Cyble Vulnerability Intelligence researchers tracked 591 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities. 

A total of 69 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 26 received a critical severity rating based on the newer CVSS v4.0 scoring system. 

Here are some of the more critical IT and ICS vulnerabilities flagged by Cyble in recent reports to clients. 

The Week’s Top IT Vulnerabilities 

CVE-2025-60854 is a critical command injection vulnerability found in the D-Link R15 (AX1500) router firmware 1.20.01 and below. The flaw has a severity score of 9.8 and requires no authentication or user interaction to exploit, making it highly dangerous for affected systems. 

CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in the last week: 

CVE-2025-55182 is a critical pre-authentication remote code execution (RCE) vulnerability in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability has been reportedly targeted by China-linked threat groups. 

CVE-2021-26829 is a cross-site scripting (XSS) vulnerability affecting OpenPLC ScadaBR that was targeted in recent attacks by the pro-Russian hacktivist group TwoNet on a honeypot simulating a water treatment facility, where the threat actors used default credentials for initial access, exploited the flaw to deface the HMI login page, and disabled logs and alarms in a little more than a day. 

Five days after adding CVE-2021-26829 to the KEV catalog, CISA added CVE-2021-26828, a high-severity Unrestricted Upload of File with Dangerous Type vulnerability affecting OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows. The flaw could allow remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. 

CISA also added two Android vulnerabilities to the KEV catalog, both high-severity Android framework vulnerabilities. CVE-2025-48572 is a Privilege Escalation vulnerability, while CVE-2025-48633 is an Information Disclosure vulnerability. Neither vulnerability has been added to the National Vulnerability Database (NVD) yet. 

Notable vulnerabilities discussed in open-source communities included: 

CVE-2025-13223, a type confusion vulnerability in Google Chrome‘s V8 JavaScript and WebAssembly engine, allowing remote attackers to exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution. 

CVE-2025-11001,  a directory traversal remote code execution vulnerability in 7-Zip, stemming from improper handling of symbolic links in ZIP files, potentially allowing attackers to escape extraction directories and execute arbitrary code in the context of a service account upon user interaction with crafted archives.  

CVE-2025-58034, an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. 

CVE-2025-41115, a critical privilege escalation and user impersonation vulnerability in Grafana Enterprise’s SCIM provisioning feature, which could allow attackers to create accounts impersonating privileged users, modify dashboards, access databases, alter alerts, and pivot to connected systems. 

CVE-2025-59366, a critical authentication bypass vulnerability in ASUS AiCloud routers, potentially allowing unauthorized execution of specific router functions via path traversal and OS command injection. 

Vulnerabilities Under Discussion on the Dark Web 

Cyble dark web researchers observed multiple threat actors (TA) on dark web and cybercrime forums discussing various exploits and weaponizing multiple vulnerabilities, including: 

CVE-2025-60709: A Windows Common Log File System (CLFS) Driver elevation of privilege vulnerability that could allow an authorized attacker to elevate privileges locally through an out-of-bounds read flaw. The specific flaw exists within the clfs.sys driver and results from improper validation of user-supplied data, which can lead to a read past the end of an allocated memory region.  

Local attackers can disclose sensitive information on affected Microsoft Windows installations and potentially exploit this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel, resulting in privilege escalation. 

CVE-2025-5931: A high-severity privilege escalation vulnerability in the Dokan Pro WordPress plugin, which stems from improper user identity validation during the staff password reset procedure, allowing attackers with vendor-level access to escalate their privileges to staff member level and then change arbitrary user passwords, including those of administrators, potentially leading to a full account takeover. 

CVE-2025-64446: A critical unauthenticated path traversal vulnerability in Fortinet FortiWeb WAF that could allow full administrative compromise of affected appliances via crafted HTTP(S) requests. The flaw is a relative path traversal (sometimes called “path confusion”) issue in the FortiWeb GUI / management API that could let an attacker reach an internal CGI handler and execute privileged operations without valid credentials. In practice, this becomes an authentication bypass that enables remote admin‑level control and, effectively, remote code execution on the WAF. 

ICS Vulnerabilities 

In addition to the OpenPLC ScadaBR vulnerabilities noted by CISA, Cyble threat intelligence researchers flagged four additional industrial control system (ICS) vulnerabilities in recent reports to clients. 

