A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft. It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages impersonating legitimate libraries from the @opensearch and @elastic ecosystems and targeting Amazon Web Services, HashiCorp Vault, GitHub Actions, and the npm registry itself. This suggests that the attacker “likely chose a developer audience to have AWS and Elastic cloud credentials in their environments,” Microsoft warned in a Thursday blog. All of the malicious packages include the same install-time stager and the same Bun-compiled, second-stage payload: a 195 KB credential harvester purpose-built for cloud and CI/CD environments. Plus, as we’ve seen with all of the other open source supply chain attacks of late, after stealing tokens and other secrets, the attacker can move laterally across cloud environments, steal additional sensitive data, and push even more poisoned updates to packages owned by hijacked maintainer identities, thus expanding the attack beyond the initial 14. All of the malicious libraries have since been removed, and Microsoft published a list of all 14 in its blog. Give that a read to help identify systems that installed or built affected package versions on or after May 28. Be sure to also rotate an AWS IAM/STS, HashiCorp Vault, npm publish, and GitHub Actions tokens that may have been exposed. To trick users into installing these developer tools and search engines, the attacker used typosquatting - naming a package one or two letters off from the legitimate one - or lookalike naming (such as opensearch-setup-tool, opensearch-config-utility, and elastic-opensearch-helper) to impersonate well-known libraries. In addition to this social engineering technique, used to drive installs through users’ typing mistakes or trust, the attacker also used two other techniques to make the supply chain attack more believable. This includes spoofing upstream metadata. “Every unscoped package sets its package.json homepage, repository, and bugs fields to the legitimate github.com/opensearch-project/opensearch-js project,” Microsoft’s threat hunters explained. And finally, they inflated version numbers, so the phony “releases” jump straight to 1.0.7265, 1.0.9108, or 2.1.9201 to indicate a mature release history. After tricking users into installing the npm packages - all 14 are listed in the blog, so give that a read - the credential-stealing payloads automatically execute through preinstall hooks as soon as the victim runs npm install. For this, the attacker used one of two stagers. The Gen-1 stager uses install, preinstall, and postinstall hooks that all invoke preinstall.js, and then collects a ton of host information including hostname, platform, arch, Node version, USER/USERNAME, cwd, INIT_CWD, npm_package_name, npm_package_version. It then base64-encodes the JSON, and POSTs it to the actor’s command-and-control server, which then serves a second-stage payload, written to payload.bin in the package install directory. “The package’s index.js re-launches the same payload.bin on every subsequent require() of the module – a quiet persistence mechanism that survives across CI build stages and developer rebuild loops,” according to Microsoft. The later Gen-2 stager replaces the install-time C2 roundtrip with a stealthier loader that checks whether bun is already present on the host. If not, it downloads the legitimate Bun runtime v1.3.13, and then executes the second-stage payload, which sets to work stealing credentials across AWS, HashiCorp Vault, npm, GitHub Actions, and other CI/CD environments.®
The website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immigration crackdown. But some of its details are really out there.
