Saturday, Sep 13, 2025 // (IG): BB // GITHUB // SN R&D
Villager: AI-Powered Penetration Testing Tool from China Raises Cyber Espionage Fears
Bottom Line Up Front (BLUF): Security researchers at Straiker have discovered Villager, an AI-native penetration testing framework created by the China-based Cyberspike group, that has been downloaded over 10,000 times since July 2025. The tool, described as a "Cobalt Strike successor powered by AI," enables fully automated cyberattacks with minimal technical expertise, and integrates popular offensive tools like Kali Linux, AsyncRAT, and Mimikatz.
Analyst Comments: Blending AI orchestration with modular hacking components drastically reduces the barrier to entry for executing sophisticated attacks — a significant threat when deployed by less-skilled actors or nation-state proxies. The tool’s task-based AI control, forensic evasion, and open availability via PyPI make it a dangerous dual-use asset. The association with Cyberspike — a Chinese entity linked to known malware — raises geopolitical concerns, especially given the use of infrastructure hosted in China and the tool’s opaque origins. This could start a new class of threats: AI-powered Persistent Threats (AiPTs).
FROM THE MEDIA: The tool integrates DeepSeek AI, LangChain, containerized Kali Linux, and a 4,201-prompt exploit database to automate every stage of a cyberattack. Initially positioned as a red-team utility, Villager was published on Python Package Index (PyPI), where it has amassed 10,000+ downloads in just two months. Researchers traced the tool to Cyberspike’s abandoned infrastructure, which previously distributed malware based on AsyncRAT. Villager also includes automated attack chain generation, browser-based exploit execution, and forensic self-destruction via ephemeral containers — all controlled through AI-generated task chains. Experts warn this could accelerate the proliferation of AI-driven cyberattacks at scale, and suggest defenders need to develop AI-specific detection and governance strategies in response.
READ THE STORY: Techradar
Microsoft Patches Four Windows Defender Firewall Privilege Escalation Vulnerabilities (CVE-2025-53808, -54104, -54109, -54915)
Bottom Line Up Front (BLUF): Microsoft has fixed four privilege escalation vulnerabilities in the Windows Defender Firewall Service that could allow local attackers to execute code with SYSTEM-level privileges. Tracked as CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915, the flaws share a type confusion weakness and were patched in the September 2025 security update.
Analyst Comments: Although exploitation requires local access, these vulnerabilities are particularly dangerous in enterprise environments where attackers may already have footholds through phishing, malware, or weak credentials. SYSTEM-level privileges enable disabling defenses, malware persistence, and lateral movement across networks. With the exploit maturity rated as unproven, organizations may underestimate risk, but prompt patching is critical given the prevalence of privilege escalation in attack chains. Threat actors could quickly weaponize these flaws to support ransomware or APT campaigns.
FROM THE MEDIA: Each flaw — CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915 — carries a CVSS base score of 6.7. The vulnerabilities stem from type confusion errors (CWE-843) in the firewall service executable, which runs with elevated privileges. Exploitation could allow attackers with local logon access to escalate privileges to SYSTEM. Microsoft classified them as “Important” severity and released official fixes. Administrators are advised to deploy updates immediately, restrict local account access, enforce least-privilege policies, and monitor for anomalies in firewall service behavior that could indicate exploit attempts.
READ THE STORY: GBhackers
VMSCAPE Spectre-Based VM Escape Vulnerability Exposes Cloud Encryption Keys (CVE-2025-40300)
Bottom Line Up Front (BLUF): Researchers at ETH Zurich have disclosed VMSCAPE (CVE-2025-40300), the first Spectre-based virtual machine (VM) escape vulnerability that allows unmodified guest code to extract sensitive data from the hypervisor. This vulnerability breaks virtualization boundaries and threatens cloud infrastructure running on AMD Zen 1–5 and Intel Coffee Lake processors.
Analyst Comments: VMSCAPE represents a significant escalation in speculative execution attacks, directly challenging the foundational isolation model of virtualized cloud environments. The attack’s ability to work in default configurations without code changes makes it especially dangerous. Though mitigations like “IBPB-on-VMExit” are available, they come at a notable performance cost, which may hinder adoption. This incident revives broader concerns around speculative execution and reinforces the urgent need for architectural changes in modern processors—especially for multi-tenant cloud platforms.
FROM THE MEDIA: The flaw uses a novel technique called Virtualization-Based Branch Target Injection (vBTI) to exploit branch prediction mechanisms in modern CPUs. By manipulating the Branch Target Buffer (BTB), attackers can confuse speculative execution paths and leak host hypervisor memory at a rate of 32 bytes per second. The attack was demonstrated using QEMU as the hypervisor, and disk encryption keys were successfully exfiltrated in 772 seconds. Affected processors include AMD Zen 1–5 and Intel Coffee Lake, which lack proper BTB isolation between host and guest. Linux maintainers have released a mitigation called IBPB-on-VMExit, which imposes a 10% performance overhead in virtualized environments and still results in a 1% loss even on patched Zen 4 hardware. While hardware fixes are currently unfeasible, cloud providers are urged to apply software patches immediately to protect multi-tenant environments.
READ THE STORY: DBAPPSEC
Akira Ransomware Exploits Triple Vulnerability Chain in SonicWall Devices for Global Attacks
Bottom Line Up Front (BLUF): The Akira ransomware group has launched a wave of global attacks by chaining three security weaknesses in SonicWall devices. These include the critical CVE-2024-40766 vulnerability, SSLVPN misconfigurations, and default LDAP settings in the Virtual Office portal. At least 40 confirmed victims have been reported in the latest attack wave, affecting organizations using outdated or misconfigured SonicWall firewalls.
Analyst Comments: Akira’s use of CVE-2024-40766—rated CVSS 9.8—alongside legacy credential issues and insecure remote access settings demonstrates a highly efficient intrusion-to-encryption timeline of just 10 hours. The continued exposure of over 430,000 SonicWall devices globally underscores a severe attack surface. Organizations must treat firewall migrations and remote access portals as high-risk vectors, especially in ICS and hybrid cloud environments.
FROM THE MEDIA: Central to the attack is CVE-2024-40766, a privilege escalation flaw disclosed in August 2024 with a CVSS score of 9.8. Akira and the affiliated Fog group have used this flaw with SSLVPN misconfigurations and default LDAP settings in the SonicWall Virtual Office portal. These weaknesses enable attackers to configure multi-factor authentication (MFA) settings even with leaked credentials. Bitsight reports that over 438,000 SonicWall devices remain exposed online. At least 100 organizations were attacked from September to December 2024, with 40 new confirmed incidents in 2025 tied to legacy credentials during firewall upgrades. Security experts recommend immediate upgrades to SonicOS 7.3.0, enforcing MFA, and limiting Virtual Office access to internal networks only.
READ THE STORY: DBAPPSEC
HybridPetya Ransomware Exploits UEFI Secure Boot Bypass (CVE-2024-7344)
Bottom Line Up Front (BLUF): A new ransomware variant dubbed HybridPetya has emerged as the latest evolution of the infamous Petya/NotPetya family. Exploiting CVE-2024-7344 to bypass UEFI Secure Boot protections, the malware installs a malicious EFI application to gain control over the boot process, encrypts the Master File Table (MFT), and renders systems unusable unless a ransom is paid.
Analyst Comments: Its development shows how attackers target firmware and hardware trust anchors, which are more difficult to patch and detect than traditional malware. Although current samples may be proof-of-concept and not yet widespread, the ransomware’s sophistication and ability to persist below the OS layer make it a serious future threat. Organizations lagging on firmware or OS updates — especially those that skipped Microsoft’s January 2025 patches — are at elevated risk.
FROM THE MEDIA: This follows a near-shutdown earlier in the year, when CISA almost let MITRE’s operating contract expire, only extending it until March 2026. The CVE Foundation, an alternative initiative launched by board members seeking neutral, nonprofit stewardship, has opposed CISA’s approach, advocating for diversified funding and international governance. CISA’s Nicholas Andersen argued that national security demands a government-led system, criticizing privatization as a conflict-of-interest risk. Despite inquiries, CISA did not elaborate on its future funding or control mechanisms, and MITRE offered only a generic statement of support for continued collaboration.
