This week's security landscape reveals a critical shift: attackers are weaponizing everyday tools and developer workflows, from AI-assisted malware development to compromised browser extensions and VS Code backdoors. The recurring theme is that traditional patching cycles are failing, and the attack surface now includes the very tools professionals use daily.
The Illusion of Safety in Patched Systems
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every day, software keeps becoming the entry point.
The most telling example comes from Fortinet, where a supposedly fixed vulnerability in FortiCloud SSO authentication is being exploited on fully-patched firewalls. The company confirmed it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on devices that had been fully upgraded to the latest release. This suggests attackers have found a new attack path beyond the original patch.
The activity exploits an incomplete patch for CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. In the absence of a complete fix, Fortinet advises users to restrict administrative access of edge network devices and turn off FortiCloud SSO logins by disabling the "admin-forticloud-sso-login" setting.
This incident underscores a fundamental problem in modern security: patches are often incomplete, and attackers exploit the gap between disclosure and full remediation. The "patch now" mantra assumes patches are comprehensive, but reality is messier.
AI as a Force Multiplier for Malware Development
The discovery of VoidLink, a Linux malware targeting cloud servers, marks a watershed moment in malware evolution. Researchers at Check Point believe the malware was likely generated almost entirely by artificial intelligence, signaling a significant shift in how advanced malicious programs are designed.
What alerted researchers to AI involvement was a development plan that accompanied the project and was accidentally left exposed by its author. The developer utilized regular checkpoints to ensure the model was developing as instructed and that the code worked. The result was malware described as "sophisticated, modern and feature-rich."
"The security community has long anticipated that AI would be a force multiplier for malicious actors," Check Point noted. "Until now, however, the clearest evidence of AI-driven activity has largely surfaced in lower-sophistication operations, often tied to less experienced threat actors, and has not meaningfully raised the risk beyond regular attacks. VoidLink shifts that baseline: its level of sophistication shows that when AI is in the hands of capable developers, it can materially amplify both the speed and the scale at which serious offensive capability can be produced."
From a defensive point of view, the use of AI also complicates attribution, as the generated code removes a lot of usual clues and makes it harder to determine who's really behind an attack. This represents a fundamental change in the threat landscape—attackers can now generate novel malware variants at scale, making signature-based detection increasingly obsolete.
Developer Workflows Under Attack
The North Korean threat actors behind the Contagious Interview campaign have evolved their tactics, now using Microsoft Visual Studio Code (VS Code) to deliver a previously unseen backdoor that enables remote code execution on developer systems. This attack chain is particularly insidious because it exploits the trust developers place in their tools.
The attack starts when targets are asked to clone and open malicious repositories hosted on GitHub, GitLab, or Bitbucket, typically framed as part of a technical assignment or code review exercise related to the hiring process. The critical vulnerability lies in VS Code's runOptions property, which supports a runOn value of folderOpen, causing defined tasks to execute automatically when a workspace is opened.
Abstract Security explains: "Contagious Interview actors exploit this by including malicious shell commands in tasks.json files. When a victim clones a repository to their local machine and opens it in VS Code, the malicious task executes and kicks off the infection chain leading to malware installation."
The malicious payloads are mostly hosted on Vercel domains, but other domains like vscodeconfig[.]com and vscode-load.onrender[.]com have also been identified. In at least one case, the tasks.json file is used to install a malicious npm package named "jsonwebauth."
This campaign has been active since 2022, primarily targeting software developers and IT professionals, especially in the blockchain and cryptocurrency sectors. Researchers have identified as many as 3,136 individual IP addresses linked to likely targets between August 2024 and September 2025, with concentrations in South Asia and North America.
Browser Extensions: The New Corporate Endpoint
Browser extensions have become a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. This week revealed multiple extension-based attacks:
CrashFix Malvertising Campaign
A malvertising campaign uses a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser as a precursor to ClickFix attacks. Unlike typical ClickFix schemes that use non-existent security alerts or CAPTCHAs, the CrashFix variant leverages a malicious extension that first intentionally crashes the victim's browser and then delivers a fraudulent fix.
When the browser is restarted, the extension displays a deceptive pop-up showing a fake warning and suggesting scanning the system to identify the problem. Doing so opens a new window with a bogus warning about detected security issues, along with instructions on how to fix the problem—which involve executing malicious commands in the Windows Run prompt, a typical ClickFix fashion. The attacks deliver a new Python-based remote access tool called ModeloRAT.
