Datadobi Announces Early Access Program for Data Access Review, a New Addition to StorageMAP 

Posted in Commentary with tags on February 26, 2026 by itnerd

Datadobi has launched an Early Access Program for Data Access Review, a new capability coming to its StorageMAP platform. Developed in direct response to customer demand for deeper visibility and control over data permissions, Data Access Review will extend StorageMAP’s value by adding actionable permissions intelligence to unstructured data management. During the Early Access program, selected customers have the opportunity to test and help shape new permissions intelligence features. 

By formalizing and expanding StorageMAP’s ability to analyze and report on access permissions, Data Access Review enables organizations to identify excessive, outdated, or inappropriate access rights before they evolve into security risks or compliance violations. It integrates into existing unstructured data management workflows, ensuring that access governance becomes a natural extension of data visibility, classification, and remediation strategies.  

The Early Access Program is available exclusively to current Datadobi customers who are actively using StorageMAP. Participants will get an early look at new features, gain valuable insights about access permissions in part of their environment, and have a direct line to share feedback that will help shape the final data access product. 

Customers interested in joining the Early Access Program can reach out to their Datadobi account representative or visit our website

Leave a comment »

Patches Fix Claude Code Flaws, But Broader Repository-Based Risks Remain 

Posted in Commentary with tags on February 26, 2026 by itnerd

Researchers at Check Point have identified multiple vulnerabilities in Anthropic’s development tool Claude Code, allowing malicious repositories to trigger remote code execution and steal active API credentials.

The observed security issues exploited built-in mechanisms including Hooks, Model Context Protocol servers, and environment variables to run arbitrary shell commands and exfiltrate API keys before trust prompts could be confirmed.

Two specific tracked vulnerabilities, CVE-2025-59536 and CVE-2026-21852, were documented and patched by Anthropic following disclosure by security researchers. The first enabled arbitrary code execution via overridden configuration settings that bypass user consent dialogs, while the second could redirect API traffic to malicious endpoints, exposing developers’ Anthropic API keys in plaintext.

All reported flaws have been remedied in subsequent Claude Code updates prior to public advisory publication.

According to researchers, even after the specific vulnerabilities were fixed, the underlying risk does not disappear. The issues exposed how project configuration files can directly shape execution behavior inside AI-assisted development tools, and a malicious repository can still act as a delivery mechanism if safeguards are insufficient, which expands the threat model beyond the individual CVEs that were addressed.

As a result, applying patches resolves the documented flaws but does not fully remove the broader exposure created when AI tooling automatically interprets and acts on repository-level settings. 

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

“These CVEs are real and Anthropic was right to patch them. The broader issue is not unique to Claude Code. The AI development tool industry as a whole is prioritizing enablement over security, and these vulnerabilities are a symptom of that design philosophy, not an isolated product failure.

“In the case of Claude Code, hooks ran shell commands before the developer even saw the trust dialog. The security control existed. It just executed after the damage was already done. AI agents are deployed with broad permissions by default because restricting them reduces productivity. That is the same tradeoff the industry made with admin accounts two decades ago, and it took years of breaches to correct. The principle of least privilege does not stop applying because the user is an AI model instead of a human. Agents should be treated as untrusted by default, with strict zero trust boundaries between the agent and any command surface, credential store, or system resource it touches.

“This is not a new class of attack surface. Malicious Makefiles, poisoned scripts, and git hooks have compromised developers for years. What AI tools change is the scope of what runs once triggered. The attack surface is not new. The blast radius is.

“AI development tools are going to become more autonomous, not less. The industry is building the capability first and retrofitting the security later. That pattern has never aged well in software, and it is unlikely to age any better with AI.”

I am aware of a large number of developers who are using tools like Claude Code to speed up the coding pf

Leave a comment »

$30 Infostealer “DarkCloud” Is Fueling a Surge in Enterprise Breaches

Posted in Commentary with tags on February 26, 2026 by itnerd

Flashpoint’s threat intelligence team has uncovered new details about DarkCloud, a rapidly spreading, commercially available infostealer that is reshaping the initial‑access landscape for cybercriminals.

