π FBI flags TeamPCP supply-chain campaign targeting CI/CD and cloud access
The FBI warned that TeamPCP compromised software distribution channels to push trojanized updates into tools used across enterprise development and security workflows, including Trivy, KICS, LiteLLM, and the Telnyx Python SDK. Reported payloads include CanisterWorm, SANDCLOCK, Mini Shai-Hulud, and Miasma, with theft focused on cloud tokens, API keys, Kubernetes credentials, and local environment secrets.
The operational impact is downstream and persistent: poisoned packages inside build pipelines can expose cloud control planes, automate credential harvesting, and propagate further through npm and PyPI using stolen accounts. The FBI assessment treats any exposed credentials or exfiltrated data as a long-term compromise risk.
π°οΈ Open sources - closed narratives
@sitreports
The FBI warned that TeamPCP compromised software distribution channels to push trojanized updates into tools used across enterprise development and security workflows, including Trivy, KICS, LiteLLM, and the Telnyx Python SDK. Reported payloads include CanisterWorm, SANDCLOCK, Mini Shai-Hulud, and Miasma, with theft focused on cloud tokens, API keys, Kubernetes credentials, and local environment secrets.
The operational impact is downstream and persistent: poisoned packages inside build pipelines can expose cloud control planes, automate credential harvesting, and propagate further through npm and PyPI using stolen accounts. The FBI assessment treats any exposed credentials or exfiltrated data as a long-term compromise risk.
π°οΈ Open sources - closed narratives
@sitreports
π PolinRider expands across open-source supply chain
North Korea-linked PolinRider activity has now been tied to 108 open-source projects, with 162 malicious release artifacts spanning 80 Go modules, 10 Packagist packages, and one Chrome extension. The campaign is associated with Contagious Interview and Famous Chollima, and includes compromised maintainer accounts such as Xpos587 used to push synchronized changes across unrelated repositories.
The tradecraft is notable: force-pushed and anti-dated commits can make repository history appear clean, while obfuscated loaders are hidden in config files or fake .woff2 font files and triggered through .vscode/tasks.json. This shifts detection away from visible commit timelines toward account activity, Git history anomalies, and developer-environment persistence.
π°οΈ Open sources - closed narratives
@sitreports
North Korea-linked PolinRider activity has now been tied to 108 open-source projects, with 162 malicious release artifacts spanning 80 Go modules, 10 Packagist packages, and one Chrome extension. The campaign is associated with Contagious Interview and Famous Chollima, and includes compromised maintainer accounts such as Xpos587 used to push synchronized changes across unrelated repositories.
The tradecraft is notable: force-pushed and anti-dated commits can make repository history appear clean, while obfuscated loaders are hidden in config files or fake .woff2 font files and triggered through .vscode/tasks.json. This shifts detection away from visible commit timelines toward account activity, Git history anomalies, and developer-environment persistence.
π°οΈ Open sources - closed narratives
@sitreports
π NetNut proxy network disrupted, 2 million infected devices cut off
A joint operation involving Google, the FBI, Lumen Technologies, and Shadowserver disrupted NetNut, a residential proxy network tied to at least 2 million compromised Android devices, including smart TVs and streaming boxes. Google says 316 distinct threat clusters were seen using suspected NetNut exit nodes in one week last month, while the FBI seized domains used by the service.
The takedown hits a major layer of criminal infrastructure: residential proxies let operators route traffic through home IP space, masking password spraying, access to attacker infrastructure, and victim-network operations. The case also underlines how proxy capacity is built on consumer malware and resold across an interconnected market.
π°οΈ Open sources - closed narratives
@sitreports
A joint operation involving Google, the FBI, Lumen Technologies, and Shadowserver disrupted NetNut, a residential proxy network tied to at least 2 million compromised Android devices, including smart TVs and streaming boxes. Google says 316 distinct threat clusters were seen using suspected NetNut exit nodes in one week last month, while the FBI seized domains used by the service.
The takedown hits a major layer of criminal infrastructure: residential proxies let operators route traffic through home IP space, masking password spraying, access to attacker infrastructure, and victim-network operations. The case also underlines how proxy capacity is built on consumer malware and resold across an interconnected market.
