Originally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates
TL;DR
Attackers are exploiting zero-day vulnerabilities in TrueConf video conferencing software targeting Southeast Asian governments and compromising the popular Axios npm package through North Korean threat actors. Meanwhile, cybercriminals are shifting tactics to abuse legitimate administrative tools already present in enterprise environments.
Multiple actively exploited zero-day vulnerabilities including TrueConf targeting government networks and a North Korean supply chain attack on popular npm packages represent immediate threats requiring urgent attention.
Security researchers have identified active exploitation of CVE-2026-3502 (CVSS 7.8) in TrueConf client video conferencing software. The vulnerability stems from inadequate integrity checks during application updates, enabling attackers to distribute tampered update packages.
The campaign, dubbed TrueChaos, specifically targets government entities across Southeast Asia. The flaw allows threat actors to compromise systems through malicious updates pushed to legitimate TrueConf installations, providing a foothold for further network infiltration.
Google Threat Intelligence Group has attributed the supply chain compromise of the widely-used Axios npm package to UNC1069, a North Korean threat cluster with financial motivations. According to Google's John Hultquist, the attribution represents another instance of North Korean actors targeting software supply chains to maximize impact across multiple organizations simultaneously.
The Axios library, with millions of weekly downloads, provided UNC1069 with extensive reach into JavaScript development environments. This attack demonstrates the continued evolution of North Korean cyber operations beyond traditional cryptocurrency theft toward broader supply chain manipulation.
Palo Alto Networks Unit 42 researchers disclosed a critical security blind spot in Google Cloud's Vertex AI platform. The vulnerability relates to permission model misuse that could enable attackers to weaponize AI agents for unauthorized data access and cloud environment compromise.
The research highlights how AI platforms introduce novel attack vectors that traditional security controls may not adequately address. Organizations deploying AI services need to reassess their permission boundaries and data exposure risks.
Threat actors are increasingly abandoning traditional malware in favor of abusing trusted tools, native binaries, and legitimate administrative utilities already present in target environments. This shift enables lateral movement, privilege escalation, and persistence while evading detection systems designed to identify malicious file signatures.
The trend represents a fundamental challenge to signature-based security models, requiring organizations to implement behavior-based monitoring and zero-trust architectures that assume compromise rather than relying on perimeter defenses.
Microsoft Security reported a sophisticated malware campaign leveraging WhatsApp messages to initiate multi-stage infection chains. The attack delivers VBScript payloads that utilize renamed Windows tools and cloud-hosted components to install MSI backdoors, maintaining persistent access while blending with legitimate system activity.
The campaign demonstrates how attackers combine social engineering through trusted communication platforms with fileless techniques to establish persistent footholds in target networks.
Google has begun rolling out Android developer verification requirements ahead of mandatory enforcement in Brazil, Indonesia, Singapore, and Thailand this September. The initiative aims to combat malicious app distribution by anonymous threat actors who exploit the platform's accessibility.
The verification mandate will expand globally in 2027, representing a significant shift toward accountability in mobile application ecosystems. Organizations managing Android devices should prepare for potential app availability changes as the verification requirements take effect.
Microsoft released information on several new CVEs affecting various components:
CVE-2026-34353: Details pendingCVE-2025-66037: OpenSC out-of-bounds vulnerabilityCVE-2026-4746: Heap buffer overflow in timeplus-io/protonCVE-2026-0967: Libssh denial of service via inefficient regex processingCVE-2026-4176: Perl Compress::Raw::Zlib vulnerability affecting multiple versionsAdditional Linux kernel vulnerabilities were also disclosed, including XFS filesystem and netfilter bridge issues.
Microsoft published guidance for CISOs on applying security fundamentals to AI environments. The recommendations emphasize extending traditional security principles to AI workloads while addressing unique risks posed by machine learning systems and data processing pipelines.
SANS Internet Storm Center highlighted techniques used by malware to minimize filesystem footprints, including abuse of Windows Alternate Data Streams (ADS) and registry-based persistence mechanisms. Organizations should implement behavior-based detection capabilities that monitor process execution patterns rather than relying solely on file-based signatures.
Originally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates