Robert Grupe's AppSecNewsBits 2025-06-28

EPIC FAILS in Application Development Security practice processes, training, implementation, and incident response
Canadian telecom hacked by suspected China state group

Canada's Cyber Center said that three network devices operated by an unnamed Canadian telecom company “were compromised by likely Salt Typhoon actors in mid-February 2025.” The hackers exploited CVE-2023-20198 to retrieve running configuration files from the devices and modified at least one of the files to create a GRE tunnel allowing traffic collection from the network the devices were connected to.
In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10. Any switch, router, or wireless LAN controller running Cisco's iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable.
Salt Typhoon has been linked to hacks last year that compromised multiple US-based telecom companies, including Verizon and AT&T.
In February of this year, Cisco said that attackers in the same 2024 campaign exploited not just CVE-2023-20198, but also several other previously patched vulnerabilities, including those tracked as CVE-2018-0171 and CVE-2023-20273. Cisco said Salt Typhoon also exploited CVE-2024-20399, a newer vulnerability that was patched in November.

Whole Foods supplier UNFI restores core systems after cyber attack
A June 5 cyber attack impacted customer orders and caused temporary disruptions to business operations after it forced it to take some systems offline. The incident was disclosed following widespread reports on social media that the company's systems had been down, and employees were having their shifts canceled.
In the weeks following the incident, the Company experienced reduced sales volume and increased operational costs as the Company worked to drive solutions-oriented results for its customers. The Company has also incurred, and expects to continue to incur, direct expenses related to the investigation and remediation of the incident.

UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans
A growing trend whereby legitimate, trusted domains and their abandoned web pages are being hijacked by groups pushing SEO-optimized AI slop.
A website developed for the UK Home Office was hijacked to push a payday loan scheme. Most of the website was unchanged, but a new section plonked in the middle of the home page pushed a payday loan scheme from Leicestershire-registered Wage Day Advance. The FCA has a notice about the company stating "individuals are using the details of this firm to suggest they work for the genuine firm. We call this a cloned firm and it is typically part of a scam.”
Domains owned by Nvidia, Stanford University, NPR, and the US government were hijacked similarly to advertise various topics.

Second attack on McLaren Health Care in a year affects 743k people
McLaren Health Care is in the process of writing to 743,131 individuals now that it fully understands the impact of its July 2024 cyberattack.
The attack was carried out on Karmanos Cancer Institute, an independent organization that's part of McLaren's network, on July 17, 2024, but was not detected until August 5.
Filing the breach notification with Maine's attorney general on behalf of Karmanos, McLaren did not mention the involvement of ransomware by name, but the attack was claimed by INC in August, at which time social media users posted what appeared to be printed ransom notes.
McLaren refers to it only as a "cybersecurity attack" in its notification, one that compromised personal and protected health information.
McLaren did not apologize to the affected individuals in the letter, but assured them there is no evidence the data stolen during the attack has been abused, and offered 12 months' worth of free credit monitoring. The attack on Karmanos, located in Detroit, was the second major data security incident affecting McLaren in 12 months, with the previous one occurring in July 2023.

New Vulnerabilities Expose Millions of Brother Printers to Hacking
CVE-2024-51978 and with a severity rating of ‘critical’, can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device’s default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device’s serial number. This serial number is needed to generate the default admin password. Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users.

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Open VSX Registry is an open-source project and alternative to the Visual Studio Marketplace. It's maintained by the Eclipse Foundation. Several code editors like Cursor, Windsurf, Google Cloud Shell Editor, Gitpod, and others integrate it into their services. This vulnerability provides attackers full control over the entire Visual Studio Code extensions marketplace, and in turn, full control over millions of developer machines.
The root of the vulnerability is that npm install runs the arbitrary build scripts of all the auto-published extensions, and their dependencies, while providing them with access to the OVSX_PAT environment variable. This means that it's possible to obtain access to the @open-vsx account's token, enabling privileged access to the Open VSX Registry, and providing an attacker with the ability to publish new extensions and tamper with existing ones to insert malicious code.
The risk posed by extensions has not gone unnoticed by MITRE, which has introduced a new "IDE Extensions" technique in its ATT&CK framework as of April 2025, stating it could be abused by malicious actors to establish persistent access to victim systems.

Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting. The Notepad++ v8.8.1 installer released on May 5, 2025, contains an uncontrolled executable search path that enables local privilege escalation attacks.
However, exploitation requires that the attacker must either have local access to the system or successfully trick a user, through methods such as social engineering or clickjacking, into downloading both the official Notepad++ installer and a specially crafted malicious executable into the same folder, typically the user’s Downloads directory.

What’s Weak This Week:

• CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
  Could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. Related CWE: CWE-798

• CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability
  The file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. Related CWE: CWE-22

• CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
  A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. Related CWE: CWE-290
  Actively exploited vulnerability gives extraordinary control over server fleets
  Vulnerability CVE-2024-54085 allows for authentication bypasses by making a simple web request to a vulnerable BMC device over HTTP.
  With a severity rating of 10 out of a possible 10, it resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavailable or the operating system isn't functioning. These motherboard-attached microcontrollers, known as baseboard management controllers (BMCs), give extraordinary control over servers inside data centers by operating below the OS, attackers can evade endpoint protection, logging, and most traditional security tools.

  • Remotely power on or off, reboot, or reimage the server, regardless of the primary operating system's state.

  • Scrape credentials stored on the system, including those used for remote management, and use the BMC as a launchpad to move laterally within the network

  • Sniff sensitive data or exfiltrate information without detection

  • Corrupt firmware, rendering servers unbootable and causing significant operational disruption.

APPSEC, DEVSECOPS, DEV

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors.
The hackers rely on legitimate AWS cloud services (AWS, Cloudfront, API Gateway, Lambda) to keep the command and control (C2) infrastructure hidden.
It starts with a phishing email with a link to a fake hardware analysis site hosted in the Azure ecosystem that delivers a .APPLICATION file (ClickOnce manifest) disguised as a legitimate tool. ClickOnce apps launch under the Deployment Service (dfsvc.exe), enabling attackers to proxy execution of malicious payloads through this trusted host.

Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.
The vulnerability CVE-2025-5777, 9.3 severity rating, has been dubbed "CitrixBleed 2." The earlier flaw (CVE-2023-4966) allowed attackers to access a device's memory, find session tokens, and then use those to impersonate an authenticated user while bypassing multi-factor authentication — which is also possible with this new bug.
The vulnerability, which can be exploited remotely and without any authentication, is due to insufficient input validation. It could allow an attacker to read session tokens or other sensitive information in memory from NetScaler devices that are configured as a Gateway (such as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department
A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US and South East.
The campaign mostly targets end-of-life routers, IoT devices, internet-connected security cameras, virtual servers, and other small office/home office (SOHO) devices, with the goal of building an Operational Relay Box or ORB network. Beijing's attackers route traffic and launch cyberattacks through these ORB networks, which have grown to hundreds or thousands of compromised devices. Because the activity comes through what seems to be a local IP address, it's harder to track.
After they've broken in, the suspected Chinese snoops deploy a custom backdoor called ShortLeash to maintain access to the compromised devices and build this interconnected network of covert boxes.
Upon execution, ShortLeash generates a self-signed, TLS certificate that presents as if signed by the City of Los Angeles Police Department (LAPD). That name suggests those behind the campaign are attempting to spoof the police department to appear legitimate.

Crims are posing as insurance companies to steal health records and payment info
Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages. The FBI is warning the public to be on the lookout for emails and texts purporting to come from health insurers and claims investigators. Criminals are sending these messages to both patients and healthcare providers alike in this latest healthcare fraud scheme.

