Stealth loaders, AI chatbot flaws AI exploits, Docker hacks, and 15 other stories

Malicious attackers leverage an open source monitoring tool named Nezha to gain remote access to compromised hosts. It also makes it an attractive option for attackers because it allows administrators to view system status, execute commands, transfer files, and open interactive terminal sessions. In one incident investigated by Ontinue, the tool was deployed as a post-exploit remote access tool using a bash script, pointing to a remote dashboard hosted on Alibaba Cloud infrastructure in Japan. “The weaponization of Nezha reflects an emerging modern attack strategy in which threat actors systematically exploit legitimate software to achieve persistence and lateral movement while evading signature-based defenses,” said Mayuresh Dani, security research manager at Qualys. The Nezha exploit is part of a broader effort by attackers to leverage legitimate tools to evade detection of signatures, blend them into normal activity, and reduce development effort.

South Korea will start requiring facial recognition when registering new mobile phone numbers to combat fraud and identity theft, according to the Ministry of Science, Information and Communications. “By comparing the photo on the ID card with the person’s real face in real time, we can completely prevent the activation of a mobile phone registered under a false name using a stolen or forged ID card,” the ministry said. The new policy applies to SK Telecom, Korea Telecom, LG Uplus, and other virtual mobile carriers and will come into effect on March 23 after a pilot that began this week. The Ministry of Science stressed that no data will be stored as part of the new policy. “We are well aware of the concerns of the public due to a series of hacking incidents at local mobile phone companies,” the ministry said. “Contrary to concerns raised by some people, no personal information is stored or stored and is erased as soon as your identity is verified.”

ESET data reveals that detections of Android malware that exploits NFC increased by 87% from the first half of 2025 to the second half of 2025. This growth is coupled with the sophistication of NFC-based malware, including harvesting victim contacts, disabling biometrics, and integrating NFC attacks with remote access Trojan (RAT) and automatic transfer system (ATS) functionality. In these campaigns, malicious apps distributing malware such as PhantomCard prompt victims to hold their payment card near their phone and enter a PIN for authentication. In the process, the captured information is relayed to the attacker. “Recent technological innovations in the NFC field show that threat actors are no longer relying solely on relay attacks; they are blending NFC exploitation with advanced features such as remote access and automatic forwarding,” ESET said. “The efficiency of fraud is further accelerated by advanced social engineering and technology that can circumvent biometrics.”

Threat actors are currently targeting junior information security professionals and students with fake proof-of-concept (PoC) exploits for security flaws such as CVE-2025-59295, CVE-2025-10294, and CVE-2025-59230, trying to trick them into installing WebRAT using ZIP archives hosted in repositories. “To build trust, they carefully prepared their repositories and incorporated detailed vulnerability information into their descriptions,” Kaspersky said. The repository includes a detailed section with an overview of the vulnerability, its impact on your system, installation guides, usage instructions, and even mitigation advice. The consistency of the format of professional PoC documents suggests that their descriptions were machine-generated to avoid detection. Inside the ZIP file is an executable file named “rasmanesc.exe” that can elevate privileges, disable Microsoft Defender, and retrieve WebRAT from external servers. Webrat is a backdoor that allows attackers to take control of infected systems and steal data from cryptocurrency wallets, Telegram, Discord, and Steam accounts. It can also perform spyware functions such as screen recording, monitoring via webcam and microphone, and keylogging. WebRAT is sold by NyashTeam, who also promotes DCRat.

Campaigns distributing GuLoader (also known as CloudEyE) reached new highs from September to November 2025, with the highest detection peak recorded in Poland on September 18, ESET said. “CloudEyE is a multi-stage malware, with the downloader initially spreading via PowerShell scripts, JavaScript files, and NSIS executables,” the company said. “They then download the next stage, which contains a crypter component packed with the intended final payload. All CloudEyE stages are highly obfuscated, with content compressed, encrypted, encoded, or otherwise hidden, making them intentionally difficult to detect and analyze.”

Multiple vulnerabilities have been revealed in Eurostar’s public artificial intelligence (AI) chatbot. This vulnerability could allow guardrail bypass by leveraging the fact that the frontend relays the entire chat history to the API and performs checks on only the most recent messages to ensure safety. This opens the door to a scenario where an attacker can tamper with a previous message and, once entered into the model’s API, return an unintended response through prompt injection. Other issues identified include changing message IDs, potentially leading to user-to-user compromise, and HTML code injection due to lack of input validation. Pen Test Partners said, “An attacker could steal the prompts, guide the answers, and run scripts in the chat window.” “The key lesson is that even with LLM in the loop, old web and API weaknesses still apply.” Some of these vulnerabilities have since been fixed, but not before a confusing disclosure process that resulted in some form of extortion charge from Eurostar’s head of security on LinkedIn, after the penetration testing company asked, “Wouldn’t it have been helpful if we simply acknowledged the original email report?”