READ THE STORY: GBhackers
ChillyHell macOS Backdoor Masquerades as Legitimate App, Remains Undetected for Four Years
NOTE:
UNC4487 was observed compromising the websites of Ukrainian government entities to redirect and socially engineer targets to execute MATANBUCHUS or CHILLYHELL malware Mandiant Fusion available in Google SecOps E+ | by Chris Martin (@thatsiemguy) | Medium. This suggests they employ watering hole attacks and social engineering tactics to distribute their malware payloads.
Bottom Line Up Front (BLUF): ChillyHell highlights the growing risk of notarized yet malicious software bypassing macOS security mechanisms, undermining trust in Apple’s code-signing infrastructure. By using legitimate developer certificates and hosting payloads on cloud platforms like Dropbox, the attackers demonstrate a sophisticated and stealthy attack strategy. Its modular architecture allows for dynamic payload delivery and rapid capability expansion, making it a persistent threat. As threat actors continue to exploit trusted channels, this case underscores the urgent need to reassess supply chain security and endpoint trust assumptions.
Analyst Comments: ChillyHell highlights the growing risk of notarized yet malicious software bypassing macOS security mechanisms, undermining trust in Apple’s code-signing infrastructure. The attackers demonstrate a sophisticated and stealthy attack strategy by using legitimate developer certificates and hosting payloads on cloud platforms like Dropbox. Its modular architecture allows for dynamic payload delivery and rapid capability expansion, making it a persistent threat. As threat actors continue to exploit trusted channels, this case underscores the urgent need to reassess supply chain security and endpoint trust assumptions.
FROM THE MEDIA: Attributed to the APT group UNC4487, the malware is written in C++ and optimized for Intel-based macOS systems. A developer certificate associated with the malware was notarized by Apple in 2021, allowing it to bypass macOS’s Gatekeeper security. ChillyHell uses three persistence methods: installation as a LaunchAgent under user permissions, as a LaunchDaemon with system privileges, and through shell profile file modifications (e.g., .zshrc or .bash_profile). It also employs timestomping techniques to align file timestamps with legitimate files, evading detection. The malware was hosted on Dropbox for years and only surfaced on VirusTotal in May 2025. It has reportedly targeted Ukraine’s government travel infrastructure, raising concerns about notarization misuse and ongoing supply chain threats.
READ THE STORY: DBAPPSEC
New Malware Campaign Uses Azure Functions as Command and Control for Stealthy Payload Delivery
Bottom Line Up Front (BLUF): A malicious ISO image named Servicenow-BNM-Verify.iso was uploaded from Malaysia and contains a DLL sideloading attack that transmits system data to an Azure-backed API endpoint. The campaign demonstrates a new level of cloud abuse and stealth by embedding payloads into legitimate cloud services.
Analyst Comments: Using Azure Functions as C2 provides scalability and allows attackers to exploit the implicit trust defenders often place in legitimate cloud platforms. DLL sideloading, payload encryption, and unhooking techniques point to a highly skilled adversary aiming to avoid traditional detection mechanisms. The fabricated timestamp (1984) and unique mutex checks strongly focus on evasion and persistence. Organizations should assume cloud service abuse is the new normal in advanced threat campaigns.
FROM THE MEDIA: The attacker places a malicious DLL (libwaapi.dll) alongside legitimate components, triggering in-memory payload injection. The final payload decrypts and injects shellcode into chakra.dll, then communicates with logsapi.azurewebsites[.]net/api/logs, a Microsoft Azure Function endpoint, to exfiltrate system metadata including usernames, processes, architecture, and uptime. A similar DLL sample was found in Singapore, indicating regional spread. Using event-driven serverless cloud functions for command execution marks an evolution in attacker tradecraft.
READ THE STORY: GBhackers
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.