π°οΈ Open sources - closed narratives
@sitreports
π Bad Epoll flaw enables local root on Linux and Android
A newly disclosed Linux kernel vulnerability dubbed Bad Epoll allows unprivileged local users to escalate privileges to root. The issue affects Linux systems and also impacts Android, extending exposure beyond servers and workstations to mobile devices built on the same kernel base.
The key operational concern is that no elevated starting access is required: a low-privilege foothold can be converted into full system compromise. For defenders, this raises the priority of kernel patching and local access controls across both enterprise Linux fleets and Android-dependent environments.
π°οΈ Open sources - closed narratives
@sitreports
A newly disclosed Linux kernel vulnerability dubbed Bad Epoll allows unprivileged local users to escalate privileges to root. The issue affects Linux systems and also impacts Android, extending exposure beyond servers and workstations to mobile devices built on the same kernel base.
The key operational concern is that no elevated starting access is required: a low-privilege foothold can be converted into full system compromise. For defenders, this raises the priority of kernel patching and local access controls across both enterprise Linux fleets and Android-dependent environments.
π°οΈ Open sources - closed narratives
@sitreports
π Unpatched filesystem flaws exposed across embedded device supply chains
Multiple unpatched vulnerabilities have been disclosed in a filesystem bundled into millions of embedded devices. The issues affect a low-level software component widely integrated into firmware, expanding exposure across consumer, industrial, and network-connected hardware that may never receive direct updates.
The significance is systemic rather than isolated: a single vulnerable filesystem can propagate risk across many OEMs and product lines. That makes remediation dependent on fragmented vendor chains, long firmware cycles, and device classes with limited patch support.
π°οΈ Open sources - closed narratives
@sitreports
Multiple unpatched vulnerabilities have been disclosed in a filesystem bundled into millions of embedded devices. The issues affect a low-level software component widely integrated into firmware, expanding exposure across consumer, industrial, and network-connected hardware that may never receive direct updates.
The significance is systemic rather than isolated: a single vulnerable filesystem can propagate risk across many OEMs and product lines. That makes remediation dependent on fragmented vendor chains, long firmware cycles, and device classes with limited patch support.
π°οΈ Open sources - closed narratives
@sitreports
π SharkLoader pushes Cobalt Strike into memory
Researchers identified SharkLoader, an evasive multi-stage loader used by the StrikeShark cluster to deploy Cobalt Strike Beacon directly in memory. Initial access combines exploitation of internet-facing systems with fake installers, while execution chains rely on DLL side-loading, reflective loading, encrypted stages, and Perfect DLL Hijacking. Reported victims include government, diplomatic, and software targets across Asia, Europe, the Middle East, and Latin America.
The operational value is in low-noise post-compromise access. In-memory execution, signed binary abuse, process spoofing, event log interference, and frequent scheduled-task persistence compress detection time while enabling reconnaissance, credential theft, and Active Directory enumeration.
π°οΈ Open sources - closed narratives
@sitreports
Researchers identified SharkLoader, an evasive multi-stage loader used by the StrikeShark cluster to deploy Cobalt Strike Beacon directly in memory. Initial access combines exploitation of internet-facing systems with fake installers, while execution chains rely on DLL side-loading, reflective loading, encrypted stages, and Perfect DLL Hijacking. Reported victims include government, diplomatic, and software targets across Asia, Europe, the Middle East, and Latin America.
The operational value is in low-noise post-compromise access. In-memory execution, signed binary abuse, process spoofing, event log interference, and frequent scheduled-task persistence compress detection time while enabling reconnaissance, credential theft, and Active Directory enumeration.
π°οΈ Open sources - closed narratives
@sitreports
π Avalon framework adds ransomware delivery to modular malware stack
A newly documented Avalon malware framework now includes capabilities tied to CrownX ransomware, combining payload delivery, persistence, and post-compromise execution inside a broader modular toolkit. The framework appears positioned to support multiple intrusion stages rather than a single-use payload.
The key significance is consolidation: ransomware functionality is being embedded into flexible malware infrastructure, reducing the gap between initial access and encryption. For defenders, this raises the value of detecting framework behavior early, before operators shift from foothold to disruptive monetization.
π°οΈ Open sources - closed narratives
@sitreports
A newly documented Avalon malware framework now includes capabilities tied to CrownX ransomware, combining payload delivery, persistence, and post-compromise execution inside a broader modular toolkit. The framework appears positioned to support multiple intrusion stages rather than a single-use payload.
The key significance is consolidation: ransomware functionality is being embedded into flexible malware infrastructure, reducing the gap between initial access and encryption. For defenders, this raises the value of detecting framework behavior early, before operators shift from foothold to disruptive monetization.
π°οΈ Open sources - closed narratives
@sitreports
π DOM Poisoning Expands the AI Agent Attack Surface
Zscaler ThreatLabz documented two campaigns using hidden prompt instructions in website DOM elements to manipulate AI agents. The observed sites combined SEO poisoning, JSON-LD metadata, off-screen CSS text, and typosquatting to feed malicious directives to scrapers and LLM-based tools, including payment instructions and false authority signals. The technique is outlined in DOM poisoning research published on 3 July.
The cases show that AI agents parsing web content can be steered by invisible page elements that do not affect human users. Operationally, this turns search ranking, structured metadata, and retrieval pipelines into a single attack chain against automated troubleshooting, coding, and DeFi-related workflows.
π°οΈ Open sources - closed narratives
@sitreports
Zscaler ThreatLabz documented two campaigns using hidden prompt instructions in website DOM elements to manipulate AI agents. The observed sites combined SEO poisoning, JSON-LD metadata, off-screen CSS text, and typosquatting to feed malicious directives to scrapers and LLM-based tools, including payment instructions and false authority signals. The technique is outlined in DOM poisoning research published on 3 July.
The cases show that AI agents parsing web content can be steered by invisible page elements that do not affect human users. Operationally, this turns search ranking, structured metadata, and retrieval pipelines into a single attack chain against automated troubleshooting, coding, and DeFi-related workflows.
π°οΈ Open sources - closed narratives
@sitreports
π€ JadePuffer shows end-to-end ransomware automation
Researchers tracking JadePuffer describe what they assess as the first documented ransomware intrusion run entirely by an LLM agent. The operation exploited CVE-2025-3248 in Langflow, harvested credentials, moved into Alibaba Nacos infrastructure, established persistence, and encrypted 1,342 configuration items using MySQL functions before dropping extortion tables.
The notable detail is not just automation, but adaptation: the agent reportedly adjusted payload logic after errors, retried failed steps with refined parameters, and completed lateral movement and encryption without a visible human operator. That lowers execution barriers while creating a distinct trail of machine-generated code and behavior defenders can baseline.
π°οΈ Open sources - closed narratives
@sitreports
Researchers tracking JadePuffer describe what they assess as the first documented ransomware intrusion run entirely by an LLM agent. The operation exploited CVE-2025-3248 in Langflow, harvested credentials, moved into Alibaba Nacos infrastructure, established persistence, and encrypted 1,342 configuration items using MySQL functions before dropping extortion tables.
The notable detail is not just automation, but adaptation: the agent reportedly adjusted payload logic after errors, retried failed steps with refined parameters, and completed lateral movement and encryption without a visible human operator. That lowers execution barriers while creating a distinct trail of machine-generated code and behavior defenders can baseline.
π°οΈ Open sources - closed narratives
@sitreports
π North Korean-linked PolinRider campaign pushed 108 malicious dev packages
Researchers tracked 108 malicious npm packages and browser extensions tied to the PolinRider campaign, attributed to North Korean operators. The packages targeted developers and cryptocurrency users, using supply-chain delivery to plant malware through software dependencies and extensions.
The scale matters operationally: 108 separate uploads increase discovery surface and persistence across ecosystems developers trust by default. This is a broad access operation aimed at credential theft and downstream compromise through routine package installation rather than direct intrusion.
π°οΈ Open sources - closed narratives
@sitreports
Researchers tracked 108 malicious npm packages and browser extensions tied to the PolinRider campaign, attributed to North Korean operators. The packages targeted developers and cryptocurrency users, using supply-chain delivery to plant malware through software dependencies and extensions.
The scale matters operationally: 108 separate uploads increase discovery surface and persistence across ecosystems developers trust by default. This is a broad access operation aimed at credential theft and downstream compromise through routine package installation rather than direct intrusion.
π°οΈ Open sources - closed narratives
@sitreports
π TimbreStealer delivered via trusted updater binaries
A targeted phishing campaign is using ZIP archives hosted on DigitalOcean IPs to deliver TimbreStealer through DLL side-loading with legitimate EdgeUpdate and GoogleUpdater binaries. Victims appear primarily to be companies in Mexico, with lures themed around invoicing and CFDI documents. The payload steals browser, mail, and cloud-synced data, while using RC4-based decryption, PEB/export parsing, and anti-analysis checks.
The tradecraft blends trusted executables with oversized malicious DLLs, geofencing, and runtime-only payload assembly, reducing static detection and complicating reverse engineering. Key indicators include updater-named DLLs around 45β50 MB, ZIP delivery from direct cloud IPs, and suspicious access to browser SQLite files.
π°οΈ Open sources - closed narratives
@sitreports
A targeted phishing campaign is using ZIP archives hosted on DigitalOcean IPs to deliver TimbreStealer through DLL side-loading with legitimate EdgeUpdate and GoogleUpdater binaries. Victims appear primarily to be companies in Mexico, with lures themed around invoicing and CFDI documents. The payload steals browser, mail, and cloud-synced data, while using RC4-based decryption, PEB/export parsing, and anti-analysis checks.
The tradecraft blends trusted executables with oversized malicious DLLs, geofencing, and runtime-only payload assembly, reducing static detection and complicating reverse engineering. Key indicators include updater-named DLLs around 45β50 MB, ZIP delivery from direct cloud IPs, and suspicious access to browser SQLite files.
π°οΈ Open sources - closed narratives
@sitreports
π CrownX embedded in Avalon hits backup and recovery paths
Researchers tracking Avalon describe a multi-stage framework delivering the CrownX ransomware via phishing, Proton Drive-hosted archives, and a mounted ISO with a fake PDF shortcut. The chain uses MSBuild and in-memory .NET loading, disables ETW and AMSI visibility, manually maps payloads, steals credentials, and later encrypts files while targeting VSS, shadow copies, WinRE, and restore settings.
Operationally, the combination of credential theft, lateral movement, anti-forensics, and recovery disruption in one framework compresses defender response time. Priority target sets included domain controllers, backup platforms, virtualization infrastructure, and other systems critical to restoration.
π°οΈ Open sources - closed narratives
@sitreports
Researchers tracking Avalon describe a multi-stage framework delivering the CrownX ransomware via phishing, Proton Drive-hosted archives, and a mounted ISO with a fake PDF shortcut. The chain uses MSBuild and in-memory .NET loading, disables ETW and AMSI visibility, manually maps payloads, steals credentials, and later encrypts files while targeting VSS, shadow copies, WinRE, and restore settings.
Operationally, the combination of credential theft, lateral movement, anti-forensics, and recovery disruption in one framework compresses defender response time. Priority target sets included domain controllers, backup platforms, virtualization infrastructure, and other systems critical to restoration.
π°οΈ Open sources - closed narratives
@sitreports
π BusySnake expands Windows infostealer tradecraft
BusySnake is a Python-based Windows infostealer linked in reporting to Armored Likho. It steals browser passwords and cookies, Telegram Desktop session data, clipboard contents, screenshots, OTP-related data, and cryptocurrency wallet files or keys. Delivery uses spear-phishing archives with NSIS droppers or weaponized LNK files, followed by staged loaders, embedded Python 3.12, and PyArmor-protected payloads.
The combination of Telegram session theft, browser credential extraction, and persistent C2 polling gives operators both immediate account access and flexible follow-on tasking. Defenders should treat infections as full credential and session compromise, especially where %APPDATA%-based Python runtimes, abnormal LNK chains, or scheduled VBScript launchers are present.
π°οΈ Open sources - closed narratives
@sitreports
BusySnake is a Python-based Windows infostealer linked in reporting to Armored Likho. It steals browser passwords and cookies, Telegram Desktop session data, clipboard contents, screenshots, OTP-related data, and cryptocurrency wallet files or keys. Delivery uses spear-phishing archives with NSIS droppers or weaponized LNK files, followed by staged loaders, embedded Python 3.12, and PyArmor-protected payloads.