Hackers Exploit Misconfigured Docker APIs via Tor Network
In using Tor, the idea is to anonymize their origins during the installation of the miner on compromised systems. The attacks, per the cybersecurity company, commence with a request from the IP address 198.199.72[.]27 to obtain a list of all containers on the machine.
If no containers are present, the attacker proceeds to create a new one based on the "alpine" Docker image and mounts the "/hostroot" directory – i.e., the root directory ("/") of the physical or virtual host machine – as a volume inside it. This behavior poses security risks as it allows the container to access and modify files and directories on the host system, resulting in a container escape.
The threat actors then execute a carefully orchestrated sequence of actions that involves running a Base64-encoded shell script to set up Tor on the container as part of the creation request and ultimately fetch and execute a remote script from a .onion domain.

Microsoft 365 'Direct Send' abused to send phishing as internal users
Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant's smart host as if they originated from the organization's domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.
Attacks are delivered via PowerShell using a targeted company's smart host (company-com[.]mail[.]protection[.]outlook[.]com), making it possible for an attacker to send internal‑looking messages from external IP addresses.
This method works because using Direct Send with the smart host doesn't require authentication and treats the sender as internal, allowing threat actors to bypass SPF, DKIM, DMARC, and other filtering rules.

Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations
The latest marketing ploy from the ransomware crooks behind the Qilin operation involves offering affiliates access to a crack team of lawyers to ramp up pressure in ransom negotiations. Researchers at Cybereason noticed a recent post to an underground cybercrime forum penned by one of its mods, claiming to have added a "Call lawyer" button to its affiliate panel. With a single click, the feature ostensibly summons a legal expert into ransom negotiation chat windows to offer professional advice.

Experts count staggering costs incurred by UK retail amid cyberattack hell
Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations Marks & Spencer, the Co-op, and Harrods recently could be in the region of £270-440 million ($362-591 million).

The résumé is dying, and AI is holding the smoking gun
Employers are drowning in AI-generated job applications, with LinkedIn now processing 11,000 submissions per minute—a 45 percent surge from last year.
The Times illustrates the scale of the problem with the story of an HR consultant named Katie Tanner, who was so inundated with over 1,200 applications for a single remote role that she had to remove the post entirely and was still sorting through the applications three months later.
In response to the deluge, companies now deploy their own AI defenses. Chipotle's AI chatbot screening tool, nicknamed Ava Cado, has reportedly reduced hiring time by 75 percent. However, this trend from businesses has led to an arms race of escalating automation, with candidates using AI to generate interview answers while companies deploy AI to detect them—creating what amounts to machines talking to machines while humans get lost in the shuffle.

FBI and US Treasury Publication of North Korea Information Technology Workers Advisory
DTEX has a couple hundred customers and estimates thousands of critical infrastructure organizations have been infiltrated by North Korean operatives. Nearly 40% of the incident response cases CrowdStrike worked on last year involving the North Korea state-backed group it tracks as Famous Chollima were insider-threat operations. Insider threats accounted for 5% of Palo Alto Networks’ Unit 42 incident response cases last year, and the number of those tied to North Korea tripled in 2024.
The advisory provides detailed information on how DPRK IT workers operate and identifies red flags to help companies avoid hiring DPRK freelance developers and to help freelance and digital payment platforms identify DPRK IT workers abusing their services.

New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors. The latest attack wave uses 35 malicious packages submitted to npm through 24 accounts. The packages have been downloaded over 4,000 times in total.
Several of the 35 malicious npm packages typosquat or mimic well-known and trusted libraries, making them especially dangerous.
Posing as recruiters on LinkedIn, the North Korean threat actors send coding "assignments" to developers and job seekers via Google Docs, embed these malicious packages within the project, and often pressure candidates to run the code outside containerized environments while screen-sharing.
Software developers approached with lucrative remote job offers should treat these invitations with caution and always run unknown code in containers or virtual machines instead of executing it on their OS.

Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
While widely-used LLMs are designed to refuse user prompts that revolve around prohibited topics, they can be nudged towards eliciting unethical responses as part of what's called a multi-turn jailbreaking. Echo Chamber weaponizes indirect references, semantic steering, and multi-step inference. The result is a subtle yet powerful manipulation of the model's internal state, gradually leading it to produce policy-violating responses. This plays out as a multi-stage conversational adversarial prompting technique that starts with a seemingly innocuous input, gradually and indirectly steering it towards generating dangerous content without giving away the end goal of the attack

APPSEC & DEV

CISA New Guidance Released for Reducing Memory-Related Vulnerabilities
This joint guide outlines key challenges to adopting MSLs (Memory Safe Languages), offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices.

Supply chain attacks surge with orgs 'flying blind' about dependencies
71% of security leaders reported that their organization had experienced at least one incident which had a material impact on their business in the past year alone. 37% experienced three or more of these, and 5% suffered 10 or more attacks linked to external entities across their supply chain over the same period.
79% have less than half of their nth-party supply chain – "nth-party" refers to the dependents and dependencies of their third-party suppliers – overseen by a cybersecurity program.
36% have only 1-10% of their supply chain is protected.
You would expect your third-party and nth-party vendors to match your company's security protocols.

Beware the Hidden Risk in Your Entra Environment
All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access.

Wiz Report - AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders
87% of respondents are using AI services in some form. But 31% say a lack of AI security expertise is their top challenge—by far the most common blocker.
13% of respondents say they’ve adopted AI-specific posture management (AI-SPM). In contrast, traditional security strategies are much more common: 53% have implemented secure development practices, 41% use tenant isolation, and 35% conduct regular audits to uncover shadow AI.
45% of respondents use hybrid cloud, and 33% operate in multi-cloud environments. But only a third are using cloud-native platforms like CNAPP or CSPM. Most teams are still relying on endpoint security approaches that don’t scale to modern infrastructure—or AI workloads.
When asked about their top priorities for AI security, respondents highlighted data privacy (69%), threat visibility (62%), and ease of integration (51%). Yet 25% also admitted they don’t know what AI services are currently running in their environments.

OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
OWASP AI Security and Privacy Guide

10 AI Tools That Cut Documentation Time by 70%
Studies show that developers spend 20-30% of their time on documentation-related tasks, which translates to roughly 8-12 hours per week for a full-time developer.
We've identified the top 10 that deliver measurable time savings.

• API documentation creation: From 8 hours to 2.5 hours

• Code commenting and inline docs: From 12 hours to 3 hours

• README and setup guides: From 6 hours to 2 hours

• Architecture documentation: From 6 hours to 2.1 hours 

VENDORS & PLATFORMS

Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown
The biggest change is moving third-party security drivers out of the Windows kernel, where a flaw could cause a catastrophic crash, and running them in user space instead.
Notably, none of the companies in the announcement supporters list committed to moving their drivers out of the kernel and into user space, a process that will require time and testing. And there's no guarantee that all of the participants are ready to move to the new architecture.
Last year, following the security summit, ESET had been blunt about the prospect of changes to the endpoint security platform: "It remains imperative that kernel access remains an option for use by cybersecurity products," the company wrote in an unsigned statement. This year's remarks are more collegial but still not quite a ringing endorsement.

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks
These include:

• Prompt injection content classifiers, which are capable of filtering out malicious instructions to generate a safe response

• Security thought reinforcement, which inserts special markers into untrusted data (e.g., email) to ensure that the model steers away from adversarial instructions, if any, present in the content, a technique called spotlighting.

• Markdown sanitization and suspicious URL redaction, which uses Google Safe Browsing to remove potentially malicious URLs and employs a markdown sanitizer to prevent external image URLs from being rendered, thereby preventing flaws like EchoLeak

• User confirmation framework, which requires user confirmation to complete risky actions

• End-user security mitigation notifications, which involve alerting users about prompt injection

Thales enhances Imperva Application Security with new API threat detection and response capabilities
Thales has announced new capabilities in the Imperva Application Security platform, aimed at helping organisations detect and mitigate API-based attacks in real time. The update introduces integrated detection and response for threats such as Broken Object Level Authorisation (BOLA), which remains the top-ranked risk in the OWASP API Security Top 10.

F5 Rolls Out Post-Quantum Cryptography Tools for App Security

GitLab Ultimate for IBM Z: ‘modern DevSecOps for mainframes
GitLab and IBM have partnered to solve a fundamental disconnect in enterprise development, the two companies say enables mainframe developers to work with the same modern tools, workflows, and collaboration features as their distributed counterparts.

Android 16 can warn you that you might be connected to a fake cell tower
This feature alerts you to unencrypted connections or when the network requests your phone’s identifiers, which can help detect when surveillance might be happening.
Due to new hardware requirements, this protection will likely only be on new devices launching with Android 16, such as the upcoming Pixel 10.
With the release of Android 12, Google added support for disabling 2G connectivity at the modem level. In Android 14, the company followed up by supporting the disabling of connections that use null ciphers — a form of unencrypted communication. More recently, Android 15 added support for notifying the OS when the network requests a device’s unique identifiers or tries to force a new ciphering algorithm. These features directly counter the tactics used by commercial “stingrays,” which trick devices into downgrading to 2G or using null ciphers to make their traffic easier to intercept. Blocking these connections and notifying the user about these requests helps protect them from surveillance.

Psylo browser tries to obscure digital fingerprints by giving every tab its own IP address
The Electronic Frontier Foundation released a paper [PDF] back in 2010 that called out risks associated with browser fingerprinting.
Researchers have shown that browser fingerprints can be copied and spoofed. In other words, an attacker might be able to impersonate your browser fingerprint to make it look as if you visited a website you’ve never read.
Psylo costs $9.99 per month or $99 per year. That's the price of privacy.

Gemini CLI is a free, open source coding agent that brings AI to your terminal
Because authors suing Anthropic did not allege that any of Anthropic's outputs reproduced their works or expressive style, the judge found there was no threat that Anthropic's text generator, Claude, might replace authors in their markets. And that lacking argument did tip the fair use analysis in favor of Anthropic.

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
[rG: Ick.]

LEGAL & REGULATORY
New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
Effective immediately, all individuals applying for an F, M, or J nonimmigrant visa are requested to adjust the privacy settings on all of their personal social media accounts to 'public' to facilitate vetting necessary to establish their identity and admissibility to the United States.
The United States has required visa applicants to provide social media identifiers on immigrant and nonimmigrant visa application forms since 2019. Visa applicants must list all social media usernames or handles of every platform they have used from the last 5 years.
Every piece of "available" information is used as part of its visa screening and vetting to identify visa applicants who are deemed inadmissible to the country, including those who pose a threat to its national security.

Man pleads guilty to hacking networks to pitch security services
Nicholas Michael Kloster was indicted last year for hacking into the networks of three organizations in 2024, including a health club and a Missouri nonprofit corporation.
Kloster is facing a potential sentence of up to five years in federal prison without parole, along with a fine of up to $250,000, three years of supervised release, and an order of restitution.

WhatsApp banned on UC Congress House staffers' devices
The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.
The chief administrative officer has in recent years set at least partial bans on DeepSeek, ByteDance apps and Microsoft Copilot.
It has also heavily restricted staffers' use of ChatGPT, instructing offices to only use the paid version, ChatGPT Plus.

Key fair use ruling clarifies when books can be used for AI training

And Now For Something Completely Different …

An AI film festival and the future of human expression
AIFF 2025 - a film festival dedicated to shorts made using generative AI.
First-time filmmakers who might never have previously cleared Hollywood's gatekeepers are getting screened at festivals because they can create competitive-looking work with a fraction of the crew and hours. Studios and the people who work there are saying they're saving time, resources, and headaches in pre-viz, editing, visual effects, and other work that's usually done under immense time and resource pressure.