05/21/2025-05/28/2025 Critical Versa Concerto Flaws, Hidden Prompts In Gitlab Duo, Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto And More.

1. Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Cybersecurity researchers have identified three critical vulnerabilities in Versa Concerto’s network security and SD-WAN orchestration platform, which could allow attackers to fully compromise affected systems. Despite being disclosed on February 13, 2025, the flaws remained unpatched past the 90-day deadline, prompting a public advisory.

The issues include CVE-2025-34025 (CVSS 8.6), a Docker privilege escalation; CVE-2025-34026 (CVSS 9.2), an authentication bypass exposing sensitive endpoints; and CVE-2025-34027 (CVSS 10.0), a flaw enabling remote code execution via arbitrary file writes. Successful exploitation of CVE-2025-34027 could allow an attacker to leverage a race condition and write malicious files to disk, ultimately resulting in remote code execution using LD_PRELOAD and a reverse shell.

Versa Networks stated the issues were fixed in version 12.2.1 GA released on April 16, 2025, with no known exploitation in the wild. Users are advised to upgrade, block semicolons in URLs, and monitor traffic for suspicious activity.

2. Hidden Prompts In Gitlab Duo Expose Source Code To Theft

 A critical vulnerability in GitLab’s AI coding assistant, Duo, exposed private code repositories through an indirect prompt injection attack, now patched. Discovered by Legit Security, the flaw allowed attackers to embed hidden prompts in merge requests, commit messages, and comments, tricking Duo into leaking sensitive data or injecting malicious HTML. Built on Anthropic’s Claude, Duo processes full-page content—including Markdown—making it vulnerable to prompts hidden in source code or UI elements. This deep integration introduced client-side risks, letting attackers manipulate responses or redirect users to phishing sites.

Researchers used obfuscation methods like Base16 encoding, Unicode smuggling, and white-text formatting to conceal prompts. These tactics made detection difficult for both developers and security tools. GitLab, following a February 12, 2025, disclosure, added protections such as structured prompts and context boundaries. While these measures reduce risk, GitLab warns they may not block all advanced attacks.

3. Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Researchers have uncovered multiple malicious campaigns abusing open-source platforms like npm and Visual Studio Code (VS Code) Marketplace to steal data and distribute malware.

Socket found 60 npm packages that exfiltrate hostnames, IPs, and user data to a Discord webhook during install. These packages, downloaded over 3,000 times, target Windows, macOS, and Linux, using sandbox evasion and encoded payloads to avoid detection. Some masqueraded as helper libraries for frameworks like React and Vue, but deployed destructive payloads that could corrupt files or crash systems. One, js-bomb, even triggered shutdowns.

Separately, a phishing campaign used a malicious npm package to redirect victims to a fake Office 365 login page. Another npm package, citiycar8, delivered second-stage JavaScript via encrypted payloads hosted on jsDelivr.

In the VS Code Marketplace, Datadog linked threat actor MUT-9332 to malware-laced extensions targeting Solidity developers. These disguised tools stole crypto wallet credentials and disabled security features. Some also deployed additional malware from remote servers. All extensions have since been removed.

A list of known malicious packages identified across the npm registry and VS Code Marketplace

Still available at time of report; downloaded 6,200+ times:

• vite-plugin-vue-extend;
• quill-image-downloader;
• js-hood;
• js-bomb (includes file deletion + system shutdown);
• vue-plugin-bomb;
• vite-plugin-bomb;
• vite-plugin-bomb-extend;
• vite-plugin-react-extend.

4. CISA Warns of Attacks Targeting Commvault SaaS Environment

A threat actor has exploited a zero-day vulnerability (CVE-2025-3928) in Commvault’s cloud-based backup platform, Metallic, to access Microsoft 365 credentials and compromise customer accounts. The attacker, likely linked to a nation-state, gained unauthorized access via Commvault’s Azure-hosted environment, though no backup data was stolen. Commvault first reported the incident in March 2025 after a Microsoft alert. Investigations revealed the threat actor used sophisticated techniques and targeted a small number of customers. The company patched the flaw and enhanced key rotation, monitoring, and configuration options to strengthen defenses. CISA warned this may be part of a larger campaign exploiting SaaS misconfigurations. It recommends rotating app secrets, applying conditional access policies, and monitoring Entra ID logs for anomalies.

On-premises users should secure management interfaces and block path traversal or unauthorized file uploads. Commvault released indicators of compromise and aligned its security measures with Microsoft’s recommendations.