The combination of Telegram session theft, browser credential extraction, and persistent C2 polling gives operators both immediate account access and flexible follow-on tasking. Defenders should treat infections as full credential and session compromise, especially where %APPDATA%-based Python runtimes, abnormal LNK chains, or scheduled VBScript launchers are present.
π°οΈ Open sources - closed narratives
@sitreports
π Attested TLS flaw cuts into confidential computing trust
New academic work and a published CVE show attested TLS can validate a genuine TEE while still relaying a client session to a different malicious endpoint. The issue, tracked as CVE-2026-33697, affects multiple intra-handshake attestation designs and was identified in production-linked implementations including Meta Private Processing, Edgeless Contrast, and Cocos AI versions 0.4.0-0.8.2.
Operationally, the finding undercuts a core assurance sold by confidential computing: proving the party at the other end of the connection. Standards bodies have acknowledged the relay class, while the research argues the strongest binding to application data may be unreachable in current intra-handshake designs.
π°οΈ Open sources - closed narratives
@sitreports
New academic work and a published CVE show attested TLS can validate a genuine TEE while still relaying a client session to a different malicious endpoint. The issue, tracked as CVE-2026-33697, affects multiple intra-handshake attestation designs and was identified in production-linked implementations including Meta Private Processing, Edgeless Contrast, and Cocos AI versions 0.4.0-0.8.2.
Operationally, the finding undercuts a core assurance sold by confidential computing: proving the party at the other end of the connection. Standards bodies have acknowledged the relay class, while the research argues the strongest binding to application data may be unreachable in current intra-handshake designs.
π°οΈ Open sources - closed narratives
@sitreports
π U.S. government entity paid $1 million in Kairos extortion case
A U.S. government entity paid $1 million to the Kairos group after a data-theft extortion incident, as detailed in The Hacker News report. The case centers on extortion tied to stolen data rather than disruption or encryption, underscoring the continued effectiveness of pure theft-based pressure operations.
The payment is significant because it shows a government target entering direct financial resolution in a data-leak scenario. Operationally, it highlights that exfiltration alone can generate strategic leverage even without a destructive network impact.
π°οΈ Open sources - closed narratives
@sitreports
A U.S. government entity paid $1 million to the Kairos group after a data-theft extortion incident, as detailed in The Hacker News report. The case centers on extortion tied to stolen data rather than disruption or encryption, underscoring the continued effectiveness of pure theft-based pressure operations.
The payment is significant because it shows a government target entering direct financial resolution in a data-leak scenario. Operationally, it highlights that exfiltration alone can generate strategic leverage even without a destructive network impact.
π°οΈ Open sources - closed narratives
@sitreports
π Verified X ads used in ClickFix-style macOS malware delivery
A sponsored post from a verified X account redirected users to a fake DynamicLake site and prompted them to paste a copied Terminal command, installing macOS malware including Atomic Stealer variants. The ad was later removed after Jamf alerted X and the account owner.
The case shows how paid placement, verification signals, and lookalike domains can be combined to bypass trust checks while keeping execution user-driven. For defenders, the key indicators are sponsored social lures, clipboard-based Terminal prompts, and brand impersonation tied to fake utility downloads.
π°οΈ Open sources - closed narratives
@sitreports
A sponsored post from a verified X account redirected users to a fake DynamicLake site and prompted them to paste a copied Terminal command, installing macOS malware including Atomic Stealer variants. The ad was later removed after Jamf alerted X and the account owner.
The case shows how paid placement, verification signals, and lookalike domains can be combined to bypass trust checks while keeping execution user-driven. For defenders, the key indicators are sponsored social lures, clipboard-based Terminal prompts, and brand impersonation tied to fake utility downloads.
π°οΈ Open sources - closed narratives
@sitreports
π Parrot 7.3 shifts focus to performance and launcher infrastructure
Parrot 7.3 has been released with an opt-in set of optimized builds for x86-64-v3 and ARMv8.2-A, targeting gains in compression, encryption, hashing, media encoding, and other compute-heavy workloads. The release also replaces older shell-based menu handling with two Go binaries, parrot-exec and launcher-updater, while adding official amd64 Vagrant boxes for Home and Security editions.
The update is notable less for new tools than for system-layer changes: higher CPU baselines for selected packages, reduced image bloat, and a faster on-demand launcher path for uninstalled applications. Compatibility-sensitive services remain on conservative baselines, preserving standard apt/dpkg behavior and update flow.
