Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs, SecureList (Kaspersky)
TL;DR
Law enforcement scored a major win with the extradition of a RedLine infostealer administrator, while active campaigns target Magento stores and cryptocurrency wallets. Meanwhile, AI platforms face new supply chain and abuse vectors.
The extradition of a RedLine administrator represents a significant law enforcement action against one of the most prolific infostealer operations, while PolyShell attacks targeting over half of vulnerable Magento stores indicate widespread active exploitation.
An Armenian suspect has been extradited to the United States to face criminal charges for allegedly managing RedLine, one of the most prolific infostealer malware operations in recent years. RedLine has been responsible for stealing millions of credentials and personal data from victims worldwide, making this extradition a significant milestone in international cybercrime prosecution.
A hacktivist group claims to have obtained sensitive data on crime tipsters and the people they reported, with records dating back to 1987. The breach allegedly exposes the identities of confidential informants, potentially putting vulnerable individuals at risk.
Attackers are leveraging the PolyShell vulnerability to target more than half of all vulnerable Magento Open Source and Adobe Commerce version 2 installations. The campaign represents a systematic exploitation of e-commerce platforms, with attackers moving aggressively against unpatched systems.
A newly discovered infostealer called Torg Grabber is harvesting sensitive data from 850 browser extensions, with over 700 targeting cryptocurrency wallets specifically. The malware demonstrates the continued evolution of credential theft tools to target the growing cryptocurrency ecosystem.
Threat actors are bypassing phishing detection systems by abusing the no-code app-building platform Bubble to generate and host malicious web applications targeting Microsoft accounts. This technique allows attackers to leverage legitimate infrastructure for credential harvesting campaigns.
Flare Systems research reveals that premium AI service accounts have become a hot commodity in underground markets, sold alongside traditional cybercrime tools like email accounts and VPS access. Criminal actors are bundling and reselling AI platform access at scale, indicating the integration of AI services into the cybercrime supply chain.
Kaspersky researchers dissected a supply chain attack targeting LiteLLM, a multifunctional gateway used in many AI agents. The attack demonstrates how threat actors are targeting AI infrastructure to steal sensitive data from organizations deploying AI solutions.
Citrix has released patches for two NetScaler ADC and NetScaler Gateway vulnerabilities, with one flaw showing similarities to the previously exploited CitrixBleed and CitrixBleed2 vulnerabilities. The company is urging administrators to apply patches immediately given the critical nature of these systems.
The FCC announced restrictions on routers manufactured outside the US, but security experts warn the policy could inadvertently leave home networks less secure. The regulatory approach may limit access to security-focused router firmware and features.
The penetration testing distribution's first release of the year includes eight new security tools, a visual theme refresh, and a new BackTrack mode for Kali-Undercover. The update continues the platform's evolution as a comprehensive security testing environment.
Landmark court verdicts are beginning to examine how social media platforms are engineered, moving beyond content moderation to question fundamental design decisions. The cases represent a shift toward holding platforms accountable for their underlying architecture and engagement mechanisms.
Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs, SecureList (Kaspersky)