08/01/2025-08/07/2025 Apex One Flaws Exploted in the Wild, NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code, Malicious AI-generated npm Package Hits Solana Users And More.

1. Trend Micro Apex One Flaws Exploted in the Wild (CVE-2025-54948, CVE-2025-54987)

Trend Micro has warned of two unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting its on-premise Apex One endpoint security platform. These flaws, which could lead to remote code execution, are currently under active investigation following reports of attempted exploitation. A full patch is expected mid-August 2025, but a temporary “fix tool” is available. It mitigates the risk but disables the Remote Install Agent function; other install methods remain unaffected.

The flaws exist in the Apex One console (TCP ports 8080 and 4343) due to improper input validation. They affect versions 20216 and below, as well as Management Server Version 14039 and earlier. Mitigations for cloud versions were deployed on July 31. The flaws require console access, so Trend Micro urges organizations to restrict exposure and apply the fix immediately—followed by the patch when released.

2. NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Multiple security flaws have been discovered in NVIDIA’s Triton Inference Server for Windows and Linux, potentially allowing remote, unauthenticated attackers to take full control of affected systems. The open-source platform, used for running AI models, is vulnerable to remote code execution (RCE), denial of service, and data tampering.

Three key CVEs (CVE-2025-23319, CVE-2025-23320, CVE-2025-23334) impact the Python backend, which handles inference requests for AI frameworks like PyTorch and TensorFlow. Chained together, these bugs could leak internal memory details and lead to a complete server compromise.

Wiz researchers demonstrated how an attacker could exploit these flaws without credentials, posing serious risks such as model theft, AI response manipulation, and network infiltration.

NVIDIA has patched the issues in version 25.07 and also addressed additional critical bugs (CVE-2025-23310, CVE-2025-23311, CVE-2025-23317) related to unsafe HTTP request handling. Users are strongly urged to update to stay protected.

3. Malicious AI-generated npm Package Hits Solana Users

An AI-generated npm package, @kodane/patch-manager, was flagged for draining Solana wallets and removed after over 1,500 downloads on July 28, 2025. Disguised as a “Registry Cache Manager,” it hid malicious scripts that targeted macOS, Linux, and Windows systems. It used postinstall scripts to hide files and established persistence through a background script (connection-pool.js) connecting to an open C2 server. Once wallets were found, a second script (transaction-cache.js) drained funds to a hardcoded Solana address.

The malware, uploaded by a user named “Kodane,” had 19 versions published in just two days. Despite its malicious purpose, the package had polished documentation and code, likely AI-generated. Cybersecurity firm Safety noted patterns typical of AI tools like Claude, such as excessive logs, emojis, and frequent use of terms like “Enhanced.” Analysts believe AI was used to make the code look professional and trustworthy, increasing download rates before discovery.

4. Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

A critical vulnerability (CVE-2025-5394) in the Alone – Charity Multipurpose Non-profit WordPress Theme is being actively exploited to hijack websites. Rated 9.8 on the CVSS scale, the flaw affects all versions up to 7.8.3 and was patched in version 7.8.5 on June 16, 2025. The issue stems from a missing capability check in the alone_import_pack_install_plugin() function. This allows unauthenticated users to upload arbitrary plugins via AJAX, enabling remote code execution and full site takeover. Exploitation began on July 12, ahead of public disclosure, suggesting attackers may have monitored code changes. Wordfence reports over 120,000 blocked exploit attempts, many deploying ZIP archives containing PHP backdoors to run remote commands or create rogue admin accounts. Admins using the theme should immediately update, review admin users, and scan for suspicious AJAX requests to /wp-admin/admin-ajax.php?action=alone_import_pack_install_plugin.

07/24/2025-07/31/2025 Phishing Attack Targeting Developers With Fake PyPI Site, Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages And More.

1. Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Researchers have disclosed a now-patched critical flaw in Base44, a popular AI-powered “vibe coding” platform owned by Wix, that allowed unauthorized access to private applications. The issue, tracked as CVE-2025-31324, stemmed from exposed registration and OTP verification endpoints that required only a visible “app_id” to bypass authentication, including SSO protections. Wiz discovered the vulnerability and reported it on July 9, 2025. Wix issued a fix within 24 hours, and there’s no evidence of active exploitation. The flaw allowed attackers to register and verify accounts for private apps, gaining full access without permission. As AI tools like Base44 rise in popularity, ensuring built-in security is critical. Experts also warn that generative AI systems remain vulnerable to prompt injection, jailbreaks, and misconfigurations, underlining the need for proactive security frameworks like toxic flow analysis.

2. PyPI Warns of New Phishing Attack Targeting Developers With Fake PyPI Site

PyPI has issued an urgent warning about an ongoing phishing campaign targeting developers through domain spoofing to steal credentials. The attack uses emails from [email protected] (a typosquatted version of pypi.org) with the subject “[PyPI] Email verification.” These emails direct users to a fake website that mimics PyPI’s login page.

The phishing site uses pass-through authentication to capture credentials while forwarding them to PyPI, tricking users into believing they’ve logged in safely. The campaign targets developers with public emails linked to published PyPI packages. PyPI confirms that its systems remain secure and that this is an external phishing attempt, not a breach. A warning banner has been added to the official site, and PyPI is working with domain registrars and CDNs to shut down the malicious infrastructure.

Developers are urged to verify URLs before logging in, delete suspicious emails, and change passwords immediately if compromised. Monitoring account activity is also strongly advised.

3. U.S. CISA Adds Cisco ISE and PaperCut NG/MF Flaws to its Known Exploited Vulnerabilities Catalog

CISA has added critical flaws in Cisco Identity Services Engine (ISE) and PaperCut NG/MF to its Known Exploited Vulnerabilities (KEV) catalog. The Cisco flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—allow unauthenticated, remote attackers to execute code as root via vulnerable APIs. Cisco confirmed attempted exploitation in July 2025 and urges users to upgrade immediately. CVE-2025-20281 and CVE-2025-20282 (CVSS 10) affect ISE/ISE-PIC 3.3+ and 3.4, respectively, while CVE-2025-20337 is a newly patched, similar flaw.

Also added is CVE-2023-2533, a CSRF vulnerability in PaperCut NG/MF (CVSS 8.4), which allows attackers to hijack admin sessions and change security settings through crafted malicious links. While Cisco hasn’t revealed details on the threat actors, federal agencies must address these vulnerabilities under Binding Operational Directive 22-01. Private organizations are also urged to review the KEV catalog and patch affected systems promptly.

4. Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages

In a recent software supply chain attack, unknown threat actors compromised Toptal’s GitHub organization and uploaded 10 malicious packages to the npm registry. The packages, which were downloaded around 5,000 times, contained code to steal GitHub tokens and delete files on both Windows and Linux systems. The attack targeted preinstall and postinstall scripts, sending stolen data to a webhook site before wiping the victim’s system. The breach also exposed 73 private Toptal repositories. It’s unclear how the compromise occurred—potential causes include stolen credentials or insider threats. All affected packages have been reverted to safe versions.

Separately, another campaign targeted both npm and PyPI with spyware capable of keylogging, screenshot and webcam capture, and data theft. Data was sent via Slack webhooks, Gmail SMTP, and AWS Lambda.

Additionally, the Amazon Q extension for VS Code was found to contain malicious commands to delete user systems and AWS resources. Amazon has removed the rogue version and released a fixed update.

07/16/2025-07/23/2025 SysAid Vulnerability Exploitation, Active Exploitation Of ISE and ISE-PIC Flaws, npm Linter Packages Hijacked And More.

1. CISA Warns of SysAid Vulnerability Exploitation

CISA has added two recently patched SysAid On-Prem vulnerabilities—CVE-2025-2776 and CVE-2025-2775—to its KEV catalog. Patched in March 2025 with version 24.4.60 of SysAid’s ITSM software, the flaws are pre-authentication XML external entity (XXE) issues discovered by WatchTowr in December 2024.

WatchTowr published proof-of-concept (PoC) exploit code in May 2025 and warned that the bugs could be chained with CVE-2024-36394, a separate OS command injection flaw, to enable unauthenticated remote command execution. Despite this, CVE-2024-36394 has not been added to the KEV list.

SysAid claims over 10 million users worldwide, though only 77 vulnerable internet-exposed instances were identified at disclosure. CISA notes there’s no evidence these flaws have been used in ransomware attacks. However, SysAid products have been previously targeted—most notably in 2023 by Cl0p ransomware exploiting a zero-day (CVE-2023-47246). 

2. Cisco Сonfirms Active Exploitation Of ISE and ISE-PIC Flaws

Cisco has confirmed active exploitation of critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), observed in July 2025. The flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—allow unauthenticated remote attackers to execute arbitrary code with root privileges.
The company warns that attackers are targeting these vulnerabilities in the wild and strongly urges customers to upgrade to fixed software versions. CVE-2025-20281 and CVE-2025-20282 (both CVSS 10) affect ISE/ISE-PIC versions 3.3+ and 3.4, respectively, enabling code execution via vulnerable or internal APIs due to poor input and file validation.

CVE-2025-20337, patched last week, is similar to CVE-2025-20281 and also allows root-level code execution. All three flaws stem from improper validation mechanisms, making it possible to upload malicious files or send crafted API requests.

3. Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft has released patches for CVE-2025-53770, a critical remote code execution flaw (CVSS 9.8) in on-premises SharePoint Server actively exploited in the wild. The flaw stems from the deserialization of untrusted data. A related spoofing vulnerability, CVE-2025-53771 (CVSS 7.1), was also disclosed and patched with enhanced protections.

Both issues are tied to earlier flaws (CVE-2025-49704 and CVE-2025-49706) used in a ToolShell exploit chain patched in July 2025. Microsoft noted that CVE-2025-53770 is a variant of CVE-2025-49706.

Only on-premises SharePoint versions are affected, including Server 2016, 2019, and Subscription Edition. SharePoint Online is unaffected.

Customers are urged to apply the latest updates, enable AMSI in Full Mode, rotate ASP.NET machine keys, and restart IIS. Over 50 organizations, including banks and universities, have reportedly been compromised since July 18.

CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, mandating fixes for U.S. federal agencies by July 21, 2025.

4. EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Threat actor EncryptHub (aka LARVA-208/Water Gamayun) is targeting Web3 developers with stealer malware, using fake AI platforms like “Norlax AI” to lure victims through job offers and portfolio reviews. Swiss firm PRODAFT revealed the attackers trick targets into clicking meeting links sent via X, Telegram, or job board Remote3. An initial Google Meet call builds trust before redirecting victims to Norlax AI, where a fake audio driver error prompts malware download.

The malware, disguised as a Realtek audio driver, uses PowerShell to deploy Fickle Stealer, harvesting crypto wallets and dev credentials, then sending them to a server dubbed SilentPrism. This marks a shift in EncryptHub’s tactics from ransomware to data theft and resale.

5. Popular npm Linter Packages Hijacked via Phishing to Drop Malware

Several widely used JavaScript libraries, including eslint-config-prettier (30M+ weekly downloads), were hijacked in a supply chain attack after the maintainer, JounQin, fell for a phishing email mimicking npm support. Other impacted packages include eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall.

On July 18, developers noticed suspicious behavior in versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7 of eslint-config-prettier, which lacked corresponding GitHub changes. The attacker used a stolen npm token to inject malicious postinstall scripts running install.js, which executed a trojanized DLL (node-gyp.dll) via Windows’ rundll32.
The malicious DLL is currently flagged by only 19 of 72 antivirus engines on VirusTotal.

Security researcher MalwareUtkonos also flagged a similar compromise of the got-fetch package by a different maintainer, suggesting the same threat actor is behind both attacks. That maintainer has since archived the GitHub repo and deprecated all versions.

Developers are urged to review affected packages and avoid installing compromised versions.

6. Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are abusing public GitHub repositories to host malicious payloads and distribute them via Amadey malware. The campaign involves fake GitHub accounts hosting Amadey plugins and tools, delivered using the Emmenhtal loader (aka PEAKLIGHT). The campaign mirrors a February 2025 phishing attack that distributed SmokeLoader via Emmenhtal, targeting Ukrainian organizations. In this latest campaign, Emmenhtal delivers Amadey, which can collect system data and deploy payloads like Lumma, RedLine, and Rhadamanthys Stealers. Some JavaScript and Python scripts in the GitHub repos are updated versions of Emmenhtal loaders.
GitHub has since taken down the fake accounts, but the activity reflects broader malware-as-a-service (MaaS) abuse of trusted platforms.

Meanwhile, Trellix reported SquidLoader targeting financial firms in Hong Kong. It employs advanced anti-analysis features and drops Cobalt Strike beacons.