Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Mount Royal University says hackers stole and deleted files following June cyberattack

Mount Royal University (MRU) has confirmed that threat actors stole data and deleted files after breaching the university's network in a...

All the recent news you need to know

AI Agent Executes End-to-End Ransomware Attack Without Human Intervention, Researchers Say

 

Cybersecurity researchers have uncovered what they believe is the first ransomware attack conducted by an autonomous artificial intelligence agent which they named JADEPUFFER. It is notable because the AI performed all stages of the attack, from targeting and compromising the system to installing and using ransomware, without requiring any human input. 

The researchers noted that JADEPUFFER targeted a vulnerability in the open-source application Langflow which was used to design and build various AI applications and tools. The vulnerability was already patched but many internet-facing instances of the application remained unpatching, giving the AI agent an entry point. Many such instances host API keys, cloud service credentials, and database tokens, making them an attractive target for bad actors.

After compromising the target, the AI agent began scanning the system for any valuable information, including cloud service credentials, wallet addresses, API keys, and database passwords. It also located a storage server which had default administrator credentials. Researchers noted that JADEPUFFER used this server as a foothold to pivot to other systems on the network. 

The AI agent managed to establish persistence on the compromised system by implanting a backdoor which sent out requests to a remote command and control server. It then lateraled to the production database server and used the administrative privileges to exploit another vulnerability in the system configuration service. 

It then created its own administration account in the server using a default signing key and altered other configurations in the system. JADEPUFFER proceeded to encrypt over 1300 configuration entries, deleting them before encrypting more data and displaying a ransom note demanding payment in Bitcoins. However, the researchers noted that the ransomware used a randomly generated encryption key which was only viewable once. 

In addition, the ransomware did not store or transmit the decryption key in any way, meaning that the victims would be unable to recover their data even if they paid the ransom. In addition to encrypting data, JADEPUFFER also deleted several databases after claiming that it had backed up the data elsewhere. However, researchers at Sysdig found no evidence that the data had been successfully backed up or transferred. This indicated that the attackers might have been trying to extort more money from the victims, potentially by threatening to delete all data or hinder recovery efforts. 

The researchers concluded that the ransomware attack was performed by an artificial intelligence due to the nature of certain observed behaviors. They noted that most of the ransomware’s behaviors were documented in natural language within the malware’s code, a practice common in many large language models. Additionally, the AI was able to resolve some of its own errors, such as failed authentication attempts, without requiring human intervention. The researchers estimated that over 600 discrete actions had been taken by the AI during the attack. 

The researchers added that while many of the techniques used by JADEPUFFER had been seen in other ransomware attacks, the fact that an autonomous AI agent had been able to use them in succession to launch a major ransomware attack was notable. They believe that such an attack has significant implications for the future of ransomware attacks, as it reduces the level of expertise needed to launch such an attack and allows attacks to occur at a much faster rate than would otherwise be possible. 

The researchers recommended that organizations reduce the risk of falling victim to similar attacks by ensuring that all software is updated to the latest versions, keeping administration systems offline when possible, protecting cloud service credentials, and monitoring systems for signs of unauthorized automated activity. Sysdig noted that JADEPUFFER was a warning about the potential threat posed by agentic AI ransomware in the future as the technology becomes more advanced.

Fake Paysafe and Skrill SDKs on npm and PyPI Steal Developer Credentials

 

A coordinated supply-chain attack has compromised developers by distributing 17 malicious packages on npm and PyPI that impersonate legitimate SDKs for Paysafe, Skrill, and Neteller payment services. These packages were designed to silently exfiltrate sensitive credentials, including API keys, AWS tokens, GitHub secrets, and npm tokens, to a command-and-control server hosted on Amazon Web Services. 

The threat actor published these fake SDKs with names closely resembling official payment integration libraries, such as paysafe-checkout, skrill-payments, and paysafe-api. While the packages expose expected APIs and return fake success responses to avoid detection, their real purpose is credential theft. The embedded malware scans the compromised environment for secrets and exfiltrates them to the attacker's server. 