DarkCloud is part of a growing wave of low‑cost, highly scalable infostealers that are lowering the barrier to enterprise compromise. First observed in 2022 and openly sold on Telegram and a clearnet storefront for as little as $30, DarkCloud gives even low‑skill threat actors the ability to harvest credentials at scale and gain enterprise‑wide access.

Flashpoint’s latest analysis reveals several concerning trends:

  • DarkCloud is written in Visual Basic 6.0, a legacy language that helps it evade modern detection tools and signature‑based defenses.
  • Its encryption and string‑obfuscation techniques make it harder for defenders to analyze and block.
  • It is fully commercialized, with subscription tiers, active development, and a growing user base on Telegram—mirroring the professionalization of the cybercrime economy.
  • Credential theft at scale enables attackers to pivot into ransomware, business email compromise, and long‑term espionage operations.

Flashpoint’s researchers warn that DarkCloud represents a broader shift: infostealers are now the dominant initial‑access vector in 2026, giving attackers a cheap, fast, and reliable way to infiltrate organizations.

Why this matters:
Infostealers like DarkCloud are no longer niche tools – they are becoming the backbone of modern cybercrime. With DarkCloud’s low cost, ease of access, and ability to bypass traditional defenses, organizations across every sector face heightened risk. Flashpoint’s analysis provides rare visibility into how these tools are built, sold, and deployed – and what security teams must do to defend against them.

Flashpoint can offer:

  • Expert interviews with the analysts who dissected DarkCloud
  • Insights into the commercialization of infostealers and the threat‑actor economy
  • Guidance for CISOs on mitigating credential‑theft‑driven breaches
  • Data from Flashpoint’s 2026 threat intelligence research

You can learn more here: Understanding the DarkCloud Infostealer | Flashpoint

Leave a comment »

NTT DATA and Ericsson Team Up to Scale Private 5G and Physical AI for Enterprises

Posted in Commentary with tags on February 26, 2026 by itnerd

NTT DATA and Ericsson today announced a multi-year strategic partnership to accelerate enterprise adoption of private 5G and unlock advanced edge AI and physical AI use cases. As organizations look to embed intelligence at the edge across global operations, the partnership will enable AI-driven, outcome-focused transformation.

By combining Ericsson’s Private 5G and Edge platforms with NTT DATA’s full-stack enterprise network services, wireless network expertise, IT/OT security and managed services, the companies will deliver industry-ready solutions that help enterprises deploy private 5G networks and deliver business outcomes at a global scale with confidence.

The partnership will focus on four priority areas:

  • Global Private 5G managed services at scale: NTT DATA will act as one of Ericsson’s key global system integration and managed services providers, delivering Private 5G as a fully managed service with consistent architecture, operations and security worldwide.
  • AI embedded directly into enterprise connectivity: NTT DATA Edge AI agents will run on Ericsson’s enterprise Edge platforms, enabling real-time intelligence and autonomous decision-making where data is generated.
  • Repeatable industry solutions: The companies will be able to deliver proven private 5G, edge AI and physical AI use cases across manufacturing, mining, ports, airports, energy, transportation and smart cities, helping enterprises accelerate deployment and realize measurable ROI.
  • Unified global go-to-market: Joint sales, marketing and delivery will give enterprises a single, consistent path to deployment, reduce vendor complexity and speed time to value.

The partnership will initially focus on high-impact use cases across industries, including the following:

  • Manufacturing: Automated quality inspection, predictive maintenance and real-time safety monitoring using sensor and vision data.
  • Transportation, ports and logistics: Autonomous operations driven by real-time vehicle and asset data for dynamic routing, tracking and safety.
  • Energy and mining: Remote and autonomous operations, intelligent inspection and AI-driven monitoring in complex and hazardous environments.
  • Smart cities: Intelligent traffic management, public safety monitoring and real-time optimization of energy and municipal services.

Leave a comment »

ShinyHunters Pwns Another Victim

Posted in Commentary with tags on February 26, 2026 by itnerd

The online automotive-marketplace CarGurus is the latest victim of the ShinyHunters campaign after the group published a 6.1 GB dataset of approximately 12.4 million account records on February 21.

