11/19/2025-11/26/2025 JSONFormatter and CodeBeautify, Critical Oracle Identity Manager Flaw, Attackers Innovating on npm And More

1. Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research shows that organizations across sensitive sectors — including governments, telecoms, and critical infrastructure — have been pasting passwords and credentials into online formatting tools like JSONFormatter and CodeBeautify. Cybersecurity firm watchTowr Labs collected over 80,000 publicly accessible files containing thousands of usernames, passwords, authentication keys, database and cloud credentials, API keys, and even SSH session recordings. The dataset includes five years of JSONFormatter history and one year from CodeBeautify, totaling over 5GB of exposed data. Affected sectors range from finance and healthcare to aerospace and cybersecurity.

The issue stems from these tools’ “save” feature, which creates predictable, shareable URLs that can be easily scraped. Researchers found leaked Jenkins secrets, bank KYC data, and AWS credentials—and even saw fake keys they uploaded targeted within 48 hours, indicating active exploitation. Following the findings, both sites disabled the save function, saying they are working on improved safety measures.

2. Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

A critical vulnerability (CVE-2025-61757) in Oracle Identity Manager, disclosed by Searchlight Cyber, may have been exploited as a zero-day before being patched in October 2025. This pre-authentication flaw allows attackers to bypass security, execute code, and fully compromise systems, potentially breaching servers containing sensitive user data.

The SANS Institute checked its honeypot logs after technical details were made public. They discovered scanning activity for the vulnerability occurring between August 30 and September 9—weeks before Oracle’s patch was available. This suggested potential early exploitation. However, Searchlight Cyber has since clarified that this observed activity was not from malicious actors. The company confirmed that the scans were conducted by its own security researchers as part of their investigation and efforts to notify organizations at risk. Therefore, while the vulnerability was severe, the pre-patch scanning appears to have been benign research.

3. The Second Coming of Shai-Hulud: Attackers Innovating on npm

The Shai-Hulud campaign has returned with improved automation and persistence, now rebranded as “Sha1-Hulud.” In days, it has generated thousands of malicious npm packages, even hijacking legitimate ones. First seen in 2025, the worm automatically clones itself across repositories; this new variant is more advanced and still spreading. Researchers at Wiz, Aikido, and Sonatype have identified over 2,100 malicious packages, showing how attackers now weaponize the same automation developers rely on.

Sha1-Hulud steals npm tokens, GitHub credentials, and cloud keys from infected systems, then uses them to publish new packages—turning developer pipelines into its distribution network. Large, complex samples helped it evade AI-based code analysis, with ChatGPT and Gemini incorrectly classifying the payloads as safe. This shift marks an evolution from compromising individual packages to exploiting the entire software ecosystem.

The campaign highlights accelerating attacker innovation and the need for rapid, automated defensive controls across dependency management, credentials, and CI/CD pipelines.

4. ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

A critical vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is being actively exploited to distribute the sophisticated ShadowPad malware. This flaw, a critical deserialization issue patched last month, allows attackers to execute remote code with system-level privileges.

Following the public release of a proof-of-concept exploit, threat actors have weaponized the vulnerability. They target exposed WSUS servers to gain initial access, using tools like PowerCat to obtain a system shell. They then leverage Windows utilities like certutil and curl to download and install ShadowPad from a remote server.

ShadowPad is a modular backdoor, widely considered a successor to PlugX and often linked to Chinese state-sponsored groups. It employs stealth techniques like DLL side-loading through a legitimate executable to launch its payload. Once active, the malware establishes a persistent presence and can load various plugins, posing a severe threat to compromised systems. This activity highlights the rapid weaponization of critical vulnerabilities.

5. Grafana Warns of Max Severity Admin Spoofing Vulnerability

Grafana Labs has disclosed a critical vulnerability (CVE-2025-41115) in Grafana Enterprise that could allow new users to be treated as administrators or enable privilege escalation. The flaw is only exploitable when SCIM provisioning is enabled, with both the enableSCIM flag and user_sync_enabled set to true. Due to a design issue, a malicious SCIM client could supply a numeric externalId—mapped directly to Grafana’s internal user.uid—allowing impersonation of existing accounts, including the admin user. SCIM remains a limited-support “Public Preview,” so exposure may be low.

The issue affects Grafana Enterprise versions 12.0.0–12.2.1; Grafana OSS is not impacted. Grafana Cloud and managed services have already been patched. Self-managed users should upgrade to versions 12.3.0, 12.2.1, 12.1.3, or 12.0.6, or disable SCIM. Grafana says the bug was discovered internally on November 4, fixed within 24 hours, and found not to be exploited in the cloud. Users are urged to patch immediately.

11/12/2025-11/19/2025 New FortiWeb CVE-2025-58034 Vulnerability, New Chrome Zero-Day Flaw Exploited, 7 npm Packages Caught Hiding Crypto Scams And More

1. Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has disclosed a new FortiWeb vulnerability, CVE-2025-58034, which is already being exploited in the wild. Rated medium-severity with a CVSS score of 6.7, the flaw stems from OS command injection (CWE-78) and could allow an authenticated attacker to run unauthorized commands via crafted HTTP requests or CLI inputs. Because exploitation requires prior authentication, attackers must combine this bug with another method to gain access first. Fortinet has released fixes across multiple FortiWeb branches, urging users to upgrade to the latest patched versions. The advisory comes shortly after it emerged that Fortinet had quietly patched another severe FortiWeb flaw, CVE-2025-64446 (CVSS 9.1), without issuing a public warning. The lack of transparency has drawn criticism from security experts, who argue that withholding vulnerability details hinders defenders while giving attackers an advantage.

2. Google Аixes New Chrome Zero-Day Flaw Exploited in Attacks

Google has released an emergency update to patch CVE-2025-13223, the seventh Chrome zero-day vulnerability exploited in attacks this year. This high-severity flaw, a type confusion weakness in the V8 JavaScript engine, was reported by Google’s Threat Analysis Group (TAG), which often uncovers government-backed spyware campaigns targeting journalists and dissidents. The fix is available in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. While the rollout will take weeks, the update was immediately available for manual checking. Users can ensure they are protected by going to Help > About Google Chrome to trigger the update and then relaunching the browser. Google has restricted full bug details to prevent further exploitation until most users are updated. 

3. Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks

Security researchers at Oligo have uncovered “ShadowMQ,” a series of critical Remote Code Execution vulnerabilities in major AI inference servers from Meta, NVIDIA, Microsoft, and open-source projects like vLLM. The flaw stems from the unsafe combination of ZeroMQ and Python’s pickle module, allowing arbitrary code execution on unauthenticated network sockets.

This security issue spread through widespread code reuse; for instance, SGLang’s code was directly adapted from vLLM, which itself copied the vulnerable pattern from Meta’s Llama Stack. The flaw exposed the AI infrastructure of major companies, including xAI, AMD, and cloud providers like Google and Microsoft, with thousands of vulnerable servers found on the public internet. Exploitation could lead to full system compromise, data theft, or cryptomining.

While Meta, NVIDIA, and others have patched their frameworks by replacing pickle with safer alternatives like JSON, some projects, including Microsoft’s Sarathi-Serve, remain vulnerable. Organizations must immediately patch, avoid using pickle with untrusted data, and restrict network access to these services. This incident demonstrates how code reuse can propagate critical security flaws across the entire AI ecosystem.

4. Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Researchers have uncovered a massive spam campaign that has flooded the npm registry with tens of thousands of fake packages since early 2024. The operation, dubbed the IndonesianFoods Worm, has published more than 67,000 junk packages using a worm-like script hidden in each upload. The code only runs when a user manually executes a JavaScript file, which then generates and publishes new packages in an endless loop. This design helps the malware evade automated scanners, allowing it to persist for nearly two years.

The spam packages use consistent naming patterns—often Indonesian names or food terms—and masquerade as Next.js projects. They also reference each other as dependencies, creating a self-replicating network that strains npm infrastructure and pollutes search results. Evidence suggests the campaign aims to earn TEA tokens by inflating package activity metrics. GitHub and AWS have removed many of the malicious packages, but over 150,000 related uploads have been identified, highlighting the scale of the threat and the ease of abusing open-source ecosystems.

5. 7 npm Packages Caught Hiding Crypto Scams

Cybersecurity researchers have identified seven malicious npm packages uploaded by a threat actor known as dino_reborn between September and November 2025. The packages—each downloaded a few hundred times—use a cloaking service called Adspect to differentiate real victims from security researchers. Adspect, marketed as a “bulletproof cloaking” tool for ad campaigns, filters traffic and hides malicious behavior, redirecting victims to crypto-themed scam sites while showing researchers harmless decoy pages.

Six of the packages contain a 39 kB malware component that fingerprints the system, hides itself, and blocks browser developer tools to evade analysis. The code executes immediately via an IIFE. One package, signals-embed, acts as a decoy, sending visitor data to an Adspect proxy before determining whether to show a fake CAPTCHA that leads to crypto scams or a blank page for suspected researchers. The findings surface alongside reports of large-scale npm abuse, including over 150,000 spam packages linked to TEA token farming campaigns.

11/05/2025-11/12/2025 126 Npm Package Targeting GitHub-Owned Repositories, Vibe-Coded Malicious VS Code Extension, Malicious NuGet Packages And More

1. Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers uncovered a malicious npm package, “@acitons/artifact,” that mimics GitHub’s legitimate “@actions/artifact” to target GitHub-owned repositories.The goal was to execute a script during GitHub builds, steal access tokens, and publish malicious artifacts.Six versions (4.0.12–4.0.17) contained a post-install hook that downloaded malware, though the latest npm version (4.0.10) is clean. The package, uploaded on October 29, 2025, had over 47,000 total downloads before the malicious versions were removed. Another similar package, “8jfiesaf83,” was downloaded about 1,000 times before removal. Analysis showed the malware downloaded a “harness” binary and executed “verify.js” to extract GitHub workflow data, sending it in encrypted form to a GitHub subdomain. GitHub later confirmed the incident was part of a Red Team security exercise, stating no systems or data were ever at risk.

2. Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have identified a malicious VS Code extension with basic ransomware capabilities, believed to be AI-generated or “vibe-coded.” Dubbed “susvsex,” the extension was uploaded to the marketplace on November 5, 2025, by “suspublisher18.” It was designed to automatically zip, upload, and encrypt files from a test directory upon activation. Microsoft has since removed it.

Fortunately, its impact was limited by its target directory, but the code could be easily updated. The extension also used a private GitHub repository for command-and-control (C2), polling for new instructions and exfiltrating results.

In a separate incident, Datadog uncovered 17 malicious npm packages posing as legitimate SDKs. These packages, published by now-banned accounts, secretly deployed the Vidar information stealer—marking its first appearance in the npm registry. The attack leveraged postinstall scripts to download and execute the malware from a remote server.

These events highlight the persistent threat of software supply chain attacks, underscoring the need for developers to exercise caution by reviewing packages and their dependencies before use.

3. GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have uncovered three new Visual Studio Code extensions tied to the GlassWorm campaign, showing ongoing attacks on the VS Code ecosystem. The extensions — ai-driven-dev.ai-driven-dev (3,402 downloads), adhamu.history-in-sublime-merge (4,057), and yasuyuky.transient-emacs (2,431) — remain available online. First revealed by Koi Security, GlassWorm spreads through malicious VS Code extensions to steal credentials, drain cryptocurrency wallets, and install remote-access tools. It hides code using invisible Unicode characters, enabling self-replication and wider compromise.

Although Open VSX removed earlier malicious extensions and revoked tokens on October 21, 2025, new variants have reappeared, using blockchain-based command-and-control (C2) mechanisms for persistence. Researchers found the attacker’s exposed server listing victims across the U.S., South America, Europe, and Asia, including a Middle Eastern government entity.

4. Malicious NuGet Packages Drop Disruptive ‘Time Bombs’

Researchers at Socket found nine malicious NuGet packages published under shanhai666 that include sabotage payloads scheduled to trigger between Aug 8, 2027 and Nov 29, 2028, targeting .NET database libraries and Siemens S7 PLCs. The packages (including Sharp7Extend) mix legitimate functionality with a ~20-line malicious payload implemented via C# extension methods so it runs transparently on each DB or PLC operation.

On the trigger dates the code uses a random check (20% chance) to either kill the host process or, for Sharp7Extend, immediately terminate PLC communications or corrupt PLC write operations after a 30–90 minute delay. Corrupted writes can prevent actuators from receiving commands, block safety engagements, and disrupt production. Sharp7Extend also deliberately fails initialization by reading a nonexistent config value.

Socket says the developer page and packages have since been delisted after ~9,500 downloads. Organizations are urged to audit for those nine packages, assume compromise if found, verify PLC/write integrity, and implement write-verification and safety-log checks.

5. Cisco: Actively Exploited Firewall Flaws Now Abused For DoS Attacks

Cisco has warned that two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, are being exploited to force ASA and FTD firewalls into reboot loops. CVE-2025-20362 allows unauthenticated access to restricted URLs, while CVE-2025-20333 enables authenticated remote code execution. When combined, they give attackers full control over unpatched systems. Cisco released fixes on September 25, 2025, and the CISA issued an emergency directive requiring U.S. federal agencies to secure or disconnect affected ASA devices within 24 hours. Shadowserver tracks over 34,000 exposed ASA and FTD firewalls, down from nearly 50,000 in September.

The attacks are linked to the ArcaneDoor campaign and the UAT4356 group (STORM-1849), which previously exploited Cisco zero-days and deployed Line Dancer and Line Runner malware for persistence. Cisco also patched other RCE vulnerabilities, including CVE-2025-20352 and recent flaws in its Contact Center software, urging customers to apply all security updates immediately.

6. Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Google has uncovered a new experimental malware called PROMPTFLUX, a VBScript-based threat that uses Gemini AI’s API to rewrite its own source code for better obfuscation and evasion. According to Google Threat Intelligence Group (GTIG), the malware queries Gemini 1.5 Flash using a hard-coded API key to request code changes aimed at bypassing antivirus detection. PROMPTFLUX stores new versions in the Windows Startup folder for persistence and can spread via removable drives and network shares. Though its self-modifying feature is currently disabled, logs show the author’s intent to create an evolving, metamorphic script.

While still in development and not yet capable of system compromise, the malware reflects a growing trend of AI-assisted attacks. Google also cited other LLM-driven threats like FRUITSHELL, PROMPTLOCK, and PROMPTSTEAL, noting misuse of Gemini by China-, Iran-, and North Korea-linked actors to aid in phishing, malware creation, and data exfiltration.