Zeroday.cloud, a hacking contest run by Wiz, uncovered 11 significant zero-day exploits impacting fundamental open source components used in critical cloud infrastructure, including container runtimes, AI infrastructure like vLLM and Ollama, and databases like Redis, PostgreSQL, and MariaDB. The most serious flaw was discovered in Linux. “This vulnerability allows for container escape, often allowing attackers to break in from isolated cloud services dedicated to a specific user and spread to the underlying infrastructure that controls all users,” With said. “This would violate a core promise of cloud computing: that different customers running on the same hardware are isolated and cannot access each other. This further reinforces that containers should not be the only security barrier in multi-tenant environments.”

Manufacturing and government organizations in Italy, Finland, and Saudi Arabia have been targeted by a new phishing campaign that uses commodity loaders to deliver a wide range of malware, including PureLogs, XWorm, Katz Stealer, DCRat, and Remcos RAT. “This campaign leverages sophisticated tradecraft and utilizes a variety of infection vectors, including weaponized Office documents (exploiting CVE-2017-11882), malicious SVG files, and ZIP archives containing LNK shortcuts,” Cyble said. “Delivery methods vary, but all vectors utilize an integrated commodity loader.” The use of loaders to distribute a variety of malware indicates that they may be shared or sold among different threat actor groups. The campaign is notable for using steganography techniques to host image files on legitimate distribution platforms, allowing malicious code to evade file-based detection systems under the guise of benign traffic. Based on similar campaigns detailed by Nextron Systems and Zscaler, the product loader is rated as Caminho.

Microsoft announced that Teams will automatically enable messaging safety features by default, including weaponizable file type protection, malicious URL protection, and false detection reporting. Starting January 12, 2026, this change will be rolled out to tenants who have not previously changed their messaging safety settings and are using the default configuration. “We’re improving messaging security in Microsoft Teams by enabling key safety protections by default,” Microsoft says in an update to the Microsoft 365 Message Center. “This update helps protect users from malicious content and provides an option to report false detections.” Additionally, the Windows maker said security admins will now be able to block external users of Microsoft Teams via the tenant allow/block list in the Microsoft Defender portal. This feature will be rolled out in early January 2026 and is expected to be completed by mid-January. “This centralized approach allows organizations to control external user access across Microsoft 365 services, improving security and compliance,” the company said.

Docker has patched a vulnerability in Ask Gordon, the AI ​​assistant built into Docker Desktop and Docker CLI. The flaw, discovered by Pillar Security in beta, is a case of prompt injection that allows an attacker to hijack the assistant and exfiltrate sensitive data by poisoning the Docker Hub repository’s metadata with malicious instructions. An attacker could have created a malicious Docker Hub repository with crafted instructions for the AI ​​to extract sensitive data when an unsuspecting developer asked the chatbot to describe the repository. “By exploiting Gordon’s inherent trust in Docker Hub content, the attacker is able to embed instructions that trigger automatic execution of the tool and fetch additional payloads from attacker-controlled servers, all without the user’s consent or knowledge,” said security researcher Eilon Cohen. This issue was resolved in version 4.50.0 released on November 6, 2025.

Researchers have demonstrated a way to penetrate Internet of Things (IoT) devices through firewalls without requiring any software vulnerabilities. “We present a new attack method that allows an attacker anywhere in the world to impersonate a target intranet device, hijack cloud communication channels, spoof the cloud, bypass companion app authentication, and ultimately achieve remote code execution (RCE) with root privileges,” researchers Jincheng Wang and Nik Xe said. “Our research revealed flaws in existing cloud device authentication mechanisms and a widespread lack of appropriate channel validation mechanisms.”

Microsoft said it will deploy hardware-accelerated BitLocker in Windows 11 to balance robust security with minimal performance impact. “Starting with the September 2025 Windows Update for Windows 11 24H2 and the release of Windows 11 25H2, in addition to existing support for Universal Flash Storage (UFS) inline encryption engine technology, BitLocker will take advantage of upcoming system-on-chip (SoC) and central processing unit (CPU) capabilities to improve performance and security for current and future NVMe drives,” the company said. As part of this effort, BitLocker wraps BitLocker bulk encryption keys in hardware and offloads bulk encryption operations from the main CPU to a dedicated encryption engine. “When you enable BitLocker, supported devices with NVMe drives and one of the new encryption offload-enabled SoCs use hardware-accelerated BitLocker with the XTS-AES-256 algorithm by default,” the tech giant added.

