Sign in Subscribe

InfoSec News 01APR2026

General

  • Another major package has been compromised - the Axios library, very widely used for HTTP requests in JavaScript. According to The Record and The Register, Google Threat Intelligence Group is attributing the attack to North Korea. Elastic Security has also called out links to UNC1069 (North Korean), based upon the macOS binary being dropped.
A supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including axios@1.14.1 and axios@0.30.4.
The latest version pulls in plain-crypto-js@4.2.1, a package that Socket has confirmed as malicious. Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan (RAT) capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines.
Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, with 100 million weekly downloads on npm and adoption across frontend frameworks, backend services, and enterprise applications.
The macOS Mach-O binary delivered by the plain-crypto-js postinstall hook exhibits significant overlap with WAVESHAPER, a C++ backdoor tracked by Mandiant and attributed to UNC1069, a DPRK-linked threat cluster.
Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069.
The attackers used the malicious GitHub Action to steal credentials and data from the company's build and development environment, impacting dozens of devices, including some developer and lab workstations.
...
As part of the breach, multiple AWS keys were reportedly stolen and later used to perform unauthorized activities across a small number of Cisco AWS accounts. Cisco has isolated affected systems, begun reimaging them, and is performing wide-scale credential rotation.
...
Cisco's breach was caused by this month's Trivy vulnerability scanner supply chain attack, in which threat actors compromised the project's GitHub pipeline to distribute credential-stealing malware through official releases and GitHub Actions.
That attack enabled the theft of CI/CD credentials from organizations using the tool, giving attackers access to thousands of internal build environments.
Advertisements for Leak Bazaar are appearing across multiple criminal forums on the dark web, with the service soliciting customers and affiliates. As described in a recent blog by cybersecurity company Flare, it pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation.
Like a legitimate data processing enterprise, Leak Bazaar’s goal is to take vast, messy datasets stolen in cyberattacks and turn them into structured, searchable intelligence that can be sold or used for extortion.
...
For now, the concept remains largely unproven. Harper said the real test will come when the service produces its first demonstrable case, showing not just that data can be processed, but that doing so leads to meaningful returns.
...
Until that point, Leak Bazaar heralds ongoing experimentation in the cybercrime ecosystem, even if the factors driving the current cybercrime economy don’t suggest a major need to maximize returns from data stolen in extortion attempts.
Snow does not describe the platform as a place to simply host stolen archives. He describes a server cluster built for “deep analytics” of large corporate dumps, with an emphasis on filtering, parsing, and extraction. The language around automated removal of system debris, ML-assisted text analysis, database reverse engineering, ERP parsing, and analyst validation is doing more than advertising technical sophistication. It is trying to reassure both suppliers and buyers that the platform can solve the most frustrating part of data theft, which is that a large percentage of exfiltrated material is too noisy, too unstructured, or too cumbersome to use without additional labor.
That part of the pitch deserves attention because it suggests Snow understands that the real bottleneck is often not collection, but refinement. Many actors can steal hundreds of gigabytes or several terabytes from a target. Fewer can turn that material into something a buyer actually wants. Groups like Anubis, for example, write extensive “investigative journalistic pieces” on their victims after sorting through the datasets.
If you think you’ve blocked NTLMv1 in your organization, think again. Silverfort’s research team recently discovered that attackers bypass the Group Policy designed to disable NTLMv1, allowing insecure authentications to persist in Active Directory environments.
...
Many organizations attempted to solve the NTLMv1 problem with an Active Directory Group Policy. However, we discovered that this policy is flawed and allows NLTMv1 authentications to persist, creating a false sense of protection and leaving organizations exposed.
...Microsoft’s Group Policy mechanism is designed to disable NTLMv1 authentications. By setting the LMCompatibilityLevel registry key, administrators expect Domain Controllers to reject NTLMv1 traffic and require NTLMv2 or Kerberos instead. On paper, this should eliminate NTLMv1 from Active Directory environments.
But Silverfort’s research team discovered that this protection isn’t absolute. During our analysis, we identified a flaw that allows applications to bypass the Group Policy and continue sending NTLMv1 authentication requests.
...The enforcement of NTLM policies depends on the Netlogon Remote Protocol (MS-NRPC), which application servers use to validate NTLM messages with Domain Controllers. A key structure in this process, NETLOGON_LOGON_IDENTITY_INFO, contains a field called ParameterControl.
Inside this field is a flag that explicitly allows NTLMv1 authentication – even if the Group Policy is configured to block it. In other words, the control is only as strong as the applications that honor it.
Employees across the United States, India, Canada, Mexico, and other countries received termination emails from “Oracle Leadership” at approximately 6 a.m. local time, with no prior warning from HR or their direct managers.
The emails informed employees that their roles had been eliminated as part of a broader organisational change, and that the day of the email was their final working day. Access to company systems was cut immediately.
Oracle has not confirmed the total number of people affected, but investment bank TD Cowen has estimated the cuts will hit between 20,000 and 30,000 employees, roughly 18% of Oracle’s global workforce of approximately 162,000 people.
...
The financial logic behind the cuts is not hard to follow. Oracle has committed to an aggressive AI infrastructure buildout that requires an estimated $156 billion in capital spending, according to TD Cowen.
...
TD Cowen estimates the workforce reductions will free up $8-10 billion in cash flow.
...
The contradiction at the heart of the Oracle story is stark. The company posted a 95% jump in net income last quarter, reaching $6.13 billion, and its remaining performance obligations, a measure of contracted future revenue, stood at $523 billion, up 433% year over year.
This is not a company in revenue distress. It is a company making a capital-intensive bet on AI infrastructure that its current balance sheet cannot comfortably sustain, and eliminating tens of thousands of employees to close the gap.