If you thought US Immigration and Customs Enforcement’s widespread use of face recognition apps was a privacy violation, you’re about to get eye-rate over a new $25 million contract. According to a largely unreported contract summary published last week by ICE parent agency the Department of Homeland Security, US immigration cops have doled out about $25.1 million to a company called Bi2 Technologies for 1,570 biometric recognition devices able to identify people through fingerprints, iris scans, and facial recognition. Additional procurement data indicates that the devices can be used in the field in both mobile and stationary configurations, and they provide ICE agents with access to Bi2’s Inmate Recognition and Identification System (IRIS), which matches biometrics to a database of more than five million booking, arrest, and incarceration records from 47 US states. The Bi2 system is also able to access driver’s license and vehicle plate info. The deal was made without seeking any competing bids, and ICE justified the sole-source acquisition by pointing not only to Bi2’s capabilities being “unmatched by any competitor,” but also to a contract from last year in which it paid the company $4.6 million for what now appears to have been a one-year trial run of its technology on a much smaller scale. Per the FY 2025 contract, which expires at the end of this coming September, ICE got similar access to the IRIS database and mobile/stationary biometric scanning technology as this year’s award, but only 200 devices were deployed across the US. With the addition of this contract, 1,770 of the devices could now be on American streets by the end of May 2027. While the Bi2 contracts have yet to cause a stir on the level of other ICE biometric surveillance technologies, the widespread deployment of eyeball scanners linked to law enforcement databases and other forms of government documentation could end up stirring up more controversy. Senate Democrats have been railing against ICE’s use of biometric identification technology like Mobile Fortify, an app reportedly used by DHS under the Trump administration’s immigration enforcement push to identify people suspected of immigration violations and, potentially, protesters. In a letter last September, senators demanded ICE immediately cease using Mobile Fortify over concerns that the app could be inaccurate, biased, and might have a chilling effect on the legal expression of protected civil rights in the US. Neither ICE nor DHS responded to questions for this story. ®
There's a huge hole and no one is patching it thus far. A critical, remote code execution (RCE) bug in Gogs, a popular open-source self-hosted Git service, can be exploited by any authenticated user - no special privileges required - on a default installation to fully compromise vulnerable servers, steal credentials and multi-factor authentication secrets, or even modify code in hosted repositories in a wide-reaching supply-chain attack. A security researcher reported the 9.4-rated flaw to project maintainers in mid-March. It still doesn’t have a patch. It does, however, have a public Metasploit module - so we’d expect reports of in-the-wild exploitation to start very soon. The vulnerability affects all supported platforms, including Windows, Linux, and macOS, and installation methods, according to Rapid7 researcher Jonah Burgess, who found and reported the bug to Gogs maintainers via GitHub (GHSA-qf6p-p7ww-cwr9) on March 17. After they initially acknowledged that they received the report on March 28, Burgess says he never heard back from the Gogs team - not when he asked them for a status update, nor when he reminded them of the vulnerability disclosure date and asked if they wanted an extension to fix the flaw before its release. “We have not received any further communication from Gogs, and the GHSA has remained unanswered since March 28,” Burgess told The Register. “Because there is currently no official patch, our team submitted a pull request with a suggested fix today [Friday], which is currently awaiting review. At this time, we have no evidence suggesting that this vulnerability is being exploited in the wild.” Gogs sponsor DigitalOcean also did not respond to The Register’s inquiries, including when the security issue would receive a patch. The vulnerability stems from an argument injection flaw in Gogs’ pull request merge flow, specifically the Merge() function in internal/database/pull.go. If a Gogs repo owner or admin enables "Rebase before merging" and a user opens a pull request, the PR's base branch name gets passed directly to a git rebase command without a -- separator to mark the end of command options. Gogs also fails to properly sanitize the input. This means an attacker can create a malicious branch (such as --exec=touch${IFS}/tmp/rce_proof), and Git treats it as an --exec flag, not a branch name, and executes the payload. For Windows installations, the payload delivery method is slightly different, and Burgess developed an exploit module to auto-implement a cross-platform approach. Until the maintainers fix the flaw, Burgess suggests Gogs’ users take the following precautions to mitigate the issue. First, and most importantly, restrict user registration (DISABLE_REGISTRATION = true in app.ini) to prevent untrusted users from creating accounts. Restricting repository creation (MAX_CREATION_LIMIT = 0 in app.ini) to prevent users from creating their own repos also blocks the easiest attack path - creating a new repo with rebase enabled - but it won’t prevent exploitation by users with write access to existing repositories. Finally, audit rebase merge settings, and disable “Rebase before merging" under Settings > Advanced. “Note that this is not an effective defense against a malicious user who owns or has admin access to a repo, since they can re-enable rebase at will,” the threat hunter warns. “There is no global or organization-level setting to restrict this.” ®
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit
Project Lightwell is an AI‑powered initiative to find and fix vulnerabilities in open-source software at an industrial scale. Here's what we know so far.