Have I Been Pwned notes that about 70% of the exposed email addresses were previously seen in breach databases, though substantial fresh data appears to be included. Analysis by the breach monitoring site indicated that the archive included:

  • Email addresses
  • IP addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • User IDs
  • Finance application data
  • Dealer account details

CarGurus has not publicly confirmed the breach or provided an official statement.

In a separate but related incident, Wynn Resorts confirmed that hackers accessed employee data after the company appeared on ShinyHunters’ data leak portal on February 20 when the hackers claimed to have stolen more than 800,000 records containing PII (including SSNs) and employee data along with an extortion threat demanding a ransom of 22.34 bitcoin (roughly $1.5 million). 

Since then, the company stated that the alleged attackers claimed the stolen data had been deleted, and as of the latest reports, Wynn has not observed evidence that the information was publicly leaked or misused. 

Although the method used to obtain the data has not been confirmed, ShinyHunters, a cybercrime group known for ransom-or-release tactics, has a history of carrying out advanced voice phishing campaigns that have led to breaches targeting more than 100 organizations, including Optimizely, Figure, Panera Bread, and Crunchbase.

Denis Calderone CRO & COO, Suzu Labs:

   “ShinyHunters is basically operating what feels like an extortion assembly line. In the last few months we’ve seen over a dozen, high-profile organizations get hit: Panera, SoundCloud, Match Group, CarGurus, Wynn, and the list keeps growing.

   “The speed and volume here is what should concern security leaders. They have obviously found something that works here, and it seems that just one well-placed One phone call is all it takes, and they are getting access to your every connected SaaS app in the environment.

   “The Wynn situation is particularly interesting. They appear to have reached an agreement, and the listing was pulled. ShinyHunters has a track record of honoring these deals, AT&T being the most public example. So, paying apparently works, which makes this an agonizing decision for any executive sitting across the table from legal counsel right now. But none of us should want to fund what is clearly a thriving criminal enterprise. Every payment validates the model and funds the next wave of attacks.

   “That’s why the conversation needs to stay focused on preventing the breach, not negotiating after it. Segment your data, lock down SSO with phishing-resistant MFA, and make your environment painful enough to navigate that these groups move on to the next target. Let’s face it, the era of hardware-backed authentication, is upon us.”  

Rajeev Raghunarayan, Head of GTM, Averlon:

   “What ShinyHunters keeps demonstrating is that you don’t need a sophisticated exploit when permissions do the work for you. Once attackers compromise a single set of credentials, SSO and broad SaaS integrations turn that one access point into keys to dozens of systems. The entry is simple. The blast radius is anything but.

   “Organizations are still measuring risk by how hard it is to get in, when the more urgent question is how far an attacker can move once they’re there.”

ShinyHunters is one of those groups that I cannot stop writing about seeing as I wrote about them just yesterday. That’s bad for all of us as it is highly likely that we will hear more from them in the coming days and weeks ahead.

Leave a comment »

EnGenius Redefines Video Surveillance as Video Intelligence at ISC West 2026

Posted in Commentary with tags on February 26, 2026 by itnerd

EnGenius today announced it will exhibit at ISC West 2026, the largest converged security trade show in the United States, taking place March 23–27 at The Venetian Expo in Las Vegas. EnGenius will showcase its latest AI-powered cameras and video intelligence solutions at Booth #23109.

At the show, EnGenius will demonstrate its next-generation AI cameras and video intelligence platform, designed to transform traditional surveillance into proactive, context-aware security. Live demonstrations will highlight how EnGenius leverages advanced AI at both the edge and cloud to deliver faster investigations, deeper situational awareness, and more meaningful insights from video data.

