Daily Recap, ransomware and extortion developments highlighted JadePuffer using an AI agent to automate attacks, alongside reports that a U.S. government entity paid $1 million to the Kairos group in a data-theft extortion case. The news also covered supply-chain and targeted intrusion campaigns, including PolinRider’s 108 malicious packages and browser extensions, North Korea–linked npm lures delivering BeaverTail, OtterCookie, and ContagiousInterview, and Pegasus spyware found on a European Parliament member’s phone.
#JadePuffer #Kairos #Avalon #CrownX #PolinRider #BeaverTail #OtterCookie #ContagiousInterview #ARToken #EvilTokens #Microsoft365 #Pegasus #ArmoredLikho #BusySnake #BadEpoll #NetNut
Ransomware & Extortion
- JadePuffer ransomware used an AI agent to automate the entire attack chain, while a U.S. government entity reportedly paid $1 million to the Kairos group in a data-theft extortion case. – JadePuffer AI, Kairos Extortion
- Avalon malware framework now includes CrownX-style ransomware capabilities, expanding the toolkit for destructive encryption attacks. – Avalon Update
Supply Chain & Developer Targets
- North Korean hackers published 108 malicious packages and browser extensions in the PolinRider campaign to steal developer secrets and deploy malware. – PolinRider Campaign
- North Korea-linked fake npm packages mimicking Rollup polyfills were used to deliver BeaverTail, OtterCookie, and ContagiousInterview payloads for credential theft and remote access. – npm Malware
- ARToken phishing-as-a-service exposed EvilTokens‘ Microsoft 365 phishing toolkit, showing how commercial kits are accelerating credential theft. – ARToken PhaaS
Spyware & Targeted Intrusions
- Pegasus spyware was found on the phone of a European Parliament member investigating the abuse, underscoring ongoing surveillance risks against public officials. – Pegasus Probe
- Armored Likho targeted government agencies and the power sector with the BusySnake stealer in a focused espionage campaign. – Likho Attack
Exploits, Flaws & Device Risk
- Unpatched flaws in a filesystem bundled into millions of embedded devices could enable broad compromise if attackers weaponize the weaknesses. – Filesystem Flaws
- A new Linux kernel vulnerability, BadEpoll, lets unprivileged users gain root access and also affects Android devices. – BadEpoll Flaw
Infrastructure & Takedowns
- NetNut‘s proxy network was disrupted, cutting off about 2 million infected devices and reducing the scale of the botnet-backed service. – NetNut Disruption
Law Enforcement & Legal Actions
- Security roundup items included a jailed Canadian hacker, open-source zero-days, and two people sentenced for ATM jackpotting, reflecting active enforcement and disclosure trends. – Security Roundup