custom Tooling
Consider integration with threat intelligence feeds in custom tools. Enhance detection capabilities with real-time threat data.
Use secure authentication mechanisms in custom tools. Protect against unauthorized access and ensure data integrity.
Optimize custom tools for resource efficiency. Minimize resource usage while maintaining optimal performance.
Integrate custom tools with incident response processes. Enhance the organization’s ability to detect, respond, and recover from security incidents.
Feature Video
Are you playing goalie in your SOC, or are you a full-blown strategist? 🥅 ➡️ ♟️
Blocking a malicious IP is great, but it’s just stopping the bleeding. True CTI pros know that a single IOC is just the first thread to pull to unravel an entire attack campaign. This video breaks down the crucial difference between Tactical and Operational CTI.
Here are the key takeaways:
⚡ Tactical CTI: This is the “what” and “where”—your Indicators of Compromise (IPs, file hashes, domains). It’s fast, technical, and perfect for automated blocks. The catch? Its shelf life is incredibly short.
🧠 Operational CTI: This is the “how” and “who”—the adversary’s TTPs (Tactics, Techniques, and Procedures). It answers how they operate, what tools they use, and who they are. This is how you build durable, behavior-based detections (think Sigma & Yara rules).
🔄 The Virtuous Cycle: This is the magic! A tactical alert (IOC) triggers an investigation that yields operational intel (TTPs). You use those TTPs to proactively hunt and build new automated detections, making your defenses smarter every time.
Feature Course
What Will You Learn?
Fundamental functions from the Python standard library.
How to parse various data formats (CSV, JSON, etc.)
Creating cross-platform executable files.
Building Python packages.
Jupyter notebooks.
Integrating multiple APIs to build powerful automations.
Web scraping.
Taking command-line arguments for your tools.
Learning Resources
Cyber Training
Zero-Point Security: Advanced training in red team operations, adversary simulation, and offensive development. They equip you with the latest tactics and techniques to succeed in security and defence strategies.
TCM Academy: A comprehensive suite of courses including everything from penetration testing to malware analysis. Their hands-on, practical approach to training is designed to equip students with the real-world skills needed to succeed in cyber.
Blue Cape Security: A specialist in Digital Forensics and Incident Response (DFIR) training, offering courses to take you from complete beginner to expert. Learn to defend like a pro.
Tools
Octoparse: A no-code solution that will save you time, energy, and money. Let me show you how to use it to build your custom cyber threat intelligence web scraping tool!