Trending Topics

RansomHouse Claims Trellix Source Code Breach, Raising New Supply Chain Concerns

Trellix has confirmed that an unauthorized party gained access to a portion of its source code repository, and the RansomHouse extortion group has now publicly claimed responsibility for the intrusion. The company says it is investigating with outside forensic experts and has notified law enforcement, while emphasizing that it has found no evidence so far that its source code release or distribution process was affected or that the accessed code has been exploited. Even so, when a major cybersecurity vendor suffers a source code compromise, the concern extends well beyond the victim itself, as attackers may gain insight into product internals, security logic, and potential downstream supply chain opportunities. RansomHouse’s claim appears to be more than empty noise. SecurityWeek reports that the group published screenshots allegedly showing access to internal Trellix services, which strengthens the likelihood that the intrusion was real, even if the full extent of data access remains unclear. Trellix, which serves more than 50,000 business and government customers, has not disclosed whether customer data, internal credentials, or proprietary tooling beyond source code were also exposed, and that uncertainty is fueling concern across the broader enterprise security market. The incident also falls within a broader pattern of attacks against security vendors and developer environments, following recent compromises involving Checkmarx, Cisco, and other firms whose internal code or CI/CD environments were targeted by threat actors seeking to gain leverage across software ecosystems. There is no public evidence yet that Trellix software updates were tampered with or that malicious code reached customer environments, but organizations using Trellix products should still monitor vendor communications closely, validate software provenance, and keep an eye out for follow-on disclosures about affected repositories, credentials, or build infrastructure. More broadly, this breach is a reminder that security companies themselves are prime targets in the supply chain, precisely because their code, infrastructure, and trust relationships can yield attackers outsized returns. In practical terms, every organization should treat vendor compromise as part of its threat model, with stronger validation of software releases, tighter third-party risk monitoring, and incident response plans that assume even trusted security providers can become part of the attack surface.

PAM Backdoors Are Becoming a Dangerous Stealth Layer in Linux Intrusions

A growing class of Linux malware is abusing Pluggable Authentication Modules (PAM) to turn the operating system’s own login framework into a stealthy persistence and credential theft mechanism. Recent reporting on the Quasar Linux (QLNX) implant shows how attackers are combining PAM backdoors with rootkits, keylogging, and remote access to create long-lived footholds that are hard for defenders to spot with traditional tools. Because PAM sits directly in the authentication path for services like SSH and local logins, any compromise at that layer can let attackers capture passwords, maintain hidden access, or bypass authentication controls even after credentials are changed. What makes this technique so dangerous is that it hides inside trusted core system components. Trend Micro’s analysis says QLNX embeds source code for its PAM backdoor and related rootkit components directly inside the malware, giving operators a modular way to alter authentication flows and remain active on compromised systems for extended periods. Researchers also note that these implants often target developer workstations and software supply chain environments, where stealing SSH keys, cloud tokens, and authentication material can lead to broader compromises well beyond the original Linux host. This is part of a wider trend in Linux threats, where attackers are no longer settling for noisy web shells or simple cron persistence and are instead moving deeper into native trust boundaries to survive reboots, password resets, and casual forensic review. For defenders, PAM tampering should be treated as a high-severity indicator of compromise. Security teams need to monitor the integrity of PAM configuration files and shared libraries, restrict changes to authentication components, and baseline which PAM modules are expected on critical servers and developer endpoints. It is equally important to watch for unusual login behavior, unexpected credential prompts, new persistence artifacts, and signs of companion rootkit activity, because a PAM backdoor rarely operates in isolation. More broadly, this threat highlights a hard truth for Linux security: when attackers can quietly subvert the authentication layer itself, routine login success may no longer mean the system can be trusted.

Modular Windows RAT Campaign Uses ClickFix Lures and MaaS Backend to Target Crypto and Enterprise Users

A newly exposed modular Windows RAT campaign is using social engineering lures branded as “ClickFix” updates and support tools to deliver a Node[.]js-based remote-access trojan sold as malware-as-a-service. The operation, analyzed by Netskope Threat Labs, relies on malicious MSI installers and fake troubleshooting utilities to trick users into running a Windows payload that contains only a lightweight Node.js loader; the real malicious logic arrives later as in-memory JavaScript modules streamed from the command-and-control server. Instead of bundling all capabilities into a static executable, the RAT uses a modular framework that delivers features like credential theft, clipboard monitoring, and file exfiltration on demand, significantly reducing the footprint available for static detection and allowing operators to tailor functionality per victim. Under the hood, the C2 infrastructure is both sophisticated and clearly commercialized. The malware communicates with its backend over bidirectional gRPC streams tunneled through the Tor network, obscuring the operator's infrastructure and making network-based attribution difficult. The admin and support proto files uncovered by researchers reveal a full-featured, multi-tenant management panel with role-based operator accounts, campaign tags, Telegram notifications for new infections, and powerful victim filtering by geography, cryptocurrency wallet presence, and other attributes, confirming this is a MaaS platform rather than a one-off tool. Built-in wallet-tracking and external balance-checking modules indicate that crypto theft is a core business goal, with the RAT supporting both classic remote-control tasks and focused harvesting of wallet extensions and desktop wallet data from compromised machines. For defenders, this campaign illustrates how RAT operations are blending modular architectures, in-memory execution, and professionalized backends to evade traditional controls. Security teams should treat MSI installers and “support” tools from unvetted sources as high risk, tighten application control policies, and monitor for unexpected Node[.]js processes and outbound gRPC over anonymizing networks like Tor from user endpoints. Behavioral detections that look for JavaScript execution in Node VMs initiated by unknown binaries, unusual clipboard and browser extension enumeration, and sudden interest in wallet files can help surface this class of threat even when static signatures fail. Finally, organizations with meaningful cryptocurrency exposure should assume they are prime targets for modular RAT campaigns and ensure that wallet access is tightly segmented.