π°οΈ Open sources - closed narratives
@sitreports
Parrot 7.3 has been released with an opt-in set of optimized builds for x86-64-v3 and ARMv8.2-A, targeting gains in compression, encryption, hashing, media encoding, and other compute-heavy workloads. The release also replaces older shell-based menu handling with two Go binaries, parrot-exec and launcher-updater, while adding official amd64 Vagrant boxes for Home and Security editions.
The update is notable less for new tools than for system-layer changes: higher CPU baselines for selected packages, reduced image bloat, and a faster on-demand launcher path for uninstalled applications. Compatibility-sensitive services remain on conservative baselines, preserving standard apt/dpkg behavior and update flow.
π°οΈ Open sources - closed narratives
@sitreports
π MFA-optional banks keep a major access path exposed
A reported US fraud case saw attackers reuse compromised or recycled credentials to enter bank, retirement, and Gmail accounts, then hide alerts with mailbox filters and move roughly $30,000 before recovery. The broader issue outlined in MFA-optional banks is that several major institutions still leave multi-factor authentication disabled by default or optional.
Operationally, optional MFA creates a predictable weak point: attackers only need one password-based entry path, especially on web logins where app biometrics do not apply. Convenience-driven authentication policy directly expands account takeover risk and delays fraud visibility.
π°οΈ Open sources - closed narratives
@sitreports
A reported US fraud case saw attackers reuse compromised or recycled credentials to enter bank, retirement, and Gmail accounts, then hide alerts with mailbox filters and move roughly $30,000 before recovery. The broader issue outlined in MFA-optional banks is that several major institutions still leave multi-factor authentication disabled by default or optional.
Operationally, optional MFA creates a predictable weak point: attackers only need one password-based entry path, especially on web logins where app biometrics do not apply. Convenience-driven authentication policy directly expands account takeover risk and delays fraud visibility.
π°οΈ Open sources - closed narratives
@sitreports
π EY fires two staff over alleged access to Australian PM bank data
EY Australia has dismissed two staff accused of accessing bank account details linked to Prime Minister Anthony Albanese while working on a Commonwealth Bank contract. The bank has not explained how contractors were able to reach such sensitive records. The case was outlined in EY Australia coverage published 6 July.
The incident adds another data-handling failure to Australiaβs major consultancy sector. Operationally, it highlights the exposure created when external contractors are embedded inside financial workflows with access paths to high-value personal and political data.
π°οΈ Open sources - closed narratives
@sitreports
EY Australia has dismissed two staff accused of accessing bank account details linked to Prime Minister Anthony Albanese while working on a Commonwealth Bank contract. The bank has not explained how contractors were able to reach such sensitive records. The case was outlined in EY Australia coverage published 6 July.
The incident adds another data-handling failure to Australiaβs major consultancy sector. Operationally, it highlights the exposure created when external contractors are embedded inside financial workflows with access paths to high-value personal and political data.
π°οΈ Open sources - closed narratives
@sitreports
π€ Flipper Zero shifts firmware model to community-led maintenance
Flipper Devices says Flipper Zero firmware will continue to be maintained, but full-time feature development has ended. The company says the codebase reached maturity after the 1.0 release in 2024 and stable version 1.4.3 in December 2025. Requests will be reviewed weekly through GitHub Discussions, with stricter pull-request checks and mandatory integration and regression testing.
The move formalizes a narrower core-team role: oversight, review, and quality control rather than active expansion. It also centralizes user demand into a vote-based workflow, reducing direct support load while keeping the firmware operational as the company shifts resources to new hardware.
π°οΈ Open sources - closed narratives
@sitreports
Flipper Devices says Flipper Zero firmware will continue to be maintained, but full-time feature development has ended. The company says the codebase reached maturity after the 1.0 release in 2024 and stable version 1.4.3 in December 2025. Requests will be reviewed weekly through GitHub Discussions, with stricter pull-request checks and mandatory integration and regression testing.
The move formalizes a narrower core-team role: oversight, review, and quality control rather than active expansion. It also centralizes user demand into a vote-based workflow, reducing direct support load while keeping the firmware operational as the company shifts resources to new hardware.
π°οΈ Open sources - closed narratives
@sitreports