CVE-2024-3871 is a critical Stack-Based Buffer Overflow vulnerability affecting Emerson Appleton UPSMON-PRO, versions 2.6 and prior. Successful exploitation of the vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 

CVE-2025-13483 is a Missing Authentication for Critical Function vulnerability affecting SiRcom SMART Alert (SiSA), version 3.0.48. Successful exploitation of the vulnerability could enable an attacker to remotely activate or manipulate emergency sirens. 

CVE-2025-13658 is a Command Injection vulnerability affecting Longwatch versions 6.309 to 6.334. Successful exploitation could allow an unauthenticated attacker to gain remote code execution with elevated privileges. 

CVE-2025-13510 is a Missing Authentication for Critical Function vulnerability affecting Iskra iHUB and iHUB Lite, all versions. Successful exploitation could allow a remote attacker to reconfigure devices, update firmware, and manipulate connected systems without any credentials. 

Conclusion 

The wide range of critical and exploited vulnerabilities in this week’s report highlights the breadth of threats faced by security teams, who must respond with rapid, well-targeted actions to successfully defend IT and critical infrastructure. A risk-based vulnerability management program should be at the heart of those defensive efforts.  

Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; removing or protecting web-facing assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.  

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks.  

The post The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes appeared first on Cyble.

Cyble – ​Read More

Infostealers — malware that steals passwords, cookies, documents, and/or other valuable data from computers — have become 2025’s fastest-growing cyberthreat. This is a critical problem for all operating systems and all regions. To spread their infection, criminals use every possible trick to use as bait. Unsurprisingly, AI tools have become one of their favorite luring mechanisms this year. In a new campaign discovered by Kaspersky experts, the attackers steer their victims to a website that supposedly contains user guides for installing OpenAI’s new Atlas browser for macOS. What makes the attack so convincing is that the bait link leads to… the official ChatGPT website! But how?

The bait-link in search results

To attract victims, the malicious actors place paid search ads on Google. If you try to search for “chatgpt atlas”, the very first sponsored link could be a site whose full address isn’t visible in the ad, but is clearly located on the chatgpt.com domain.

The page title in the ad listing is also what you’d expect: “ChatGPT™ Atlas for macOS – Download ChatGPT Atlas for Mac”. And a user wanting to download the new browser could very well click that link.

A sponsored link in Google search results leads to a malware installation guide disguised as ChatGPT Atlas for macOS and hosted on the official ChatGPT site. How can that be?

The Trap

Clicking the ad does indeed open chatgpt.com, and the victim sees a brief installation guide for the “Atlas browser”. The careful user will immediately realize this is simply some anonymous visitor’s conversation with ChatGPT, which the author made public using the Share feature. Links to shared chats begin with chatgpt.com/share/. In fact, it’s clearly stated right above the chat: “This is a copy of a conversation between ChatGPT & anonymous”.

However, a less careful or just less AI-savvy visitor might take the guide at face value — especially since it’s neatly formatted and published on a trustworthy-looking site.

Variants of this technique have been seen before — attackers have abused other services that allow sharing content on their own domains: malicious documents in Dropbox, phishing in Google Docs, malware in unpublished comments on GitHub and GitLab, crypto traps in Google Forms, and more. And now you can also share a chat with an AI assistant, and the link to it will lead to the chatbot’s official website.

Notably, the malicious actors used prompt engineering to get ChatGPT to produce the exact guide they needed, and were then able to clean up their preceding dialog to avoid raising suspicion.

The installation guide for the supposed Atlas for macOS is merely a shared chat between an anonymous user and ChatGPT in which the attackers, through crafted prompts, forced the chatbot to produce the desired result and then sanitized the dialog

The infection

To install the “Atlas browser”, users are instructed to copy a single line of code from the chat, open Terminal on their Macs, paste and execute the command, and then grant all required permissions.

The specified command essentially downloads a malicious script from a suspicious server, atlas-extension{.}com, and immediately runs it on the computer. We’re dealing with a variation of the ClickFix attack. Typically, scammers suggest “recipes” like these for passing CAPTCHA, but here we have steps to install a browser. The core trick, however, is the same: the user is prompted to manually run a shell command that downloads and executes code from an external source. Many already know not to run files downloaded from shady sources, but this doesn’t look like launching a file.