The office of Rob Bonta, California's attorney general, is suing 23andMe for the data protection failings that led to the genetics company's disastrous 2023 breach. Bonta and his team claim [PDF] that 23andMe failed to implement adequate security controls for the sensitive records it stored, and misled customers about the nature of the mishap after the fact. "23andMe collected genetic data about millions of people, failed to meet its obligation under California law to keep that information safe, and then lied to consumers about the severity of its 2023 data breach," said Bonta on Thursday. "Our investigation found that the company failed to take basic steps to protect users' data – data including the sensitive personal information, family histories, and health conditions of consumers "The sale of this data on the dark web took place amidst a period of mounting anti-Asian American and Pacific Islander and antisemitic hate and violence – and explicitly called attention to the deeply personal and identifying nature of that information. This is disturbing and incredibly dangerous. Today, my office is suing 23andMe for its categorical failure to comply with California law." The lawsuit was filed against Chrome Holding Co., formerly known as 23andMe. TTAM Research Institute bought 23andMe's assets last year. TTAM Research Institute was founded and is led by Anne Wojcicki, who was also 23andMe's CEO at the time of the breach and one of the company's co-founders. The nonprofit's purchase of 23andMe assets was completed on July 14, 2025, at which time it promised to run 23andMe charitably, using its data to further medical research and education. 23andMe continues to operate as it always did, taking customers' saliva samples and turning it into fun insights, such as what percentage of their makeup is Neanderthal, and whether their DNA makes them more or less likely to enjoy a scattering of cilantro on their food. 'Disturbing' Announcing the lawsuit, Bonta's office used "disturbing" no less than three times to describe the events that transpired before and after 23andMe's mega breach. To recap, a cybercriminal going by the name Golem popped up on a forum in 2023 claiming to offer a slew of data belonging to millions of 23andMe customers. Investigations carried out by regulators later found that Golem only breached around 14,000 accounts, but because of 23andMe's DNA relatives feature, which allows users to connect with other 23andMe users who share a percentage of the same DNA, the crook was able to access the details of nearly 7 million customers. It also soon emerged that 23andMe failed to spot the intrusion for five months, and the 14,000 or so accounts Golem accessed were compromised as a result of credential-stuffing attacks. What followed was a multi-faceted game of finger-pointing. 23andMe's decision to blame customers for recycling credentials instead of admitting it should have mandated 2/MFA on all accounts by default went down about as badly as one might expect. To this day, 23andMe allows customers to use its service without 2/MFA, although it issues regular prompts to those who don't have it set up. Regulators, on the other hand, highlighted that the company's security practices were less than perfect, while security experts were divided. Many agreed there was blame to be placed on both sides. Then came the fines and the settlements. The UK's Information Commissioner hit the company with a £2.3 million ($3.09 million) fine in June 2025, three months after the bankruptcy filing. In its ruling, it echoed the findings of US authorities from 2023, accusing the company of relying on inadequate password requirements. The Information Commissioner rebuked 23andMe for failing to detect the intrusion promptly and not implementing measures to prevent bulk downloading of genetic data. 23andMe also settled a class action lawsuit for $30 million in 2024. Bonta's office alleged that 23andMe’s statements to customers were "misleading and omitted or misrepresented critical information." "While 23andMe assured the public that it had not experienced a data security incident within its systems, downplayed the sensitivity of the stolen data by claiming that the information stolen from the 'DNA Relatives' feature was essentially public, and attempted to shift blame for the breach to its customers, 23andMe was simultaneously negotiating and paying a ransom to the threat actor in exchange for, among other things, the threat actor removing damaging information regarding the breach that had been posted online and providing information about multiple 23andMe security vulnerabilities, including vulnerabilities the threat actor exploited during the data breach." The Register contacted 23andMe's publicists for a response. We only received one on behalf of the 23andMe Research Institute, which despite managing requests directed to the 23andMe platform's only press contact address, distanced itself from Chrome Holding, which, like TTAM Research Institute, does not have a public-facing contact. It also did not help us contact 23andMe's operator. The institute said: "The 23andMe Research Institute is a newly established independent nonprofit organization and is not involved in the matters described in the California Attorney General's complaint filed against Chrome Holding Co., formerly known as 23andMe. The lawsuit pertains to events and operations associated with the former commercial entity prior to the creation of the 23andMe Research Institute. The institute was not involved in the complaint and has no role in the underlying litigation. "The 23andMe Research Institute is focused on advancing nonprofit scientific and health research with a strong commitment to privacy, ethics, transparency, and responsible data stewardship." ®
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.
"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
Dutch police say they dismantled a large botnet this week comprising at least 17 million infected devices. After being tipped off by a researcher at the Netherlands' National Cyber Security Centre (NCSC-NL), police began an investigation, which resulted in the discovery of 200 servers underpinning the botnet's infrastructure located in the country. Cybercrime specialists at The Hague Police Unit seized a number of servers from a hosting provider for further analysis, and the provider then shut down the botnet after realizing it was being used for "criminal purposes." Botnets can be used for various types of cybercrime, but officials did not say how this botnet in particular was used. Police merely stated the general types of abuse, which include phishing, launching DDoS attacks, and online fraud. Neither the police nor the NCSC-NL revealed the botnet's name – an oddity for takedowns of this kind – and also did not detail exactly what devices were enrolled in it. However, both organizations' announcements identified poorly secured consumer-grade kit such as routers, mobile devices, and IoT hardware as common examples. Both also advised users to stop relying on default passwords for new hardware, avoid installing apps from unofficial sources, and keep software up to date. Botnets and proxies on the rise Just before the police announced the botnet takedown, NCSC-NL published a blog highlighting a rise in residential proxy networks used for malicious purposes, calling it a "worrying trend." Botnets and residential proxy networks are often mentioned in the same breath, since both require enrolling legitimate devices into a broader network, although they are typically used for different purposes. Botnets are almost exclusively malicious, with only a few benign exceptions. Folding@home, a voluntary distributed computing project, is possibly the closest clean-living comparison. Residential proxy networks are different. They're legal, and you can find large operators advertising their services on the open web, usually promoting privacy benefits, although experts agree that these networks are a problem, and are more often abused than used for good. Willingly or not – often the latter – consumers have their IP addresses enrolled into these networks, which are also used by cybercriminals to hide the true source of malicious traffic, complicating cyber incident response. These proxies can be used for DDoS attacks, similar to how botnets rely on compromised devices, as well as other trickery such as phishing, brute-force attacks, bypassing impossible travel checks, and malware distribution, among others. "The misuse of residential proxies makes it more difficult to map digital threats and attacks," NCSC-NL wrote. "As the scale of digital attacks increases, the resilience of organizations can come under pressure. "Additionally, the devices of unsuspecting users can become part of such proxy networks, often without their knowledge. In this way, consumers are unknowingly part of cybercrime." Dutch cyberattack reports hit nine-year low On Thursday, shortly after the police announced the botnet takedown and concerns about the rise of residential proxy networks, NCSC-NL published its annual Cybercrime Monitor report, which revealed cyberattacks on Dutch companies had fallen to the lowest level in nine years. According to 2024 data, the most recent available, just four percent of organizations reported an external cyberattack compared to 11 percent in 2016. The report noted the downward trend was noticeable across all company sizes. Phishing and spoofing were by far the most common types of attack, with 23 percent of organizations experiencing this to some degree. At the other end of the scale, attacks involving DDoS, data breaches, business email compromise fraud, and ransomware were each reported by around one percent of organizations. NCSC-NL linked the improvements to wider adoption of multi-factor authentication (MFA). It said the technology is effectively universal across larger organizations, with 87 percent implementing it in 2025, up from 71 percent in 2017. For smaller organizations, the uptake was even more pronounced, more than doubling to 79 percent from 29 percent eight years prior. ®
The Jacksonville Jaguars recently released a viral schedule announcement video that appeared to show their star quarterback chopping off his signature long blond hair. The clip spread quickly online, pulling in nearly 4 million views on X and triggering reactions from fans, friends, and even Lawrence’s grandmother.
The catch? It wasn’t real.
The team later confirmed the moment was partially staged, partially AI-generated and part of the joke. Even Lawrence admitted the fake looked convincing.
And that’s exactly the problem.
What started as a harmless sports prank is also a reminder of how realistic AI-generated videos have become and how easily scammers can use the same technology to fool people online.
Why Deepfake Scams Are Growing Fast
Deepfake scams use artificial intelligence to clone someone’s face, voice, or likeness to create fake videos, ads, phone calls, or social media posts that appear real.
And increasingly, scammers are using celebrities, influencers, athletes, and trusted public figures to do it.
72% of Americans say they’ve seen fake celebrity or influencer endorsements online
39% say they’ve clicked on one
1 in 10 victims lost money or personal data
Average losses reached $525 per person
Why does it work? Because scammers know familiarity lowers our guard.
When people see a recognizable face, whether it’s Trevor Lawrence, Taylor Swift, Tom Hanks, or a favorite influencer, they’re more likely to trust what they’re seeing before stopping to question it.
From Funny Sports Videos to Real Financial Scams
The Jaguars video was meant as entertainment.
But scammers are already using the same technology for fraud.
McAfee researchers recently identified a growing wave of celebrity deepfake scams involving fake giveaways, investment schemes, romance scams, and fraudulent ads.
Some recent examples include:
Fake videos of TV personalities promoting “miracle” products
Usernames with extra characters or copied profile photos
Requests for money or personal data
Especially through DMs, crypto links, gift cards, or wire transfers
How McAfee Helps Protect You
AI scams are evolving fast, but layered protection can help you stay ahead of them.
McAfee’s Scam Detector, included in all core McAfee plans, can help identify suspicious links, messages, videos, and deepfake-related scams across texts, email, and social platforms before you click.
Additional protections like Web Protection and Identity Monitoring can also help reduce your risk if scammers attempt to steal your credentials or personal information.
Other Scam News This Week
Charter Confirms Data Breach
Charter Communications confirmed a data breach tied to a third-party vendor, exposing customer information. Whenever breaches like this happen, scammers often follow up with phishing emails and fake customer support calls pretending to help affected users.
7-Eleven Data Breach Reports Surface
Reports surrounding a potential 7-Eleven data breach are circulating online. Consumers should stay alert for fake password reset emails, loyalty account phishing attempts, and scam texts impersonating retailers.
‘Tom Selleck’ Celebrity Scam Highlights Rise of AI Impersonation Fraud
A tragic case tied to an alleged Tom Selleck impersonation scam is drawing attention to the growing threat of celebrity AI fraud. Experts warn that scammers are increasingly using fake celebrity profiles, AI-generated messages, cloned voices, and deepfake videos to build trust with victims online, especially older adults.
The case underscores how emotionally manipulative and financially devastating these scams can become.
Hackers Are Exploiting AI Chatbot “Personalities”
Researchers told The Verge that attackers are beginning to manipulate chatbot behavior and personalities to trick users into unsafe actions, highlighting growing concerns around AI trust and social engineering.
Fake Inheritance Email Scams Are Getting More Convincing
A phishing scam making headlines this week uses fake inheritance notices and “unclaimed estate” emails to pressure victims into sharing personal information.
Unlike older scam emails full of spelling mistakes, newer versions look polished and professional, often using legal-sounding language, fake reference numbers, and urgent 48-hour deadlines designed to trigger panic before people stop to verify the message.
McAfee Safety Tips This Week
The next deepfake won’t always look fake. That’s what makes these scams dangerous.
Here are some practical, go-to tips
Pause before clicking celebrity endorsements or viral videos
Verify accounts through official sources before trusting promotions
Never send money or personal data based on social media messages alone
Be skeptical of urgency, especially “limited time” threats
Use AI-powered scam protection tools to help identify suspicious content before you engage
Login
/r/netsec - Information Security News & Discussion
The Register - Security
ZDNet | security RSS