05/14/2025-05/21/2025 Malicious npm Package Leverages Unicode Steganography; New Go-Based Malware ‘RedisRaider’; New Intel CPU Flaws

1. Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Cybersecurity researchers have uncovered a malicious npm package called “os-info-checker-es6” that poses as an OS utility while stealthily delivering a second-stage payload. Disguised using Unicode-based steganography, the malware uses a Google Calendar event short link as a dropper to fetch the final payload, effectively hiding attacker infrastructure. Published on March 19, 2025, by a user named “kim9123”, the package has been downloaded over 2,000 times. A related package, “skip-tot”, and three others—“vue-dev-serverr”, “vue-dummyy”, and “vue-bit”—are also linked to the campaign. The malicious code appears in a later version uploaded on May 7, 2025, hidden in the “preinstall.js” script. Although no further payloads are currently being distributed, researchers believe the campaign may be dormant, targeted, or still evolving.

Experts warn that attackers increasingly exploit trusted services like Google Calendar, urging defenders to monitor behavioral signals and validate third-party packages closely.

2. New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency

Security experts have discovered RedisRaider, a new malware campaign that targets misconfigured Redis servers to mine Monero cryptocurrency. Written in Go and heavily obfuscated using Garble, RedisRaider is designed for stealth and evasive propagation.

The malware scans for Redis servers on port 6379, confirms they’re Linux-based, then exploits commands like SET, CONFIG, and BGSAVE to install a malicious cron job. This job downloads and runs the XMRig miner while erasing traces using short-lived keys, temporary cron files, and log deletion. RedisRaider’s infrastructure also hosts a web-based Monero miner, expanding its reach to website visitors. One server involved was linked to multiple services, suggesting broader exploitation. To defend against RedisRaider, experts recommend enabling protected mode, setting strong authentication, restricting access, and monitoring for unusual activity.

3. Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

A new vulnerability, Branch Privilege Injection (BPI), affects all modern Intel CPUs. BPI allows attackers to exploit CPU prediction mechanisms to access sensitive data from other users on the same processor, reviving concerns around Spectre-style attacks.

The flaw, assigned CVE-2024-45332 (CVSS 5.7), leverages Branch Predictor Race Conditions (BPRC) to bypass privilege boundaries. Intel has issued microcode patches to mitigate the risk.

Meanwhile, researchers at Vrije Universiteit Amsterdam (VUSec) detailed new Spectre v2 variants, codenamed Training Solo, which leak kernel memory at speeds up to 17 Kb/s, completely bypassing domain isolation.

These include:

• CVE-2024-28956 (CVSS 5.7): Affects Intel Core 9th–11th Gen and Xeon 2nd–3rd Gen.
• CVE-2025-24495 (CVSS 6.8): Affects Intel CPUs with Lion Cove cores.
  Intel released patches, and AMD updated guidance to highlight risks from classic BPF use.

4. Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Cybersecurity researchers have discovered several malicious Python packages on the PyPI repository that were designed to validate stolen email addresses against TikTok and Instagram APIs. The packages, named checker-SaGaF, steinlurks, and sinnercore, were used to check if an email address was associated with legitimate social media accounts.

The main package, checker-SaGaF, sent HTTP POST requests to TikTok’s password recovery API and Instagram’s account login endpoints to verify email validity. Interestingly, the malicious payload in these packages was similar to the one found in the previously detected “discordpydebug” package. Researchers also noted similarities to the techniques used by the hacktivist group Phoenix Hyena, although attribution remains tentative. All malicious packages have been removed from PyPI.

5. Malware Found in PyPI Packages Targeting Open-Source Developers

Security researchers have identified a new wave of malicious Python packages on the PyPI repository that specifically target open-source developers. These packages were designed to steal sensitive information and gain unauthorized access to developers’ systems. The malicious code was hidden within seemingly legitimate packages that were downloaded thousands of times before being detected.

The compromised packages included backdoors that allowed attackers to execute arbitrary commands on infected systems. They also attempted to steal authentication tokens and access keys stored on developers’ machines. Researchers recommend that developers immediately review their installed packages, verify package integrity, and ensure they are using trusted sources for their dependencies.

6. Remote Code Execution Vulnerability Found in ROME Theme Kit

A critical remote code execution (RCE) vulnerability has been discovered in the ROME Theme Kit, a popular WordPress theme framework. The flaw affects all versions of the theme and could allow attackers to execute arbitrary code on vulnerable websites. The vulnerability stems from insufficient input validation in certain theme functions.

Website administrators are strongly advised to update to the latest patched version of the theme immediately. In addition, it is recommended to review server access logs for any suspicious activity and consider implementing additional security measures such as web application firewalls and regular security scans to prevent potential exploitation.