When run, the script asks the user for their system password and checks if the combination of “current username + password” is valid for running system commands. If the entered data is incorrect, the prompt repeats indefinitely. If the user enters the correct password, the script downloads the malware and uses the provided credentials to install and launch it.

The infostealer and the backdoor

If the user falls for the ruse, a common infostealer known as AMOS (Atomic macOS Stealer) will launch on their computer. AMOS is capable of collecting a wide range of potentially valuable data: passwords, cookies, and other information from Chrome, Firefox, and other browser profiles; data from crypto wallets like Electrum, Coinomi, and Exodus; and information from applications like Telegram Desktop and OpenVPN Connect. Additionally, AMOS steals files with extensions TXT, PDF, and DOCX from the Desktop, Documents, and Downloads folders, as well as files from the Notes application’s media storage folder. The infostealer packages all this data and sends it to the attackers’ server.

The cherry on top is that the stealer installs a backdoor, and configures it to launch automatically upon system reboot. The backdoor essentially replicates AMOS’s functionality, while providing the attackers with the capability of remotely controlling the victim’s computer.

How to protect yourself from AMOS and other malware in AI chats

This wave of new AI tools allows attackers to repackage old tricks and target users who are curious about the new technology but don’t yet have extensive experience interacting with large language models.

We’ve already written about a fake chatbot sidebar for browsers and fake DeepSeek and Grok clients. Now the focus has shifted to exploiting the interest in OpenAI Atlas, and this certainly won’t be the last attack of its kind.

What should you do to protect your data, your computer, and your money?

• Use reliable anti-malware protection on all your smartphones, tablets, and computers, including those running macOS or Linux.
• If any website, instant message, document, or chat asks you to run any commands — like pressing Win+R or Command+Space and then launching PowerShell or Terminal — don’t. You’re very likely facing a ClickFix attack. Attackers typically try to draw users in by urging them to fix a “problem” on their computer, neutralize a “virus”, “prove they are not a robot”, or “update their browser or OS now”. However, a more neutral-sounding option like “install this new, trending tool” is also possible.

• Never follow any guides you didn’t ask for and don’t fully understand.

• The easiest thing to do is immediately close the website or delete the message with these instructions. But if the task seems important, and you can’t figure out the instructions you’ve just received, consult someone knowledgeable. A second option is to simply paste the suggested commands into a chat with an AI bot, and ask it to explain what the code does and whether it’s dangerous. ChatGPT typically handles this task fairly well.

If you ask ChatGPT whether you should follow the instructions you received, it will answer that it’s not safe

How else do malicious actors use AI for deception?

• AI sidebar spoofing: a new attack on AI browsers
• Attacks using Syncro & AI-generated websites
• How phishers and scammers use AI
• Trojans masquerading as DeepSeek and Grok clients
• How fraudsters bypass customer identity verification using deepfakes

Kaspersky official blog – ​Read More

Effective cyber security depends on knowing which risks matter most. ANY.RUN’s Threat Intelligence Lookup provides industry and geographic context, powered by live attack investigations from 15,000+ companies, that SOC teams need to prioritize alerts, IOCs, and threats with confidence and build their defense strategy for maximum ROI. 

Here’s how. 

Challenge: Context-free TI Wastes SOC Time 

Most threat intelligence sources return long lists of IPs, domains, and hashes, but they rarely explain how those indicators map to a specific sector or region. SOC teams end up treating every threat as equally important, spreading detection and hunting efforts thin and burning time on noise instead of the threats that actually appear in their environment. 

For MSSPs, the problem is even sharper: they serve clients from many fields at once. The lack of industry or geo context makes it hard to prioritize work and hard to prove value to clients who expect sector-aware monitoring. 

Solution: Industry & Geo Threat Landscape for Every Indicator 

TI Lookup now adds an extra layer of context on top of every Premium search query. In addition to listing IOCs, IOAs, IOBs, and sandbox sessions, it builds a real-time snapshot of which industries and countries are most commonly associated with the threat or indicators you queried. 

The functionality provides three key context fields: 
 

TI Lookup now turns your threat landscape into a live, industry-aware radar. It shows exactly how a given threat or indicator maps to specific sectors and countries, so you see where it really matters for your business instead of drowning in generic feeds.  

Powered by real-time analysis of attacks on 15,000 organizations worldwide, it helps you connect threats, techniques, and affected industries, surface niche campaigns, and act before they hit your environment. 

How SOCs Use it in Daily Workflows 

There are several use cases for TI Lookup’s threat landscape functionality. 

1. Starting from a known threat 

A Tier 2–3 analyst already knows the threat or malware family involved. 

They open TI Lookup, search by threat name, and review the industry breakdown in the Threat names view. 

Example: 

threatName:”agenttesla” 

The landscape view shows that Agent Tesla is related to malicious activity in industries like education, technologies, telecommunications, and finance. The analyst can see whether their own sector shows up or stays near zero.  

If the match is strong, the analyst treats it as highly relevant, assesses risk, and pulls only the domains, IPs, and other artifacts that make sense for their company. 

2. Starting from an industry 

An analyst, a SOC lead, or even a CISO wants to see an existing threat landscape for their company’s sector. They query by industry to get a list of Threat names that most often appear in samples linked to that vertical. 

Example: 

industry:”finance” AND submissionCountry:”germany” 

For German companies in finance, the most relevant threats according to TI Lookup are Tycoon2FA, Zhong Stealer, PXA Stealer, and several others. 

From there, the user can refine the query (for example, by a threat type) to uncover the most relevant connections for their environment. 

TI Lookup also makes it possible to set up Query Updates that notify the users about new results for their queries. This way, they can continuously receive new info about threats related to the industry. 

3. Starting from any IOC or behavior 

An analyst starts with any IOC, behavior, or pattern that is not explicitly tied to Industries or Threat names. Say your SIEM detects a suspicious connection. The SOC analyst in charge submits it to TI Lookup and instantly gets full context. 

Example: 

domainName:”productivelookewr.shop” 

TI Lookup instantly shows that the indicator belongs to the Lumma Stealer and appears in threat samples related to telecommunications and technologies companies in Italy and the United States.  

This insight helps the analyst judge how relevant and serious the activity is for their own organization or clients. It also guides the next actions: escalating the alert, looking for similar activity, collecting related artifacts, and updating detection rules. 

4. Starting from an existing security gap 

A CISO or SOC Head knows the company has already faced several incidents related to a certain type of threat. They can pivot on it and combine this with the industry and organization’s country.  

Example: 

Let’s say a security lead in a finance organization sees that the company struggles with phishing. With TI Lookup, they can uncover what common phishing attacks are analyzed by similar businesses in their country: 

industry:”Finance” and submissionCountry:”br” and threatName:”phishing” 

They receive the most common threat names (Tycoon2FA, Storm1747) and sandbox analyses of real-world threats with indicators. This becomes a live backlog for detection engineering, threat hunting hypotheses, and training cases tailored to that sector instead of generic global lists.  

Next, the security lead works with the SOC to turn these threats into concrete actions: prioritizing detections and playbooks for the most common phishing families, rolling out focused awareness training, and tightening controls around the channels those campaigns abuse. 

Benefits for SOCs and MSSPs 

TI Lookup together with the new Industry & geo threat landscape functionality provide a significant value to security teams. 

For CISOs and MSSP leads 

• Faster, scalable prioritization of threats per client segment (finance, healthcare, manufacturing, etc.). 

• Standardized rules and hunting scenarios by industry and country for consistent service quality. 

• Clear evidence in reports that monitoring accounts for sector and regional risk. 

A managed security provider can group clients by industry and region and use TI Lookup to pull the most relevant threat names for each segment. This can help them standardize rule sets and hunting scenarios for finance, healthcare, manufacturing, and other spheres. 

For any new threat, they can quickly check which industries and countries it most often appears in and flag the matching customers as higher risk. They then can export the associated domains, IPs, and other artifacts and roll out protections to all affected environments in one go. 

For SOC leads  

• Quick view of which threats are truly applicable to the organization’s industry and geography. 

• Sharper focus for detections, playbooks, and training content around the most relevant threats. 

• Immediate access to domains/IPs/artifacts for blocking and hunting when a known threat appears. 

A SOC lead can start by querying TI Lookup for their own industry and country to get a ranked list of the most applicable threat names. This immediately shows which families and campaigns should drive new detections, playbooks, and training. 

