Trending Topics

UNC6426: From Stolen GitHub Token to Full Cloud Takeover in 72 Hours

A threat actor tracked as UNC6426 exploited stolen keys from the 2025 Nx npm package supply chain compromise to fully breach a victim’s AWS cloud environment in just three days, according to Google’s Cloud Threat Horizons report. The attack began when a developer’s GitHub token was stolen and used to exploit the GitHub-to-AWS OpenID Connect (OIDC) trust framework. With this access, the attackers created a new administrator role in AWS, granting themselves unrestricted privileges. Within 72 hours, they exfiltrated files from S3 buckets, destroyed production EC2 and RDS instances, and renamed internal repositories to “/s1ngularity-repository-[randomcharacters]” before making them public. UNC6426’s operation stemmed from the trojanized Nx npm package, which embedded a postinstall script that executed QUIETVAULT, a JavaScript-based stealer that harvested tokens and environment variables using an LLM already present on compromised machines. Once deployed through an update in the Nx Console plugin, QUIETVAULT leaked sensitive data to a public GitHub repository. Two days later, the actors used an open-source utility called Nord Stream to extract secrets from CI/CD pipelines, escalate privileges using AWS STS tokens, and deploy a malicious CloudFormation stack with AdministratorAccess permissions. Google and supply chain security experts warn that UNC6426’s campaign illustrates a new class of AI-assisted supply chain attacks in which malicious logic is embedded in prompt-based instructions rather than in direct code callbacks, evading traditional security scans. To mitigate risk, organizations should disable postinstall scripts or run them in sandboxed environments, apply the principle of least privilege (PoLP) to CI/CD service accounts and OIDC roles, rotate and scope GitHub PATs, monitor for anomalous IAM actions, and establish visibility into LLM integrations that can access credentials or sensitive repositories.

AI Becomes a Weapon: 2025’s Turning Point in Cyber Warfare

Throughout 2025, the cybersecurity landscape underwent a defining transformation: attackers shifted from using AI for productivity to embedding it directly into live cyber operations. According to new research from Google Threat Intelligence Group (GTIG) and Mandiant, threat actors from China, Russia, Iran, and North Korea began equipping their malware with LLM-integrated logic, enabling it to modify behavior in real time. This evolution gave rise to adaptive malware such as PROMPTFLUX and PROMPTSTEAL, which leverage APIs from AI models, such as Gemini, to rewrite their own code or generate commands on demand, bypassing traditional defenses. By the end of 2025, tools such as FRUITSHELL and QUIETVAULT will be actively using AI to locate credentials and automate exfiltration, marking the full operationalization of AI in cyberattacks. These AI-driven capabilities have not only improved stealth and persistence but also broadened the attack surface. State-aligned groups reportedly used AI to map complex infrastructures like Kubernetes, VMware vSphere, and macOS environments, while North Korean operators deployed it for cryptocurrency thefts. Simultaneously, underground forums began selling access to AI-enhanced malware development tools and phishing generators, democratizing access to advanced threat tooling. GTIG notes that this shift makes cyberattacks faster and more scalable, as AI agents can now issue autonomous commands, removing the need for constant human oversight. Meanwhile, corporate defenders face mounting challenges from "Shadow AI", unsanctioned tools employees use without oversight. Mandiant found that many enterprises still lack AI asset inventories, supply chain visibility, and access control policies for machine learning systems, creating blind spots more dangerous than model poisoning or data theft. While defenders are also adopting AI for threat hunting and triage, experts warn that countering these adaptive, autonomous threats requires behavioral detection, agent-aware governance, and continuous red team testing.

BlackSanta: A Stealthy EDR Killer Targets HR Departments in Long-Running Campaign

A Russian-speaking threat actor has spent more than a year targeting HR departments with a stealthy, multi-stage intrusion chain that culminates in an EDR killer dubbed BlackSanta. Researchers at Aryaka assess that the campaign likely begins with spear-phishing emails that coax recipients into downloading malicious ISO images masquerading as resume files, hosted on cloud platforms like Dropbox to appear trustworthy. One examined ISO contained a .LNK shortcut disguised as a PDF, a PowerShell script, an image, and an icon file; opening the shortcut launches PowerShell, which extracts hidden code from the image via steganography and executes it directly in memory, then pulls down a ZIP archive with a legitimate SumatraPDF binary and a trojanized DWrite dll to achieve DLL sideloading. From there, the malware fingerprints the system, checks for sandboxes or virtual machines, weakens Microsoft Defender settings, and uses process hollowing to execute additional payloads inside trusted processes while maintaining a low forensic footprint. At the center of this toolkit is the BlackSanta EDR killer, an executable designed specifically to silence endpoint protection before any final payload is deployed. BlackSanta adds Defender exclusions for dll and sys files, tweaks registry values to reduce telemetry and automatic sample submission, and can even suppress Windows notifications to keep users in the dark. It then enumerates running processes, compares them against a large, hard-coded list of EDR, antivirus, SIEM, and forensic tools, and uses BYOD components to unlock and terminate matching processes at the kernel level. Aryaka’s analysis shows the actor loading vulnerable but legitimate drivers, such as RogueKiller Antirootkit (truesight sys) and IObitUnlocker sys, previously seen in other campaigns for privilege escalation and security bypass, giving BlackSanta deep access to kernel hooks, memory, and file locks. Because the command-and-control server was offline during analysis, researchers could not recover the ultimate payload, but they did map additional infrastructure and multiple IPs that confirm the operation has been running quietly for at least a year with strong operational security and context-aware targeting. The combination of social engineering, memory-resident execution, BYOD abuse, and kernel-level EDR tampering aligns with techniques increasingly favored by advanced actors seeking EDR evasion at scale, even outside ransomware contexts. For defenders, this campaign highlights the need to enforce driver blocklists and kernel-mode validation, restrict execution of ISO and LNK-based attachments, harden PowerShell and script logging, and invest in behavioral detection capable of spotting anomalous process hollowing and suspicious driver loading, even when all components appear cryptographically trusted.g BYOVD techniques. Aryaka’s analysis found that the attackers leveraged legitimate drivers, such as RogueKiller Antirootkit and IObitUnlocker, to gain elevated privileges, reflecting a growing trend in which adversaries weaponize trusted components. The campaign’s longevity, stealth, and precision suggest a well-funded, highly skilled operation, emphasizing the need for strict driver policies, continuous behavioral monitoring, and layered defense strategies.

March 2026 Patch Tuesday: Copilot, Preview Pane, and AI-Adjacent Risk

March’s Patch Tuesday is quieter than February’s barrage of zero-days, but it still delivers 80+ fixes and several high-impact issues that defenders cannot ignore, particularly where Microsoft 365, SQL Server, AI integrations, and Azure MCP are in play. Among 84 vulnerabilities, 8 are rated Critical and 76 Important, with over half tied to privilege escalation, underscoring their usefulness for post-compromise movement once an attacker has a foothold. The standout bug is CVE-2026-26144, a Critical information disclosure flaw in Excel: a cross-site scripting issue that can coerce Copilot Agent mode into silently exfiltrating data via unintended network egress, enabling a zero‑click leak of sensitive spreadsheet content in corporate environments. Organizations that can’t patch immediately should, at a minimum, tighten outbound filtering for Office, monitor anomalous network activity from Excel processes, and temporarily restrict or disable Copilot Agent in high-risk workflows. Two publicly disclosed but not-yet-exploited bugs, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server elevation of privilege), remain patch‑worthy but are currently assessed as less likely targets, while CVE-2026-21536 in the Microsoft Devices Pricing Program stands out with a 9.8 CVSS as a remote, unauthenticated RCE already fully mitigated by Microsoft. Office users also need to watch CVE-2026-26110 (type confusion) and CVE-2026-26113 (untrusted pointer dereference), both Preview Pane–triggerable RCEs that let crafted documents execute code even when only previewed, not opened, making email gateways and hardening against document-based exploits a priority. On the cloud side, CVE-2026-26118, an SSRF in Azure Model Context Protocol (MCP) server tools, can let an attacker coerce MCP servers into calling attacker-controlled URLs and leaking managed identity tokens, potentially granting access to any Azure resources that the identity can reach, which makes rapid patching and strict exposure of MCP endpoints crucial for orgs piloting agentic AI and MCP-backed automation. Microsoft is also shifting Windows Autopatch defaults to enable hotpatch security updates starting May 2026, so eligible devices can reach roughly 90% patch compliance in about half the time and reduce the window of exposure for vulnerabilities like these, another signal that rapid, continuous patching is becoming table stakes, not a nice-to-have.