05/07/2025-05/14/2025 Ivanti EPMM Vulnerabilities, Malicious PyPI Package Posing as Solana Tool, Thousands of Node Developers Compromised And More

1. Ivanti EPMM Vulnerabilities Exploited in the Wild (CVE-2025-4427, CVE-2025-4428)

Ivanti has confirmed that attackers exploited vulnerabilities in open-source libraries to compromise on-prem Endpoint Manager Mobile (EPMM) instances of a small number of customers. The flaws, now tracked as CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution), were found in unnamed libraries and likely used as zero-days. CERT-EU flagged the issues, suggesting potential breaches of EU institutions.

Ivanti has released patched EPMM versions (11.12.0.5, 12.3.0.2, 12.4.0.2, 12.5.0.1) and advises customers to update or apply mitigations if upgrades aren’t possible. These issues affect only the on-prem EPMM product. Additionally, Ivanti patched flaws in other products: CVE-2025-22462 (auth bypass in Neurons for ITSM), CVE-2025-22460 (default credentials in Cloud Services), and an unnumbered authorization flaw in Neurons for MDM. These were reported by researchers and haven’t been seen in attacks yet.

2. Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have uncovered a malicious package on PyPI, named solana-token, which pretended to be related to the Solana blockchain but was designed to steal source code and developer secrets. Though now removed, it was downloaded 761 times since its release in April 2024.

According to ReversingLabs, the package contained a fake blockchain function, register_node(), which exfiltrated source code from the Python execution stack to a hard-coded IP address. The malware appeared to target developers working on blockchain projects, likely hoping to capture sensitive, hard-coded secrets.
The method of distribution remains unclear, though it may have been promoted on developer platforms. The incident highlights the growing trend of supply chain attacks targeting the cryptocurrency space.

Experts urge development teams to closely inspect open-source and third-party packages.

3. Thousands of Node Developers Compromised by Malware in Popular npm Packages

Malware is increasingly infiltrating the Node.js ecosystem via npm packages. Aikido Security uncovered a major supply chain attack involving the popular “rand-user-agent” package, downloaded over 45,000 times weekly. This package, used for generating randomized user-agent strings in web scraping, was found to contain a sophisticated remote access trojan (RAT). Though deprecated, the package saw three suspicious updates in recent weeks, likely after the original developer’s npm access token was compromised. Hackers used whitespace and code obfuscation to hide the RAT, which can execute shell commands and replace Python toolkits with malicious binaries. The malicious versions have since been removed, but the incident underscores the risks of compromised open-source libraries. Over 30 other npm packages used “rand-user-agent” as a dependency.

Other recent npm compromises include backdoored versions of xrpl.js and fake developer tools that hijack macOS features, showing that attackers are increasingly targeting developers and open-source repositories.

4. SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

SonicWall has released patches for three vulnerabilities in SMA 100 Series appliances that could lead to remote code execution if chained together. The flaws affect devices including SMA 200, 210, 400, 410, and 500v and are fixed in version 10.2.1.15-81sv.

The issues are:

• CVE-2025-32819 (CVSS 8.8): Lets an attacker delete arbitrary files, potentially triggering a factory reset.
• CVE-2025-32820 (CVSS 8.3): Makes any directory writable via path traversal.
• CVE-2025-32821 (CVSS 6.7): Allows file uploads via shell command injection.

Rapid7 warns these can be chained to gain root-level remote code execution. CVE-2025-32819 may be a patch bypass for a 2021 flaw and could have been exploited as a zero-day, though SonicWall hasn’t confirmed active abuse.

Users are strongly urged to update their systems immediately.

5. Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft’s May 2025 Patch Tuesday update fixes 78 vulnerabilities, including five zero-days under active exploitation. Of these flaws, 11 are Critical, 66 Important, and 28 allow remote code execution. The update also includes fixes for Edge browser issues.

The five exploited zero-days are:

• CVE-2025-30397 – Scripting Engine memory corruption enabling remote code execution;
  CVE-2025-30400 – Desktop Window Manager (DWM) privilege escalation;
• CVE-2025-32701 & 32706 – Common Log File System (CLFS) driver privilege escalations;
• CVE-2025-32709 – WinSock driver privilege escalation.

These flaws are linked to malware like QakBot and Play ransomware, and some have been exploited by APT groups.

CISA has added the five zero-days to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to patch by June 3, 2025. Additional fixes address bugs in Microsoft Defender for Endpoint and Identity, and a CVSS 10.0 flaw in Azure DevOps Server, now mitigated in the cloud.