When a known threat appears, they can use the same view to see which industries it is most often associated with. If their sector is high on the list, they can raise the priority, pull the related domains, IPs, and artifacts, and push them into blocking and hunting across their environment. 

For SOC Tier 2–3 analysts 

• Less noisy TI and faster understanding of where each threat actually matters. 

• Simple pivots: from threat to industries/countries and from industries/countries to relevant threat names. 

• Rich artifacts to enrich cases, accelerating triage, incident response, and hunting accuracy. 

Tier 2–3 analysts are often overwhelmed with alert noise and need to know whether a given threat actually matters for a specific case or industry. With TI Lookup, they can start from a threat name and immediately see how it breaks down by industries and countries, or start from an industry/country and get the most relevant threat names back. 

For each query, they also receive concrete artifacts like domains, IPs, and other indicators to enrich their cases. This speeds up triage, incident response, and threat hunting, while making the recommendations they give to the SOC lead more accurate and grounded in real-world context. 

How It Impacts Key Metrics 

The industry & geo threat landscape in TI Lookup improves the SOC metrics that matter most by adding instant industry and country context to every search: 

• Shorter Mean Time to Detect: Analysts immediately see whether a threat is actually observed in their industry and regions, so they confirm real incidents faster instead of spending time qualifying generic indicators. 

• Faster Mean Time to Respond: Each relevant landscape slice comes with ready IOCs and behavior context from real sandbox runs, shortening investigation steps and helping teams move to containment and remediation sooner. 

• Lower false positive rate: Alerts tied to threats that never appear in the organization’s industry or geography can be safely downgraded, reducing noise and cutting time spent on benign events. 

• Wider detection coverage: Detection engineering uses industry and geo statistics from TI Lookup to prioritize rules and playbooks for the threats that most often impact similar organizations. 

• Better analyst performance per incident: With clearer relevance and richer context up front, analysts can close more meaningful cases per shift instead of circling around low-value alerts. 

Try Threat Intelligence Lookup in Your SOC 

TI Lookup with the geo & threat landscape functionality is available to all Premium subscription users. Contact us to request a trial access to see how our solution can accelerate and improve the work of your security team. 

Conclusion 

Threat Intelligence Lookup reveals critical industry and geographic context in every threat search. Analysts can turn scattered IOCs into actionable insights that are relevant to your organization. Narrow the global threat landscape for more efficient proactive research and threat hunting. 

Backed by real-time analysis from 15,000 organizations, TI Lookup helps teams prioritize faster, sharpen detection, reduce false positives, and improve MTTR. Security teams can finally focus on the threats most likely to impact their specific environment and proactively set up defenses. 

About ANY.RUN 

As a leading provider of interactive malware analysis and threat intelligence, ANY.RUN is trusted by over 500,000 analysts across 15,000 organizations worldwide. Its solutions enable teams to investigate threats in real time, trace full execution chains, and surface critical behaviors within seconds. 

Safely detonate samples, interact with them as they run, and instantly pivot to network traces, file system changes, registry activity, and memory artifacts in ANY.RUN’s Interactive Sandbox. For threat intelligence insights, integrate TI Lookup and TI Feeds supplying enriched IOCs and automation-ready intelligence. No infrastructure maintenance is required.  

Start your 2-week trial of ANY.RUN → 

The post Track Evolving Cyber Threat Landscape for Your Industry & Country in Real Time  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

On December 3, it became known about the coordinated elimination of the critical vulnerability CVE-2025-55182 (CVSSv3 — 10), which was found in React server components (RSC), as well as in a number of derivative projects and frameworks: Next.js, React Router RSC preview, Redwood SDK, Waku, RSC plugins Vite and Parcel. The vulnerability allows any unauthenticated attacker to send a request to a vulnerable server and execute arbitrary code. Considering that tens of millions of websites, including Airbnb and Netflix, are built on React and Next.js, and vulnerable versions of the components were found in approximately 39% of cloud infrastructures, the scale of exploitation could be very serious. Measures to protect your online services must be taken immediately.

A separate CVE-2025-66478 was initially created for the Next.js vulnerability, but it was deemed a duplicate, so the Next.js defect also falls under CVE-2025-55182.

Where and how does the React4Shell vulnerability work?