Israeli information technology (IT), managed service provider (MSP), human resources, and software development companies have been targeted by a threat cluster likely originating from West Asia. This threat cluster used phishing lures written in Hebrew and designed to resemble routine internal communications to infect systems with Python and Rust-based implants tracked as PYTRIC and RUSTRIC. This activity is being tracked by Seqrite Labs as UNG0801 and Operation IconCat. “A recurring pattern across the observed campaigns is that attackers rely heavily on spoofing antivirus icons,” the company said. “The brands of well-known security vendors such as SentinelOne and Check Point are being exploited to create a false sense of legitimacy.” A PDF attachment within the email message instructs recipients to download a security scanner by clicking on a Dropbox link that delivers malware. PYTRIC has the ability to scan file systems and perform full system wipes. The attack chain distributes RUSTRIC using a Microsoft Word document containing malicious macros to extract and launch the malware. In addition to enumerating antivirus programs installed on infected hosts, it also collects basic system information and connects to external servers.

A threat actor known as AlphaGhoul is promoting a tool called NtKiller that it claims can secretly terminate antivirus and security solutions such as Microsoft Defender, ESET, Kaspersky, Bitdefender, and Trend Micro. According to Outpost24, the core functionality is available for $500, while the rootkit add-on and UAC Bypass add-on cost $300 each. This disclosure comes weeks after a security researcher going by the name Zero Salarium demonstrated how endpoint detection and response (EDR) programs could be compromised on Windows by exploiting the bind filter driver (‘bindflt.sys’). In recent months, the security community has identified ways to exploit parameter pollution in ASP.NET to bypass Web Application Firewalls (WAFs), subvert EDR using in-memory portable executable (PE) loaders, and even manipulate Microsoft Defender Antivirus to sideload DLLs, remove executables, and exploit update mechanisms to hijack execution folders and prevent services from running.

AI company Anthropic said Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed a blockchain smart contract exploit that enabled the theft of $4.6 million worth of digital assets. “Both agents discovered two new zero-day vulnerabilities and created $3,694 worth of exploits. GPT-5 did this at an API cost of $3,476,” said Anthropic’s Frontier Red team. “This is a proof-of-concept demonstration that profitable real-world autonomous exploitation is technically feasible, a finding that underscores the need to aggressively deploy AI for defense.”

A North Korean threat actor known as ScarCruft has been implicated in a new campaign dubbed Artemis. The campaign involves an adversary posing as a scriptwriter for a Korean TV show and contacting targets to arrange casting and interviews. “Short introductions and legitimate-looking instructions are used to build trust,” Jennians says. “The attackers distribute malicious HWP files disguised as pre-interview questionnaires or event invitation documents.” The ultimate goal of these attacks is to trigger the sideloading of a malicious DLL that ultimately powers RokRAT, which uses Yandex Cloud for command and control (C2). The name of this campaign comes from the fact that one of the identified HWP documents has the value of the (Last saved by) field set to “Artemis”.

Russian influence operation CopyCop (also known as Storm-1516) has used AI tools to expand its efforts globally, quietly deploying more than 300 inauthentic websites posing as local news outlets, political parties, and even fact-checking organizations, targeting audiences in North America, Europe, and other regions, including Armenia, Moldova, and parts of Africa. The main objective is to advance Russia’s geopolitical goals and weaken Western support for Ukraine. “What sets Copy Cop apart from previous influence operations is its extensive use of artificial intelligence,” Record Future said. “The network relies on self-hosted LLMs, particularly the uncensored version of the popular open source model, to generate and rewrite content at scale. Thousands of fake news articles and ‘investigations’ are created and published every day, mixing snippets of fact with deliberate falsehoods to create the illusion of trustworthy journalism.”

The threat cluster referred to as SHADOW-VOID-042 is associated with a November 2025 spear-phishing campaign featuring a Trend Micro-themed social engineering lure that tricked victims in the defense, energy, chemical, cybersecurity (including Trend and its subsidiaries), and ICT sectors into displaying a message instructing them to install a fake update for an alleged Trend Micro Apex One security issue. Trend Micro said this activity overlaps with previous activity by RomCom (also known as Void Rabisu), a threat actor aligned with Russian interests and with both financial and espionage motives. However, in the absence of a definitive connection, the latter attack wave is tracked under another set of temporary intrusions. Additionally, the November 2025 campaign overlaps in tactics and infrastructure with another October 2025 campaign that used harassment allegations and participation in investigations as social engineering fodder. “This campaign utilized a multi-stage approach, with each stage tailored to a specific target machine and delivering intermediate payloads to a selected number of targets,” Trend Micro said. The URL embedded in the email redirects the victim to a fake landing page impersonating Cloudflare, while behind the scenes an attempt is made to exploit a currently patched Google Chrome security flaw (CVE-2018-6065) using a JavaScript file. If the exploit fails, the attacker is redirected to a decoy site called TDMSec that impersonates Trend Micro. The JavaScript file also contains shellcode responsible for gathering system information and connecting to an external server to retrieve the second stage payload. This shellcode acts as a loader for the encrypted component and connects to the server to retrieve unspecified next stage malware. Although Void Rabisu has exploited zero-days in the past, this new discovery raises the possibility that Void Rabisu may have made some changes.