Trending Topics

RansomHouse Claims Trellix Source Code Breach, Raising New Supply Chain Concerns

Trellix has confirmed that an unauthorized party gained access to a portion of its source code repository. The RansomHouse extortion group has publicly claimed responsibility for the intrusion. The company says it is investigating with outside forensic experts and has notified law enforcement, while emphasizing that it has found no evidence its source code release or distribution process was affected, or that the accessed code has been exploited.

Even so, when a major cybersecurity vendor suffers a source code compromise, the concern extends well beyond the victim. Attackers may gain insight into product internals, security logic, and potential downstream supply chain opportunities.

RansomHouse's claim appears to be more than empty noise. SecurityWeek reports that the group published screenshots allegedly showing access to internal Trellix services, which strengthens the likelihood that the intrusion was real - even if the full extent of data access remains unclear. Trellix, which serves more than 50,000 business and government customers, has not disclosed whether customer data, internal credentials, or proprietary tooling beyond source code were also exposed. That uncertainty is fueling concern across the broader enterprise security market.

The incident falls within a broader pattern of attacks against security vendors and developer environments, following recent compromises involving Checkmarx, Cisco, and other firms whose internal code or CI/CD environments were targeted by threat actors seeking to gain leverage across software ecosystems.

There is no public evidence yet that Trellix software updates were tampered with or that malicious code reached customer environments. That said, organizations using Trellix products should monitor vendor communications closely, validate software provenance, and watch for follow-on disclosures about affected repositories, credentials, or build infrastructure.

More broadly, this breach is a reminder that security companies themselves are prime targets in the supply chain - precisely because their code, infrastructure, and trust relationships can yield attackers outsized returns. Every organization should treat vendor compromise as part of its threat model, with stronger validation of software releases, tighter third-party risk monitoring, and incident response plans that assume even trusted security providers can become part of the attack surface.

PAM Backdoors Are Becoming a Dangerous Stealth Layer in Linux Intrusions

A growing class of Linux malware is abusing Pluggable Authentication Modules (PAM) to turn the operating system's own login framework into a stealthy persistence and credential theft mechanism. Recent reporting on the Quasar Linux (QLNX) implant shows how attackers are combining PAM backdoors with rootkits, keylogging, and remote access to create long-lived footholds that are hard to spot with traditional tools.

Because PAM sits directly in the authentication path for services like SSH and local logins, any compromise at that layer can let attackers capture passwords, maintain hidden access, or bypass authentication controls - even after credentials are changed. What makes this technique particularly dangerous is that it hides inside trusted core system components.

Trend Micro's analysis shows that QLNX embeds source code for its PAM backdoor and related rootkit components directly inside the malware, giving operators a modular way to alter authentication flows and remain active on compromised systems for extended periods. Researchers also note that these implants frequently target developer workstations and software supply chain environments, where stealing SSH keys, cloud tokens, and authentication material can lead to broader compromises well beyond the original Linux host.

This is part of a wider shift in Linux threats. Attackers are no longer settling for noisy web shells or simple cron persistence. They are moving deeper into native trust boundaries to survive reboots, password resets, and casual forensic review.

For defenders, PAM tampering should be treated as a high-severity indicator of compromise. Security teams need to monitor the integrity of PAM configuration files and shared libraries, restrict changes to authentication components, and baseline which PAM modules are expected on critical servers and developer endpoints. It is equally important to watch for unusual login behavior, unexpected credential prompts, new persistence artifacts, and signs of companion rootkit activity - because a PAM backdoor rarely operates in isolation.

The harder truth here is this: when attackers can quietly subvert the authentication layer itself, a successful login is no longer proof that the system can be trusted.

Modular Windows RAT Campaign Uses ClickFix Lures and MaaS Backend to Target Crypto and Enterprise Users

A newly exposed modular Windows RAT campaign is using social engineering lures branded as "ClickFix" updates and support tools to deliver a Node.js-based remote-access trojan sold as malware-as-a-service. The operation, analyzed by Netskope Threat Labs, relies on malicious MSI installers and fake troubleshooting utilities to trick users into running a Windows payload that contains only a lightweight Node.js loader - the real malicious logic arrives later as in-memory JavaScript modules streamed from the command-and-control server.

Instead of bundling all capabilities into a static executable, the RAT uses a modular framework that delivers features like credential theft, clipboard monitoring, and file exfiltration on demand. This significantly reduces the footprint available for static detection and allows operators to tailor functionality per victim.

The C2 infrastructure is both sophisticated and clearly commercialized. The malware communicates with its backend over bidirectional gRPC streams tunneled through the Tor network, obscuring operator infrastructure and making network-based attribution difficult. Admin and support proto files uncovered by researchers reveal a full-featured, multi-tenant management panel with role-based operator accounts, campaign tags, Telegram notifications for new infections, and victim filtering by geography, cryptocurrency wallet presence, and other attributes. This is a MaaS platform, not a one-off tool.

Built-in wallet-tracking and external balance-checking modules confirm that crypto theft is a core business objective, with the RAT supporting both classic remote-control tasks and focused harvesting of wallet extensions and desktop wallet data from compromised machines.