Security researchers at Socket identified 13 malicious npm packages and four PyPI packages in this campaign. The npm packages were released in four versions (1.0.0 to 1.0.3), while the PyPI packages had only one malicious version (1.0.0). The full list includes well-known names like paysafe-js, paysafe-fraud, skrill-sdk, neteller, and paysafe-kyc. Developers who installed any of these packages risked having their secrets stolen, especially if they were working on payment integration projects for these services. The data theft module in the npm packages attempts exfiltration only if a Paysafe API key is present and activates when the fake SDK is called. The PyPI packages automatically activate the data theft routine upon initialization and do not require a Paysafe API key to be present at all. 

The malware incorporates basic anti-analysis features to avoid detection in sandboxed or virtualized environments. For instance, it halts execution if it detects fewer than two CPU cores or if the hostname or username suggests a virtual machine. To detect potential compromise, organizations should search their dependency trees for the listed package names and scan CI/CD logs for PAYSAFE_API_KEY in combination with these packages. Denying requests for these packages at the registry proxy level is also recommended to prevent accidental installation. If any of the listed packages were installed, developers are recommended to immediately rotate all secrets on any machine that imported or executed this package. 

The researchers also advise searching dependency trees for the package names used in the campaign and deny any requests for them at the registry proxy level. It is also recommended to look in the logs of Continuous Integration (CI) systems for PAYSAFE_API_KEY in combination with any of the listed package names. Additionally, teams should audit their project dependencies and CI/CD pipelines to ensure no traces of these malicious packages remain. Staying vigilant and verifying package sources before installation remains crucial to avoiding similar supply-chain attacks in the future. This incident highlights the growing sophistication of attackers targeting open-source repositories and the critical need for robust software supply-chain security practices. 

Developers must remain cautious when integrating third-party libraries into their projects, especially those related to financial services and payment processing. The use of automated dependency scanning tools and regular security audits can help identify and mitigate risks associated with malicious packages. Furthermore, organizations should implement strict access controls and monitoring for their CI/CD environments to detect and respond to potential credential theft attempts quickly. By adopting a proactive security posture and staying informed about emerging threats, the developer community can better protect itself against evolving supply-chain attacks.

Rogue Agent Bug Could Have Let Attackers Hack AI Conversations


A critical vulnerability in Google’s Dialogflow could have let a hacker exploit other Code-Block-enabled agents via one Code Block-power agent, in one Google Cloud project.

After this, the attacker could read chats, steal user data, and command bots to send hacker-written texts such as re-entering a password.

Discovery of the bug

Cyber security firm Varonis discovered the tactic and called it ‘Rogue Agent.’ The bug impacted only businesses that make agents with custom Code Blocks and Dialogflow’s Playbooks, which allows hackers to add their own Python. The attack was not remote, or unauthorized.

For the attack to happen, it required the dialogflow.playbooks.update green light one such agent, which restricts the hacker to an infected insider or a breached developer account, not some stranger on the web. From that point, the reach extended to every agent inside the project.

Google has patched the bug, and Varonis and Google have said there are no signs that the flaw was deployed in a real attack or campaign.

Single writable file prompted each agent Code Blocks

Dialogflow’s Code Blocks allows developers to add custom Python to a chatbot’s flow to test input, invoke defined tools, and control behavior. 

The code runs within a Google-operated Cloud Run environment, and every agent that uses Code Blocks in the similar Google Cloud project shares one incident of it. The customer cannot control or see the environment that Google runs, meanwhile Varonis discovered no real separation between the agents within it.

Attack tactic

When the agent runs a Code Block, the code is added to internal setup code and sent to Python’s exec()function. The functions and variables that block can touch are defined by the setup. 

Functions consist(), which makes the bot reply with a given string, whereas variables consist of a history of full chats and state for session information such as the session ID.

Varonis discovered code_execution_env.py, the file that does this wrapping, lying in the shared environment with write access. 

As the file was writable, a single Code Block could change it. The block downloads an altered code_execution_env.py from a threat actor-controlled server and overwrites the original within the running container.

After that, the attacker’s variant commands every Code Block deployment throughout every agent that shares the environment. The attacker’s code sits in the same place as the real code, with similar access to respond(), state, and history, 

Accenture Confirms Cyber Breach as Hacker Lists Alleged Company Data


 

Accenture, a global IT services firm, has confirmed experiencing a cybersecurity breach as a threat actor claimed to have stolen company data and was offering it for sale on a cybercrime forum. The breach claim was made in relation to the dataset which was offered for sale on July 6 on a cybercrime forum for the cryptocurrency Monero (XMR).

According to the listing, the stolen documents originated from Accenture's internal environment, and were described as an "Accenture Data Breach." A threat actor claiming to be "888" reported that in July 2026, more than 35 gigabytes of data were exfiltrated from Accenture's systems. This confirmation follows the allegations by the threat actor. It is possible that the exposed source code and cloud credentials could pose broader security risks if they are authentic, giving unauthorized access to development environments, cloud infrastructures, or software repositories. 

However, no public evidence is available to indicate whether the alleged credentials remain valid or have been misused. An Azure DevOps repository associated with an Accenture domain has been claimed to be accessed by the threat actor, according to a screenshot that the threat actor has published to support this claim. However, the extent and authenticity of the alleged data have not been independently verified. 

Accenture confirmed the security incident, but did not verify the threat actor's claims regarding the reported 35 gigabytes of stolen data or the alleged content of the dataset. Additionally, the company has not disclosed how the attackers gained access, whether any customer information was compromised, or whether any of the credentials exposed remain active.

In addition, Accenture declined to disclose how the attackers gained access to the company or whether customer information had been compromised. This incident follows prior claims of cybersecurity breaches involving Accenture. The same threat actor claimed in 2024 that employee data had been compromised as a result of a third-party breach. 

Accenture later dispute the scale of these claims, stating its review revealed that only limited employee information had been discovered and no evidence of compromises to its own systems or customer environments. It was also targeted by the LockBit ransomware group in 2021. Earlier, in 2021, the company announced a breach following a LockBit ransomware attack. 

Cybercriminals are increasingly using underground marketplaces to monetize stolen corporate data, which highlights the continued risks organizations face from credential theft and source code exposure. Additional information regarding the extent of the breach and potential consequences for customers remains unknown as investigations continue.

Investigations are ongoing, but it remains unclear what the full scope of the incident is. Accenture has confirmed that a security breach occurred but has stated that operations remain unaffected. However, questions remain regarding the authenticity of the alleged dataset, the means by which the data was compromised, and any potential impacts on customers.

Microsoft 365 Users Targeted in New Device Code Phishing Campaign

 



Cybersecurity researchers have revealed a phishing campaign that is exploiting Microsoft's legitimate device authentication process to seize control of Microsoft 365 accounts, reflecting a broader shift in how cybercriminals are conducting identity-focused attacks. Rather than stealing passwords through counterfeit login pages, the operation manipulates victims into completing a genuine Microsoft authentication process, allowing attackers to obtain valid authentication tokens that grant direct access to compromised accounts.

The campaign, tracked by email security firm ZeroBEC, was observed between the final week of June and early July 2026. Investigators found that the attackers relied on collaboration-themed phishing lures that directed recipients to Microsoft's authentic device login experience instead of fraudulent credential harvesting websites. Behind the scenes, a backend broker generated Microsoft device authentication codes and continuously polled the authentication process until victims completed the sign-in sequence, enabling the attackers to capture valid authentication tokens without ever collecting passwords.

Researchers noted that the activity closely resembles techniques previously documented by Microsoft in its investigation of the threat cluster known as Storm-2372. That campaign, first disclosed in February 2025, used fake Microsoft Teams invitations and messaging-themed social engineering to persuade victims to enter attacker-generated device codes. Once authentication was completed, the attackers received valid access tokens that allowed them to take over Microsoft 365 accounts. Microsoft said Storm-2372 had targeted organizations across government, defense, healthcare, telecommunications, higher education, information technology, energy, and non-governmental sectors spanning Europe, North America, Africa, and the Middle East. The company also stated that the attacks abused legitimate authentication functionality rather than exploiting vulnerabilities in Microsoft products.

Although the latest campaign mirrors many of Storm-2372's tactics, ZeroBEC believes the operation is powered by a reusable phishing framework called DEBULL rather than the original threat actor itself. The researchers concluded that techniques once associated with advanced threat groups are now being packaged into reusable infrastructure that enables multiple operators to launch similar attacks with far less effort. This evolution reflects the continuing commercialization of identity-focused phishing operations, where sophisticated attack methods are increasingly offered through phishing-as-a-service platforms instead of being developed independently by individual threat actors.

At the center of the campaign is device code phishing, an attack technique that abuses the OAuth 2.0 Device Authorization Grant, a legitimate authentication mechanism designed for devices that cannot easily support traditional browser-based sign-ins. The workflow is commonly used by devices such as smart televisions, printers, conference room equipment, and other systems with limited input capabilities. Instead of entering credentials directly on those devices, users receive a short verification code that must be entered on another device through Microsoft's official authentication portal to complete the login process.

Threat actors exploit the separation between the device requesting authentication and the browser used to authorize it. Rather than creating counterfeit Microsoft login pages, attackers initiate their own device authentication session, obtain a legitimate verification code from Microsoft, and deliver that code to victims through convincing phishing emails. When recipients unknowingly enter the supplied code into Microsoft's authentic login page and complete the sign-in process, they authorize the attackers' session instead of their own, handing over valid authentication tokens that can be used to access Microsoft 365 resources. Because the victim is interacting with a genuine Microsoft service, traditional indicators of phishing, such as suspicious URLs or fake login portals, are largely absent.

Security researchers have increasingly warned that device code phishing represents a natural evolution of identity attacks. As organizations strengthened defenses against conventional credential phishing and adversary-in-the-middle attacks, threat actors shifted toward abusing trusted authentication workflows that require no password theft and can effectively circumvent multi-factor authentication protections by obtaining legitimate session tokens directly from users. Proofpoint recently reported a sharp increase in device code phishing activity during 2026, attributing the growth to publicly available criminal toolkits and the rapid expansion of phishing-as-a-service platforms that have made these techniques accessible to a wider range of cybercriminals.

ED Charge Sheet Maps Sriki's Darknet Crypto Laundering Network

 

The Enforcement Directorate (ED) has filed a sprawling 3,500-page prosecution complaint before a special PMLA court in Bengaluru, laying out what it calls a “sophisticated network” blending high-level hacking, darknet operations, cyber extortion and multi-crore cryptocurrency laundering. The charge sheet names serial hacker Srikrishna Ramesh, alias “Sriki”, crypto trader Robin Khandelwal, businessman Sunish Hegde, a private IT firm and two of its officials as accused in a case that spans breached government portals, crypto exchanges and online gaming platforms. 

From government portals to poker sites: the alleged breach chain 

According to the ED, Sriki, described as a highly skilled software programmer, exploited vulnerabilities in national and international cryptocurrency exchanges, online gaming and poker platforms, and corporate servers. He is accused of breaching the Karnataka government’s e-procurement portal and siphoning off about ₹11.5 crore in two transactions, besides hacking the Unocoin exchange and several major online poker platforms. The agency alleges that stolen virtual digital assets such as Bitcoin were then “layered” and offloaded through multiple international crypto platforms to obscure their origin.

The prosecution complaint details how Robin Khandelwal allegedly acted as a key conduit, converting illicit digital assets into fiat currency through over-the-counter deals and crypto-trading channels. Investigators claim Sunish Hegde conspired with Sriki to extort money from hacked companies by negotiating with them after the breaches, while Infinzy Solutions and two officials are accused of facilitating the transfer of funds stolen from a poker site. The three main accused were arrested in May and are in judicial custody at Parappana Agrahara Central Prison, with the ED citing digital evidence, blockchain analysis and bank records to support its case. 

 Darknet links and ongoing money trail probes 

The 3,500-page document reportedly sketches connections between Sriki’s hacking operations and darknet marketplaces, building on earlier investigations that noted his use of the darknet to purchase drugs using Bitcoin. About ₹7 crore of the ₹11.5 crore siphoned from the e-procurement portal has been traced, with around ₹2 crore formally attached and another ₹5 crore frozen in various bank accounts; the remaining ₹4.5 crore is still being tracked. The ED says its probe into the movement and use of the alleged proceeds of crime is continuing, even as the prosecution complaint functions as the equivalent of a police charge sheet under PMLA. 


For regulators, the Sriki case underscores how advanced technical skills, weak spots in government and corporate platforms, and an evolving crypto ecosystem can intersect to create large-scale financial crime. The dossier highlights the need for stronger blockchain forensics capacity, tighter oversight of informal crypto-OCT channels, and better coordination between cybercrime units, the ED and financial intelligence agencies. As India’s digital economy expands, securing e-governance portals, exchanges and gaming platforms is becoming not just an IT issue, but a core element of financial integrity and national cybersecurity strategy.

Featured