ClaudeBleed Shows How One Weak Browser Trust Boundary Can Turn an AI Assistant Against the User

A newly disclosed flaw dubbed ClaudeBleed reveals how Anthropic’s “Claude in Chrome” extension could be hijacked by another browser extension and turned into an attacker-controlled agent. Researchers at LayerX found that even a malicious Chrome extension with zero declared permissions could inject instructions into Claude’s trusted messaging flow, allowing it to read sensitive data and perform actions on behalf of the user. In practical terms, this breaks the normal security model users expect from Chrome extensions, because the malicious add-on does not need direct access to Gmail, Google Drive, or GitHub if it can simply co-opt Claude, which already has that access. The issue stems from how the Claude extension trusts messages coming from the claude[.]ai origin without properly verifying who actually sent them. LayerX says that weak message authentication, origin-based trust assumptions, and poor consent binding meant a rogue extension could impersonate trusted Claude components and issue prompts as if they came from the user or Anthropic itself. Researchers demonstrated that this could be used to make Claude open private files in Google Drive, share documents with external users, access emails and repositories, and otherwise carry out browser actions that looked legitimate because the requests were executed through the AI assistant’s own privileged workflow. This follows earlier 2026 research, such as ShadowPrompt, which showed that websites could inject prompts into Claude via a separate trust flaw, suggesting a broader pattern in which browser-based AI agents can become powerful attack brokers when their trust boundaries are too loose. The larger lesson is not just about Claude, but about how AI assistants are expanding the blast radius of ordinary browser security mistakes. When an extension can read pages, execute actions, and bridge services on a user’s behalf, weak isolation no longer leads only to data exposure; it can also enable autonomous cross-application abuse. Anthropic reportedly acknowledged the issue as a duplicate and said a fix removing the affected message handler was already merged for an upcoming release, but the case still highlights a major design challenge for AI-integrated browser tools: permissions, consent, and identity checks must be enforced with the same rigor as any other high-privilege agent. For users and organizations, the immediate steps are to keep Claude-related extensions fully up to date, minimize the overall number of installed browser extensions, and treat AI browser assistants as privileged software that deserves close review before being allowed to interact with email, cloud drives, source code, or internal business systems.

Qilin’s Dominance Signals a More Crowded, More Aggressive Ransomware Market in 2026

Qilin has emerged as one of the defining ransomware threats of 2026, with multiple tracking sources showing it consistently at or near the top of global victim volume charts. Ransom-DB’s reporting, along with independent threat intelligence from BreachSense, Arete, ReliaQuest, and Computer Weekly, paints the same picture: Qilin has maintained an unusually high tempo across months, outpacing many rivals even as the wider extortion ecosystem grows more fragmented and noisy. This matters because sustained dominance is harder than a single spike, and Qilin appears to have both the affiliate depth and operational infrastructure to keep pressure on organizations across sectors and geographies. The broader ransomware landscape in 2026 is not simply “Qilin on top”; it is Qilin on top in a market that is simultaneously decentralizing and harder to measure. Analysts note that there are now dozens of active extortion groups, that affiliates increasingly work across multiple brands, and that some leak-site claims are inflated or strategically misleading, all of which complicates accurate counting and attribution. Even so, the consensus is clear that Qilin remains one of the most prolific operations, while groups like Akira, DragonForce, INC Ransom, and newer entrants continue to keep overall incident volume elevated rather than consolidating around a single dominant cartel. In other words, Qilin’s rise is not a sign of market stability; it indicates that a mature ransomware-as-a-service actor can thrive within a chaotic, highly competitive criminal ecosystem. For defenders, the implication is that ransomware preparedness in 2026 must focus on repeatable resilience rather than just actor-specific fear. Qilin’s success has been tied to common but effective tradecraft such as valid account abuse, exploitation of exposed remote access technologies, affiliate-driven scale, and techniques like BYOVD to disable endpoint protections before encryption or extortion. At the same time, public victim counts do not necessarily reflect profitability, and some reporting suggests Qilin may convert fewer extortion attempts into payments than more targeted crews, suggesting its model favors breadth, pressure, and scale over selectivity. The practical takeaway is that organizations need layered defenses that hold up against both mass affiliate activity and more tailored follow-on attacks: hardening VPN and edge services, tightening identity controls, monitoring for early signs of lateral movement and driver abuse, and validating backups and recovery workflows before a leak-site post turns an intrusion into a full business crisis.