For defenders, this campaign is a clear illustration of how RAT operations are blending modular architectures, in-memory execution, and professionalized backends to evade traditional controls. Security teams should treat MSI installers and "support" tools from unvetted sources as high risk, tighten application control policies, and monitor for unexpected Node.js processes and outbound gRPC over anonymizing networks from user endpoints. Behavioral detections that look for JavaScript execution in Node VMs initiated by unknown binaries, unusual clipboard and browser extension enumeration, and unexpected interest in wallet files can help surface this class of threat even when static signatures fail.

Organizations with meaningful cryptocurrency exposure should assume they are prime targets for modular RAT campaigns. Wallet access needs to be tightly segmented - not as a precaution, but as a baseline.

ClaudeBleed Shows How One Weak Browser Trust Boundary Can Turn an AI Assistant Against the User

A newly disclosed flaw dubbed "ClaudeBleed" reveals how Anthropic's Claude in Chrome extension could be hijacked by another browser extension and turned into an attacker-controlled agent. Researchers at LayerX found that even a malicious Chrome extension with zero declared permissions could inject instructions into Claude's trusted messaging flow, allowing it to read sensitive data and perform actions on behalf of the user.

In practical terms, this breaks the security model users expect from browser extensions. A malicious add-on does not need direct access to Gmail, Google Drive, or GitHub if it can simply co-opt Claude, which already has that access.

The flaw stems from how the Claude extension trusts messages coming from the claude.ai origin without properly verifying who sent them. LayerX identified weak message authentication, origin-based trust assumptions, and poor consent binding as the core issues - each allowing a rogue extension to impersonate trusted Claude components and issue prompts as if they came from the user or Anthropic itself. Researchers demonstrated the attack in practice, showing Claude could be directed to open private files in Google Drive, share documents with external parties, access emails and repositories, and carry out browser actions that appeared legitimate because they ran through the AI assistant's own privileged workflow.

This follows earlier 2026 research, including ShadowPrompt, which showed that websites could inject prompts into Claude via a separate trust flaw. The pattern is becoming hard to ignore: browser-based AI agents can become powerful attack brokers when their trust boundaries are too loose.

The larger lesson extends well beyond Claude. When an extension can read pages, execute actions, and bridge services on a user's behalf, weak isolation no longer leads only to data exposure - it enables autonomous cross-application abuse. Anthropic reportedly acknowledged the issue as a duplicate and confirmed that a fix removing the affected message handler had already been merged for an upcoming release, but the incident still surfaces a fundamental design challenge for AI-integrated browser tools: permissions, consent, and identity verification must be enforced with the same rigor applied to any other high-privilege agent.

For users and organizations, the immediate steps are to keep Claude-related extensions fully up to date, minimize the total number of installed browser extensions, and treat AI browser assistants as privileged software that deserves close review before being granted access to email, cloud storage, source code, or internal business systems.

Qilin’s Dominance Signals a More Crowded, More Aggressive Ransomware Market in 2026

Qilin has emerged as one of the defining ransomware threats of 2026, with multiple tracking sources placing it consistently at or near the top of global victim volume charts. Reporting from Ransom-DB, alongside independent threat intelligence from BreachSense, Arete, ReliaQuest, and Computer Weekly, tells the same story: Qilin has maintained an unusually high tempo across months, outpacing many rivals even as the wider extortion ecosystem grows more fragmented and noisy.

That sustained dominance matters more than a single spike would. Qilin appears to have both the affiliate depth and operational infrastructure to keep pressure on organizations across sectors and geographies - not just in bursts, but consistently.

The broader ransomware landscape in 2026 is not simply "Qilin on top." It is Qilin on top within a market that is simultaneously decentralizing and harder to measure. Analysts note that dozens of active extortion groups now operate in parallel, that affiliates increasingly work across multiple brands, and that some leak-site claims are inflated or strategically misleading. All of that complicates accurate counting and attribution. Even so, the consensus is clear: Qilin remains one of the most prolific operations, while groups like Akira, DragonForce, INC Ransom, and newer entrants keep overall incident volume elevated rather than allowing consolidation around a single dominant cartel.

Qilin's rise is not a sign of market stability. It indicates that a mature ransomware-as-a-service operation can thrive inside a chaotic, highly competitive criminal ecosystem.

For defenders, the implication is that ransomware preparedness in 2026 must be built around repeatable resilience rather than actor-specific intelligence. Qilin's success has relied on common but effective tradecraft: valid account abuse, exploitation of exposed remote access technologies, affiliate-driven scale, and BYOVD techniques to disable endpoint protections ahead of encryption or extortion. It is also worth noting that public victim counts do not necessarily reflect profitability. Some reporting suggests Qilin may convert fewer extortion attempts into payments than more targeted crews, pointing to a model that favors breadth, pressure, and scale over selectivity.

The practical takeaway is that organizations need layered defenses capable of holding up against both mass affiliate activity and more tailored follow-on attacks. That means hardening VPN and edge services, tightening identity controls, monitoring for early signs of lateral movement and driver abuse, and validating backup and recovery workflows before a leak-site post turns an intrusion into a full business crisis.