H-Chat Assistant Steals OpenAI API Keys
A malicious Google Chrome extension named H-Chat Assistant (ID: dcbcnpnaccfjoikaofjgcipcfbmfkpmj) with over 10,000 users has been found to steal users' OpenAI API keys at scale. It's estimated to have exfiltrated at least 459 unique API keys to an attacker-controlled Telegram channel.
Once the extension is installed, users are prompted to add an OpenAI API key to interface with the chatbot. The API key exfiltration occurs once a user deletes a chat or chooses to log out of the application. While the extension works as advertised, compromised keys could enable unauthorized access to affected users' OpenAI instances.
Stanley Toolkit Guarantees Chrome Web Store Approval
A threat actor is selling access to a toolkit dubbed Stanley that can build malicious Chrome extensions that pass the Web Store verification process. For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publication on the Chrome Web Store.
The toolkit is being sold on a Russian-speaking hacking forum and comes with a C2 panel that allows customers to target individual infections for specific actions. Once a target is selected, attackers configure URL hijacking rules specific to that user. Beyond passive hijacking, operators can actively lure users to targeted pages through real-time notification delivery that comes from Chrome itself, not a website, carrying more implicit trust.
Critical Vulnerabilities That Won't Go Away
GNU InetUtils telnetd: An 11-Year-Old Flaw
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061 (CVSS score: 9.8), affects all versions from 1.9.3 up to and including 2.7, introduced as part of a code change in March 2015.
The flaw allows an attacker to establish a Telnet session without providing valid credentials, granting unauthorized access to the target system. SafeBreach Labs described it as easy to exploit, noting that an attacker can supply a "-f" flag for the "/usr/bin/login" executable, effectively skipping interactive authentication and giving them a root shell. A public proof-of-concept exploit is available.
Vivotek Legacy Camera Command Injection
Akamai disclosed details of a new vulnerability within Vivotek legacy firmware that allows remote users to inject arbitrary code into the filename supplied to upload_map.cgi. Assigned CVE-2026-22755 (CVSS score: 9.3), this exploit affects a wide range of legacy camera models, allowing attackers to execute malicious commands as the root user without authentication.
OpenKM Zero-Days Remain Unpatched
Multiple zero-day vulnerabilities have been disclosed in OpenKM that could result in remote code execution, unrestricted SQL execution, and file disclosure. According to Terra System Labs, the flaws remain unpatched and allow a single authenticated administrator to fully compromise the OpenKM server, backend database, and sensitive stored documents.
The Broader Pattern: Speed and Scale
According to vulnerability management company VulnCheck, 884 vulnerabilities were exploited for the first time in 2025, up from 768 CVEs in 2024. A staggering 28.96% of Known Exploited Vulnerabilities (KEVs) were weaponized on or before the day their CVE was published, an increase from 23.6% observed in 2024.
Network edge devices, including firewalls, VPNs, and proxies, were the most frequently targeted technologies, followed by content management systems and open source software. "This reinforces the urgency for organizations to act quickly on newly disclosed vulnerabilities while continuing to reduce long-standing vulnerability backlogs," VulnCheck said.
Practical Takeaways for Security Teams
Assume patches are incomplete: The Fortinet incident shows that "patched" systems can still be vulnerable. Implement defense-in-depth and monitor for anomalous behavior even after patching.
Scrutinize developer tools: The VS Code attack demonstrates that developer workflows are now prime targets. Implement strict controls on repository cloning and workspace opening, especially for external repositories.
Audit browser extensions: Extensions have become a critical attack vector. Consider enterprise policies that restrict extension installation and regularly audit existing extensions for suspicious behavior.
Prioritize edge device security: With network edge devices being the most targeted, ensure these systems have strict access controls, regular firmware updates, and comprehensive logging.
Prepare for AI-generated threats: Traditional signature-based detection will become less effective. Invest in behavioral analysis and anomaly detection that can identify novel malware patterns.
Implement rapid response protocols: With 28.96% of vulnerabilities being exploited on or before CVE publication, organizations need automated patching and rapid response capabilities.
The security landscape has fundamentally shifted. Attackers are moving faster, using more sophisticated tools, and targeting the very systems and workflows that organizations depend on. The old model of periodic patching and perimeter defense is no longer sufficient. Security must be continuous, adaptive, and deeply integrated into every aspect of the technology stack.
Comments
Please log in or register to join the discussion