React is a popular JavaScript library for creating user interfaces for web applications. Thanks to RSC components, which appeared in React 18 in 2020, part of the work of assembling a web page is performed not in the browser, but on the server. The web page code can call React functions that will run on the server, get the execution result from them, and insert it into the web page. This allows some websites to run faster — the browser doesn’t need to load unnecessary code. RSC divides the application into server and client components, where the former can perform server operations (database queries, access to secrets, complex calculations), while the latter remain interactive on the user’s machine.  A special lightweight HTTP-based protocol called Flight is used for fast streaming of serialized information between the client and server.

CVE-2025-55182 lies in the processing of Flight requests, or to be more precis — in the unsafe deserialization of data streams. React Server Components versions 19.0.0, 19.1.0, 19.1.1, 19.2.0, or more specifically the react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages, are vulnerable.  Vulnerable versions of Next.js are: 15.0.4, 15.1.8, 15.2.5, 15.3.5, 15.4.7, 15.5.6, 16.0.6.

To exploit the vulnerability, an attacker can send a simple HTTP request to the server, and even before authentication and any checks, this request can initiate the launch of a process on the server with React privileges.

There is no data on the exploitation of CVE-2025-55182 in the wild yet, but experts agree that it is possible and will most likely be large-scale. Wiz claims that its test RCE exploit works with almost 100% reliability. A prototype of the exploit is already available on GitHub, so it will not be difficult for attackers to adopt it and launch mass attacks.

React was originally designed to create client-side code that runs in a browser, and server-side components containing vulnerabilities are relatively new. Many projects built on older versions of React, or projects where React server-side components are disabled, are not affected by this vulnerability.

However, if a project does not use server-side functions, this does not mean that it is protected — RSCs may still be active. Websites and services built on recent versions of React with default settings (for example, an application on Next.js built using create-next-app) will be vulnerable.

Protective measures against exploitation of CVE-2025-55182

Updates. React users should update to the versions 19.0.1, 19.1.2, 19.2.1. Next.js users should update to versions 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7. Detailed instructions for updating the react-server component for React Router, Expo, Redwood SDK, Waku, and other projects are provided in the React blog.

Cloud provider protection. Major providers have released rules for their application-level web filters (WAF) to prevent exploitation of vulnerabilities:

• Akamai (rules for App & API Protector users);
• AWS (AWS WAF rules are included in the standard set but require manual activation);
• Cloudflare (protects all customers, including those on the free plan. Works if traffic to the React application is proxied through Cloudflare WAF. Customers on professional and enterprise plans should verify that the rule is active);
• Google Cloud (Cloud Armor rules for Firebase Hosting and Firebase App Hosting are applied automatically);
• Vercel (rules are applied automatically).

However, all providers emphasize that WAF protection only buys time for scheduled patching, and RSC components still need to be updated on all projects.

Protecting web services on your own servers. The least invasive solution would be to apply detection rules that prevent exploitation to your WAF or firewall. Most vendors have already released the necessary rule sets, but you can also prepare them yourself, for example, based on our list of dangerous POST requests.

If fine-grained analysis and filtering of web traffic is not possible in your environment, identify all servers on which RSC (server function endpoints) are available and significantly restrict access to them. For internal services, you can block requests from all untrusted IP ranges; for public services, you can strengthen IP reputation filtering and rate limiting.

An additional layer of protection will be provided by an EPP/EDR agent on servers with RSC. It will help detect anomalies in react-server behavior after the vulnerability has been exploited and prevent the attack from developing.

In-depth investigation. Although information about the exploitation of the vulnerability in the wild has not been confirmed yet, it cannot be ruled out that it is already happening. It is recommended to study the logs of network traffic and cloud environments, and if suspicious requests are detected, to carry out a full response, including the rotation of keys and other secrets available on the server.  Signs of post-exploitation activity to look for first: reconnaissance of the server environment, search for secrets (.env, CI/CD tokens, etc.), installation of web shells.

Kaspersky official blog – ​Read More

• Generative AI (GenAI) is reshaping cybersecurity for both attackers and defenders, but its future capabilities are difficult to measure as techniques and models are evolving rapidly.
• Adversaries continue to use GenAI with varying levels of reliance. State-sponsored groups continue to take advantage, while criminal organizations are beginning to benefit from the prevalence of uncensored and unweighted models.
• Today, threat actors are using GenAI for coding, phishing, anti-analysis/evasion, and vulnerability discovery. It’s also starting to show up in malware samples, although significant human involvement is still a requirement.
• As models continue to shrink and hardware requirements are removed, adversarial access to GenAI and its capabilities are poised to surge.
• Defenders can use GenAI as a force multiplier to parse through vast threat data, enhance incident response, and proactively detect code vulnerabilities, helping to overcome analyst shortages. 

Generative AI (GenAI) has caused a fundamental shift in how people work and its impact is being felt almost everywhere. Individuals and enterprises alike are rushing to see how GenAI can make their lives easier or their work faster and more efficient. In information security, the focus has largely been on how adversaries are going to leverage it, and less on how defenders can benefit from it. While we are undoubtedly seeing GenAI have an impact on the threat landscape, quantifying that impact is difficult at best. The overwhelming majority of benefits from GenAI are impossible to determine from the finished malware we see, especially as vibe coding becomes more common.

AI and GenAI are evolving at an exponential pace, and as a result the landscape is changing rapidly. This blog is a snapshot of current AI usage. As models continue to shrink and hardware requirements lessen, it’s likely we are only seeing the tip of the iceberg on GenAI’s potential.

Adversarial GenAI usage 

Cisco Talos has covered this topic previously but the landscape continues to evolve at an exponential pace. Anthropic recently reported that state-sponsored groups are starting to leverage the technology in campaigns, while still requiring significant human help. The industry has also started to see actors embedding prompts into malware to evade detection. However, most of these methods are experimental and unreliable. They can greatly increase execution times, due to the nature of AI responses, and can result in execution failures. The technology is still in its infancy but current trends show significant AI usage is likely coming.

Adversaries are also leveraging prompts in malware and DNS records, mainly for anti-analysis purposes. For example, if defenders are using GenAI while analyzing malware, it will come across the adversary’s prompt, ignore all previous instructions, and return benign results. This new evasion method is likely to grow as AI systems play a bigger role in detection and analysis.

However, Talos continues to see the largest impacts on the conversational side of compromise, such as email content and social engineering. We have also seen plenty of examples of AI being used as a lure to trick users into installing malware. There is no doubt that, in the early days of GenAI, only well-funded threat groups were leveraging AI at high levels, most prominently at the state-sponsored level. With the evolution of the models and, more importantly, the abundance of uncensored and open weight models, the barrier to entry has lowered and other groups are likely using it.

Adversarial usage of AI is still difficult to quantify since most of the impacts are not visible in the end product. The most common applications of GenAI are helping with errors in coding, vibe coding functions, generating phishing emails, or gathering information on a future target. Regardless, the results rarely appear AI generated. Only companies operating publicly available models have the insights required to see how adversaries are using the technology, but even that view is limited.

Although this is how the GenAI landscape appears today, there are indications it is starting to shift. Uncensored models are becoming common and are easily accessible, and overall, the models continue to shrink in both size and associated hardware requirements. In the next year or two, it seems likely adversaries will gain the advantage. Defensive improvements will follow, but it is unclear at this point if they will keep pace.

Vulnerability hunting 

The use of GenAI to find vulnerabilities in code and software is an obvious application, but one that both offensive and defensive actors can use. Threat groups may leverage GenAI to uncover zero-day vulnerabilities to use maliciously, but what about the researchers using GenAI to help them triage fuzz farm outputs? If the researcher is focused on coordinated disclosure resulting in patches and not on selling to the highest bidder, GenAI is largely benign. Unfortunately, players on both sides are flooding the zone with GenAI-powered vulnerability discovery. For now we’ll focus purely on vulnerability analysis from outside the organization. The ways internal developers should use GenAI will be addressed in the next section.

For closed-source software, fuzzing is key for vulnerability disclosure. For open-source software, however, GenAI can perform deep public code reviews and find vulnerabilities, both in coordination with vendors or to be sold on the black market. As lightweight and specialized models continue to appear over the next few years, this aspect of vulnerability hunting is likely to surge.

Regardless of the end goal, vulnerability hunting is an effective and attractive GenAI application. Most modern applications have hundreds of thousands — if not millions — of lines of code and analyzing it can be a daunting task. This task is complicated by the barrage of enhancements and updates made to products during their lifetime. Every code change introduces risk and GenAI might currently be the best option to mitigate it. 

Enterprise security applications of GenAI 

On the positive side of technology, there is incredible research and innovation underway. One of the biggest challenges in information security is an astronomical volume of data, without enough analysts available to process it. This is where GenAI shines.

The amount of threat intelligence being generated is huge. Historically, there were a handful of vendors producing high-value threat intelligence reporting. That number is likely in the hundreds now. The result is massive amounts of data covering a staggering amount of activity. This is an ideal application for GenAI: Let it parse through the data, pull out what’s important, and help block indicators across your defensive portfolio.

Additionally, when you are in the middle of an incident and have reams of logs to correlate the attack and its impact, GenAI could be a huge advantage. Instead of spending hours poring over the logs, GenAI should be able to quickly and easily identify things like attempted lateral movement, exploitation, and initial access. It might not be a perfect source but will likely point responders to logs that should be further investigated. This allows responders to quickly focus on key points in the timeline and hopefully help mitigate the ongoing damage.

From a proactive perspective, there are a couple of areas where GenAI will benefit defenders. One of the first places an organization should look to implement GenAI is on analyzing committed code. No developer is perfect and humans make mistakes. Sometimes these mistakes can lead to huge incidents and millions or billions of dollars in damages.

Every time code is committed there is a risk that a vulnerability has been introduced. Leveraging GenAI to analyze each commit before they are applied can mitigate some of this risk. Since the LLM will have access to source code, it can more easily spot common mistakes that often result in vulnerabilities. While it may not detect complex attack chains involving chaining together low to medium severity bugs that could achieve remote code execution (RCE), it can still find the obvious mistakes that sometimes evade code reviews.

Red teamers can also utilize GenAI to streamline activities. By using AI to hunt for and exploit vulnerabilities or weaknesses in security posture, they can operate more efficiently. GenAI can provide  starting points to jump start their research, allowing for faster prototyping and ultimately success or failure.

GenAI and existing tooling 

Talos has already covered how Model Context Protocol (MCP) servers can be leveraged to help in reverse engineering and malware analysis, but this only scratches the surface. MCP servers connect a wide array of applications and datasets to GenAI, providing structured assistance for a variety of tasks. There are countless applications for MCP servers, and we are starting to see more flexible plugins that allow a variety of applications and data sets be accessed via a single plug-in. When combined with agentic AI, this could allow for huge leaps in productivity. MCP servers were also part of the technology stack used by state sponsored adversaries in the abuse covered by Anthropic. 

Agentic AI’s impact 

The meteoric rise of agentic AI will undoubtedly have an impact on the threat landscape. With agentic AI, adversaries could deploy agents constantly working to compromise new victims, setting up a pipeline for ransomware cartels. They could build agents focused on finding vulnerabilities in new commits to open-source projects or fuzzing various applications while triaging the findings. State-sponsored groups could task agents, who never need a break to eat or sleep, with breaking into high value targets, allowing them to hack until they find a way in, and constantly monitor for changes in attack surface or introduction of new systems.

On the other hand, defenders can use agentic AI as a force multiplier. Now you have some extra analysts that are looking for the slow and low attacks that might slip under your radar. Maybe an agent is tasked with watching windows logs for indications of compromise, lateral movement, and data exfiltration. Yet another agent can monitor the security of your endpoints and flag systems that are at higher risk of compromise due to improper access controls, incomplete patching, or other security concerns. Agents can even protect users from phishing or spam emails, or accidentally clicking on malicious links.

In the end, it all comes down to people 

There is one key resource that underpins all of these capabilities: humans. Ultimately, GenAI can complete tasks efficiently and effectively, but only for those that understand the underlying technology. Developers who understand code can use GenAI to increase throughput without sacrificing quality. In contrast, non-experts may struggle to use GenAI tools effectively, producing code they can’t understand or maintain.

Even Anthropic’s recent reporting notes that AI agents still require human assistance to carry out the attacks. The lesson is clear: People with the knowledge can do incredible things with GenAI and those without can accomplish a lot, but the true greatness of GenAI will only be available to those with the underlying knowledge to know what is right and possible with this new and emerging technology. 

Cisco Talos Blog – ​Read More