Getting Techy

  • Open Source Malware took a look at an open directory, that appears to be tied to TeamPCP (who have been on a supply chain rampage recently, including Trivy). The files there deliver the PureHVNC Remote Access Trojan (RAT). As expected, one of the key functions is credential theft.
I deobfuscated and analyzed the three files from the Ubuntu box, and I confirmed it was a multi-stage information-stealer that appeard to deliver the PureHVNC remote access trojan (RAT). The infection chain is heavily obfuscated, using four distinct layers of encoding/encryption, and it leans on PowerShell early on—masquerading as an audio file.
This last bit, the fake audio file technique, importantly matches the audio steganography payload that TeamPCP used in their attack on the telnyx PyPI package.
...
In dynamic analysis, I saw meaningful exfiltration: the malware pulled down roughly 616 KB of commands/modules and pushed back about 65 KB of stolen data. The collection behavior focused on browser credentials, cryptocurrency wallets, and VPN configuration artifacts, and it also established persistent remote access via hidden VNC.

Geo-Politics

  • Chainalysis provide a view on crypto-currency funding for Russia's (and Iran's) war effort.
Pro-Russia volunteer groups have successfully raised millions in crypto across various blockchains to purchase UAVs and associated components from global e-commerce platforms.
Analysis of sanctioned manufacturers like KB Vostok reveals how blockchain data can shed light on nation-state buyers of interest. In particular, analysis of transactional patterns can empower investigators to identify unit sales and gain insight into state-adjacent supply chains.
Comprehensively sanctioned states, such as Iran, are using cryptocurrency to advertise and procure strategic military hardware to further ‘sanctions-proof’ arms acquisitions.
...
Beginning in the early months of Russia’s full-scale invasion of Ukraine in 2022, we identified dozens of pro-Russia volunteer and paramilitary organizations soliciting cryptocurrency donations for military equipment. Together, these groups raised over $8.3 million in cryptoassets. Drones were among the explicitly itemized purchases.
...
A January 2026 Financial Times investigation found that Iran’s Ministry of Defense Export Center (Mindex) was publicly advertising advanced weapons — including Shahed drones, ballistic missiles, and warships — for sale to foreign governments with cryptocurrency as an accepted payment method
Check Point Research (CPR) has been tracking an ongoing password-spraying campaign targeting Microsoft 365 environments across the Middle East, conducted by an Iran-linked threat actor. The campaign was carried out in three distinct waves of attacks, which took place on March 3, March 13, and March 23
...
The activity primarily targeted municipalities, which play a critical role in responding to missile-related physical damage. Also, we observe some correlation between the targets of this campaign to cities that were targeted by missile attacks from Iran during March. This suggests the campaign was likely intended to support kinetic operations and Bombing Damage Assessment (BDA) efforts
...
Unlike common brute-force attacks, password spraying targets multiple accounts with the same set of weak or commonly used passwords. The technique is based on the assumption that at least one user will have weak credentials. In this campaign, the attackers used multiple source IP addresses to target numerous accounts, making detection based on atomic indicators such as IPs more difficult.
...
Check Point Research assesses with moderate confidence that the actor behind the M365 password-spray activity originates from Iran. This assessment is based on the activity profile’s alignment with Iranian interests, including targeting of Israeli local government entities and organizations in the satellite, aviation, energy, and maritime sectors.

Privacy

  • A brief discussion of Apple's approach to Camera/Microphone indicator lights, on the MacBook Neo.
Some camera-equipped Apple devices have dedicated camera indicator lights. E.g. recent MacBook Pros and MacBook Airs have them in the notch, next to the camera itself. The Studio Display has one in the bezel, next to its camera. Other devices — like iPhones and, now, the MacBook Neo — render a green indicator dot on the device’s display. One might presume that the dedicated indicator lights are significantly more secure than the rendered-on-display indicators. I myself made this presumption in the initial version of my MacBook Neo review last week. This presumption is, I believe, wrong.

AI

  • Locking down the access/permissions for agents is going to be a tough problem to solve - real compromises will need to be made between risk and functionality. Even the big organisations can make mistakes.
But what if the AI agent you just deployed was secretly working against you? As we delegate more tasks and grant more permissions to AI agents, they become a prime target for attackers. A misconfigured or compromised agent can become a “double agent” that appears to serve its intended purpose, while secretly exfiltrating sensitive data, compromising infrastructure, and creating backdoors into an organization's most critical systems.
Our research examines how a deployed AI agent in the Google Cloud Platform (GCP) Vertex AI Agent Engine could potentially be weaponized by an attacker. By exploiting a significant risk in default permission scoping and compromising a single service agent, we reveal how the Vertex AI permission model can be misused, leading to unintended consequences.
...
Our findings provide valuable insights into the inner workings of the Vertex AI platform and demonstrate how an AI agent could be weaponized to compromise an entire GCP environment.
...
Having compromised the consumer environment, we turned our attention to the producer environment. The producer project is the Google‑managed project that hosts the underlying service – in this case, Vertex AI. We discovered that the stolen P4SA credentials also granted access to restricted, Google-owned Artifact Registry repositories
...
Our initial analysis of the AI agent's deployment environment revealed that the OAuth 2.0 scopes were far too permissive. OAuth scopes define the level of access that a token grants to specific Google APIs. Overly broad scopes can significantly expand the impact radius if those tokens are compromised. The scopes set by default on the Agent Engine could potentially extend access beyond the GCP environment and into an organization's Google Workspace, including services such as Gmail, Google Calendar and Google Drive.
Limiting OAuth scopes is a critical security control, particularly in environments where tokens may be exposed or abused. While identity and access management (IAM) provides granular authorization by principal and resource, OAuth scopes introduce an additional layer of access control at the API level. When configured too broadly, they can effectively bypass the principle of least privilege and increase the risk of cross-service access.
A year ago, about 5% of Trail of Bits was on board with our AI initiative. The other 95% ranged from passively skeptical to actively resistant. Today we have 94 plugins, 201 skills, 84 specialized agents, and on the right engagements, AI-augmented auditors finding 200 bugs a week. This post is the playbook for how we got there.
...
AI works. Most companies are using it wrong. They give people tools without changing the system. That’s the gap between AI-assisted and AI-native. One is a tool, the other is an operating system.
...
We designed the system around the resistance, not against it.
...
we made adoption visible and fast. Deferred benefits kill adoption. If setup takes an hour and the first result is mediocre, you’ve confirmed every skeptic’s priors. Copy-pasteable configs, one-command setup, standardized toolchain, all designed so the first experience is fast and good. And the CEO going first matters more than people think. The passive 50% watches what leadership actually does, not what it says.
...
If you want to copy this, copy the system, not the specific tools:
Standardize on one agent workflow you can support
Write an AI Handbook so risk decisions aren’t ad hoc
Create a capability ladder so improvement is expected
Run short adoption sprints that force hands-on usage
Capture everything as reusable artifacts: skills + configs + curated supply chain
Make autonomy safe with sandboxing + guardrails + hardened defaults
That’s what we’ve done so far, and it’s already changed how fast we can ship and how quickly we can adapt.

Just For Fun

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe