⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets.

That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too long. Fake installers, poisoned packages, systems left facing the open internet, and helpful little AI assistants running instructions that were never yours.

The gap between “patch exists” and “already exploited” keeps shrinking, and nobody’s closing it. None of it is exotic. That’s what wears you down. Same ordinary mistakes, just happening faster than we can keep up.

Here’s the full mess, top to bottom.

⚡ Threat of the Week

Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers— Progress urged customers to shut down Windows servers running Storage Zone Controllers, citing a credible external security threat. The company has temporarily disabled access to the affected accounts, a step it says it took “out of an abundance of caution” while it works with internal and external security experts. The exact nature of the threat is unknown. There are no indications of unauthorized access to any ShareFile accounts or data.

🔔 Top News

  • Critical Zimbra Flaw Patched— Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user’s session. It has yet to be assigned a CVE identifier. “The update fixes a security issue in the Classic Web Client where a specially crafted email could run malicious code when the email is opened,” Zimbra said. “If exploited, it could allow access to mailbox information, session data, or account settings.”
  • Jscrambler npm Package Compromised— The Jscrambler npm package was compromised to publish multiple versions containing a Rust-based information stealer designed to steal developer secrets from Windows, macOS, and Linux machines. According to Jscrambler, the attack was pulled off using a compromised npm publishing credential. The activity overlaps with IronWorm, which was first documented by JFrog last month. “The malware has shed its Linux-only skin, deploying a three-platform CSI container to target macOS and Windows, expanding its persistence, and automating its own propagation via direct registry PUT operations,” the company said.
  • New GigaWiper Backdoor Detailed— Microsoft shed light on a new post-compromise backdoor called GigaWiper that comes with three distinct destructive ways to render a machine inoperable: wipe the whole disk, overwrite the Windows drive, or run fake “ransomware” that encrypts files with a key it never saves. In addition, it can take screenshots, record the screen, and launch a hidden VNC session. The malware artifacts are similar to another backdoor codenamed BLUERABBIT, which is assessed to be the work of an Iran-nexus threat actor.
  • SHELLSTORM, a Modern Web Shell Access Brokerage Operation— More than 1.4 million domains have been targeted as part of a large-scale operation that exploited 27 CVEs in WordPress plugins to deploy web shells on compromised servers. The largest number of infections have been reported in Taiwan, the U.S., Germany, France, and the U.K. The access provided by the web shell is then used to deliver the SNOWLIGHT dropper and the VShell backdoor. The activity has been codenamed SHELLSTORM. The activity is assessed to be the work of a Chinese or Chinese-speaking threat actor.
  • HalluSquatting Can Trick AI Coding Assistants Into Installing Botnets— While artificial intelligence (AI) tools are prone to hallucinations, new research has detailed a new iteration of slopsquatting and phantom squatting called HalluSquatting. The technique essentially involves registering legitimate-sounding resource names invented by an AI agent, registering them first, and then waiting for the assistant to run the malicious code embedded in the code. The attack pairs hallucinations with prompt injections to trick the agent into executing attacker-controlled instructions.

‎️‍🔥 Trending CVEs

Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.

Check the list, patch what you have, and hit the ones marked urgent first — From BRLY-2026-037 through BRLY-2026-042 (U-Boot), CVE-2026-50746, CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-55115, CVE-2026-54402, CVE-2026-55116 (Ubiquiti Unifi), CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2026-11405 (Tenda), CVE-2026-43499 aka GhostLock, CVE-2026-46215 (Linux Kernel), CVE-2026-53359 aka Januscape (KVM/x86), CVE-2026-52830 (fast-mcp-telegram), CVE-2026-57992 (Microsoft Edge), CVE-2026-11712, CVE-2026-11708, CVE-2026-11595 (IBM WebSphere Application Server), CVE-2026-12184, CVE-2026-14355 (PHP), CVE-2026-52761, CVE-2026-52747 (OWASP ModSecurity), CVE-2026-14898 (OpenAI Codex for macOS), CVE-2026-13753 (HP Deskjet 2800 Printer Series), CVE-2026-10706, CVE-2026-10708 (Adalo Database API), CVE-2026-15112, CVE-2026-15129 (Google Chrome), CVE-2026-12116, CVE-2026-14261 (Xerte Online Toolkit), CVE-2026-13461, CVE-2026-13462 (PayRange Android app), CVE-2026-0288 (Palo Alto Networks PAN-OS), CVE-2026-47291 (Microsoft Windows HTTP.sys), CVE-2026-15146 (GNU Wget), CVE-2026-31694 (Linux FUSE), CVE-2026-54432 (Roundcube webmail), CVE-2026-14544 (HP Linux Imaging and Printing), CVE-2026-13126, CVE-2026-57260, CVE-2026-57248, CVE-2026-57246 (Foxit PDF Reader and PDF Editor), CVE-2026-6896, CVE-2026-13320 (GitLab CE and EE), CVE-2025-14179 (pdo_firebird), and CVE-2025-14180 (PDO PostgreSQL)

🎥 Cybersecurity Webinars

  • Learn to Kill a Rogue AI Agent Before It Leaks Your Secrets → Guardrails alone won’t save you. Okta Threat Intelligence Director Jeremy Kirk went hands-on with OpenClaw and watched agentic AI leak credentials, bypass safety controls, and turn into a live attack surface. In this webinar, he turns that into steps you can apply today: treat agents as first-class identities, enforce least-privilege access, use short-lived secrets, and hit the kill switch on shadow AI. Real attacks, real fixes. Save your seat.
  • Your Team Ships 50x More Code. Humans Can’t Review It Anymore → Frontier models like Mythos are compressing dev timelines past the point humans can review what humans build. Chainguard Field CISO John Sapp shows why that’s an architectural problem, not a velocity one: your attack surface is expanding in real time, adversaries have the same models, and CVE-based remediation breaks down at machine speed. Leave with a secure-by-default strategy and the language to take it to your board. Save your seat.

📰 Around the Cyber World

  • Compromising AI Gateways for Cryptomining — Threat actors have been observed compromising AI gateways such as LiteLLM Proxy connected to Amazon Bedrock services to deploy payloads that communicate with cryptomining infrastructure for unauthorized compute activity. Initial access to the LiteLLM Proxy EC2 instance is said to have been facilitated via internet-exposed SSH. “While the ultimate impact in this case appeared to be unauthorized cryptomining, the incident is notable because of where it occurred,” Darktrace said. “The compromised asset sat at the intersection of cloud infrastructure, identity, and AI services. The incident demonstrates why organizations should treat AI infrastructure as part of their critical attack surface rather than as a standalone application tier.”
  • Exploitation of CVE-2026-1207 Reported — Threat actors are actively exploiting a security flaw in Django (CVE-2026-1207), an SQL injection flaw that could result in remote code execution. “Observed exploitation volumes remain steady week-over-week, indicating sustained interest from threat actors,” CrowdSec said. “Most observed attacks involve focused reconnaissance to identify vulnerable Django and PostGIS configurations, suggesting sophisticated targeting rather than broad spraying.”
  • Multi-Stage Infection Leads to Node.js Backdoor — A malicious ZIP file containing a Windows shortcut (LNK) is being used to execute a hidden PowerShell command that downloads a legitimate node.exe binary and deploys a NodeJS-based backdoor. “The malware also uses the EtherHiding technique, leveraging the TON blockchain to retrieve its command-and-control (C2) address,” LevelBlue said. “The campaign begins with a spam email targeting the hospitality sector using booking-themed lures. The email contains a link hosted on Google Share, which is abused by the threat actor to make it look legit and also evade email security filtering.”
  • Intrusions Exploit Citrix Bleed 2 — Threat actors are exploiting Citrix Bleed 2 (CVE-2025-5777) to deploy the DragonForce ransomware. “After gaining access, the attacker followed a consistent post-compromise pattern: escalate to SYSTEM through a registry-symlink/AppMgmt privilege-escalation trick, create rogue local admin accounts, and establish persistence with legitimate remote access tools like ScreenConnect and Zoho Assist,” Huntress said. “In the most advanced case, the operation ended with DragonForce ransomware deployment, which is why the blog’s main takeaway is urgent action: patch exposed NetScaler appliances, retain and review logs, terminate outstanding sessions, and audit for suspicious accounts and remote-management tooling.” The cybersecurity company said it observed half a dozen intrusions across unrelated organizations in the first half of 2026 using the same repeatable seven-step attack chain, indicating a highly standardized operator playbook rather than one-off compromises.
  • Fake Chinese VPN Drops GoodPersonRAT — An MSI file masquerading as an installer for Kuailian VPN (aka LetsVPN) has been observed dropping and executing an encrypted RAT called GoodPersonRAT that provides attackers with complete control over a victim’s machine and its data. “Several features are implemented, such as full remote control, keylogging, browser manipulation, persistence, and auto-updating,” Threatdown said.
  • Fake Braintree NuGet Package Delivers Skimmer — A malicious .NET package named Braintree.Net has been found to impersonate Braintree’s legitimate Braintree SDK while deploying a multi-stage .NET implant that intercepts live payment card data, exfiltrates Braintree merchant API keys, and harvests host environment secrets upon assembly load. It also facilitates token theft, avoids sandboxes, and implements production-only gating. “This split behavior allows the attacker to deliberately target payment data in production, while environment reconnaissance casts a wider net,” Socket said.
  • RedHook Android Malware Uses Wireless ADB for Shell Access — A resurfaced version of the RedHook Android trojan has incorporated new, sophisticated, and malicious functionalities, including autonomous privilege abuse, expanded command-and-control capabilities, and a robust persistence stack. “While retaining core RAT functionalities, such as screen streaming and keylogging, the latest iterations demonstrate a sophisticated shift toward privilege abuse,” Group-IB said. “RedHook abuses Android’s ADB Wireless Debugging features to autonomously obtain shell-level access.” Recent activity indicates an expansion of targeting beyond Vietnam to include users in Indonesia, suggesting a broader regional focus across Southeast Asia. The malware is distributed via spoofed government and financial websites, but the malicious APK payloads are hosted on reputable cloud and development platforms, including AWS S3 Buckets and GitHub repositories, likely in an attempt to enhance delivery reliability.
  • Phishing Campaign Targets Russian Aerospace Organizations — A spear-phishing campaign disguised as a legitimate business invoice targets aerospace organizations in Russia. “The phishing email impersonates a legitimate Russian research institute associated with aerospace and aviation systems and is delivered using a spoofed domain designed to mimic the organization,” Seqrite Labs said. “The malicious email contains a password-protected attachment that ultimately deploys additional payloads on the victim’s system. Analysis indicates that the threat actor’s primary objective is to establish persistent remote access by silently configuring AnyDesk for unattended access, exfiltrating AnyDesk configuration data to an attacker-controlled email account, and implementing persistence mechanisms to retain long-term control of the compromised host.” The activity overlaps with previously documented campaigns attributed to Rare Werewolf (aka Librarian Ghouls), which is known to target organizations in Russia, Belarus, and Kazakhstan.
  • Helix Data Extortion Crew Emerges — A new data extortion group called Helix is employing voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. Helix is said to have emerged from the BlackFile (aka UNC6671) and ShinyHunters (aka UNC6661) ecosystem. BlackFile has also splintered into Pink and Redact following its shutdown in April 2026. “In the kill chain, a single compromised identity served as the throughline from initial access to exfiltration. However, we have also observed what appears to be a tactical split,” ReliaQuest said. “A first user is compromised through vishing and used for data exfiltration, quietly enumerating and bulk-downloading SharePoint libraries over a period of days. A second user is then compromised separately, often days or even weeks later, and appears to be used solely to deliver the extortion message internally via Microsoft Teams and email. The second account carries no exfiltration activity. It appears to exist in the operation for one purpose, which is to post the extortion demand inside the target’s own collaboration environment.”
  • Microsoft Warns of Increase in Number of Windows Security Updates — Microsoft has warned customers to expect a spike in the number of security updates for Windows, as it uses AI techniques like MDASH to find more zero-day vulnerabilities. “The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” the company said. “The fastest way to reduce customer exposure is to find issues before attackers can use them. Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation, and deliver timely, high-quality updates that keep customers protected.”

🔧 Cybersecurity Tools

  • Caeruleus → Praetorian has released Caeruleus, a free open-source toolkit that folds the whole Bluetooth Low Energy testing workflow into one Go binary. Running on Linux/BlueZ, it lets testers scan devices, read or write the GATT tree, capture notifications, fuzz characteristics, and run security checks, replacing the usual hcitool, gatttool, and bettercap mix. Every command can output JSON for scripting and AI agents.
  • PhantomFS → It is a free open-source Windows honeypot that uses the Projected File System (ProjFS) to project convincing decoy files, credentials, financials, and SSH keys, into a virtual directory that lives only in memory and never hits disk. The moment an attacker or insider opens one, it writes a Windows Event Log entry and fires a desktop Toast alert with the filename, timestamp, and process context, giving high-confidence detection with no tuning, ML, or cloud.

Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.

Conclusion

The lesson this week is simple. Every shortcut we took to move faster is now a door someone else can walk through. The package you trusted. The remote tool is left running. The AI that does whatever it reads. We built the shortcuts. Someone else is using them.

So patch the urgent stuff first, close the sessions you forgot were open, and go check what’s still facing the internet that shouldn’t be. None of it is exciting. It’s just the part nobody goes back to until it’s too late. See you next week, if nothing breaks before then.

📰 Original Source:TheHackerNews
✍️ Author: info@thehackernews.com (The Hacker News)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *