ARC Intelligence Portal Breach Compromises CIA-Linked Contractor Data
The Acquisition Research Center (ARC), a key contracting portal used by the CIA and other U.S. intelligence agencies, was recently breached by unidentified hackers, resulting in the exposure of sensitive data tied to multiple high-level intelligence initiatives. Operated by the National Reconnaissance Office, the ARC platform facilitates submissions from private-sector vendors competing for government contracts involving surveillance, intelligence collection, and national defense technology. While the platform itself is unclassified, it routinely handles proprietary and pre-classified data that informs the development of classified programs. Among the compromised information is content related to Digital Hammer. This tightly controlled CIA initiative supports the creation of advanced tools for human intelligence, countersurveillance, and real-time behavioral analysis. The attackers reportedly gained access to personal details, technical schematics, and innovative capabilities submitted by contractors seeking to work on or currently supporting Digital Hammer. Digital Hammer focuses on emerging technologies designed to support covert intelligence activities, including miniaturized sensors, embedded surveillance devices, communications platforms, and artificial intelligence tools used for data extraction and analysis. The breach potentially exposed early-stage research and vendor proposals that are critical to maintaining operational advantages in intelligence collection. Although no classified systems were directly breached, the material exposed through ARC offers a window into the technological direction and priorities of the CIA’s future capabilities. Officials have notified affected vendors and are working to identify the full scope of the compromise. The use of an unclassified portal to manage sensitive acquisition efforts has drawn internal criticism, with experts warning that the platform’s structure created an avoidable vulnerability. This incident highlights the operational risks of handling sensitive defense contracting through systems that lack adequate segmentation or protective barriers against state-sponsored espionage.
Update: Post SMTP Plugin Flaw Puts Over 200,000 WordPress Sites at Risk of Admin Takeover
A major flaw in the Post SMTP plugin has left more than 200,000 WordPress websites vulnerable to complete account takeovers. The flaw, tracked as CVE-2025-24000, affects versions up to 3.2.0 and stems from broken access control in the plugin’s REST API. It allowed any logged-in user—including those with the lowest permission levels, such as subscribers—to access detailed email logs. These logs contain full email content, including password reset messages sent to site administrators. By initiating a password reset and viewing the corresponding email through the logs, attackers could easily take over administrator accounts without needing elevated access. The plugin, which is installed on over 400,000 sites, is widely used to manage email delivery and logging. A fix was introduced in version 3.3.0 on June 11, adding proper permission checks to ensure only authorized users can access sensitive logs. However, download stats show that a large portion of the user base has not yet updated. The flaw was first reported in May to Patchstack by a security researcher and publicly disclosed in July after a validated fix was confirmed. Because exploitation only requires a basic registered account, it poses a significant danger to sites that run membership systems, e-commerce platforms, or community features that allow user registration. Many of these websites assume that having a login equals having trust, which this flaw proves is a dangerous assumption. Attackers are already actively scanning for vulnerable sites, and experts warn that delayed updates could lead to widespread site compromises. In addition to intercepting sensitive emails, attackers could deface websites, inject malicious code, or steal user data. This incident highlights the need for stricter privilege controls in plugin development and reinforces how a small oversight can have serious consequences when scaled across hundreds of thousands of websites. Site administrators are urged to update their user roles and review site logs immediately for any unusual activity.
Update: AMOS Malware Evolves into Persistent macOS Threat with Backdoor Capabilities
A dangerous piece of malware known as Atomic macOS Stealer, or AMOS, has recently become much more serious. Originally designed to steal information, such as passwords, cryptocurrency wallets, and browser data, from Mac users, AMOS has now been upgraded with a powerful backdoor that grants hackers ongoing access to infected devices. This change means that attackers can remain connected to a Mac even after it has been restarted, allowing them to monitor activity, steal additional data, or install other malicious tools. Security researchers say AMOS is being spread through fake job offers and websites offering pirated or cracked software. Victims are often tricked into downloading what looks like a legitimate program and then unknowingly give it access by entering their system password. Once installed, AMOS can do far more than steal data; it opens the door for spying, further attacks, and long-term control. What makes this new version of AMOS especially dangerous is how well it conceals itself and how frequently it communicates with the attacker. It utilizes hidden files and exploits a loophole in the Mac system to run the malware automatically at startup. The backdoor quietly reaches out to the hacker’s server every minute, ready to follow new instructions, whether that’s stealing more files or installing something else. It even attempts to evade detection by shutting itself down if it senses that security tools are monitoring it or it is running in a test environment. AMOS has already been spotted in over 120 countries, with the most activity in the U.S., U.K., France, Italy, and Canada. Experts warn that Mac users, who often believe their devices are more secure, need to be even more cautious. Keeping software updated, avoiding unofficial or insecure downloads, and using behavior-based security tools are now essential to avoid falling victim to this growing threat.