AI-Driven Video Intelligence, Live at ISC West

EnGenius’ ISC West showcase will focus on next-generation AI capabilities designed to simplify complex security workflows and enhance real-world decision-making:

  • Customized AI Alerts – User-defined alerts for specific behaviors across any environment, including detecting aggressive behavior toward children or the elderly.
  • Natural Language Video Search – An intuitive search experience that allows users to find incidents using everyday language, dramatically reducing the time required to locate relevant footage.
  • Generative Facial Recognition – Advanced generative AI technology that builds multiple angles of a person’s face from a single frontal profile image, improving identification accuracy across cameras and viewpoints.
  • Visual Timeline Tracking Across Cameras – Automatically generated, timestamped visual timelines that allow investigators to follow people and events seamlessly across multiple cameras and locations, creating a clear narrative of incidents as they unfold.

Together, these capabilities move video surveillance beyond passive monitoring, enabling organizations to detect patterns, accelerate investigations, and extract actionable insights from their security infrastructure.

Purpose-Built for Hybrid Security Architectures

Unlike solutions that force organizations into either fully cloud-based or strictly on-prem deployments, EnGenius is designed for hybrid security realities—where latency, data sovereignty, and uptime requirements vary by site, region, and use case.

Upgrade Existing Investment Without Hardware Replacement

Most organizations have already invested significantly in surveillance cameras. Rather than costly hardware replacement, EnGenius NVS brings enterprise-grade video intelligence to existing systems—through software innovation, not hardware replacement.

By combining edge AI processing with cloud-based intelligence, EnGenius delivers high performance while minimizing complexity—making advanced video analytics accessible without requiring specialized infrastructure or extensive IT overhead.

A Focus on Context-Aware Security

At ISC West 2026, EnGenius will emphasize how its AI solution interprets context, not just objects. By understanding sequences of activity, behaviors, and movement across time and cameras, the platform provides a more complete picture of security events—helping organizations shift from reactive response to proactive prevention.

These innovations are well suited for a wide range of environments, including commercial facilities, education, retail, healthcare, senior living, and multi-site enterprises seeking smarter, more efficient security operations.

Leave a comment »

ServiceNow launches Autonomous Workforce that thinks and acts; adds Moveworks to the ServiceNow AI Platform

Posted in Commentary with tags on February 26, 2026 by itnerd

ServiceNow today launched Autonomous Workforce, AI specialists that can execute jobs with the scope, authority, and governance required for enterprise work – freeing people to focus on strategic problem solving and personalized service. Just two months after the Moveworks acquisition close, the company also introduced ServiceNow EmployeeWorks, which combines Moveworks’ conversational AI and enterprise search with ServiceNow’s unified portal and autonomous workflows to turn natural language requests into governed, end to-end execution for nearly 200 million employees.

As enterprises evaluate AI platforms, two competing paradigms have emerged: feature-function AI bolted onto disconnected SaaS apps, and unified platforms that execute work through proven enterprise workflows with AI built in. The difference is fundamental: the feature approach requires enterprises to maintain, integrate, and manage the complexity themselves. ServiceNow eliminates the complexity by unifying conversational AI, workflows, enterprise data, security, and governance on a platform purpose-built for mission-critical operations.

Autonomous Workforce: AI teammates execute jobs in partnership with people

ServiceNow’s Autonomous Workforce deploys AI specialists with defined roles to augment teams. Unlike AI agents that complete individual tasks, the ServiceNow Autonomous Workforce orchestrates teams of AI specialists with roles such as a Level 1 Service Desk AI Specialist, Employee Service Agent, or Security Operations Analyst to execute work from start to finish. They work alongside humans, follow established processes and policies set by the organization, learn from outcomes and employee feedback, and importantly, improve over time.

Today, ServiceNow is introducing the first AI specialist available out-of-the-box for customers, a Level 1 Service Desk AI Specialist. This AI specialist autonomously diagnoses and resolves common IT support requests end to end — password resets, software access provisioning, network troubleshooting — using enterprise knowledge bases, historical incident data, and proactive remediation workflows. It is designed to operate 24/7 with assignments aligned to specific skillsets and deliverables and escalate issues when human intervention is needed.

At ServiceNow, our Autonomous Workforce is handling 90%+ of employee IT requests. Early results show our newest AI specialist, the L1 Service Desk AI Specialist, is already resolving assigned IT cases autonomously, and it’s 99% faster than when these cases are handled by human agents.

AI models without workflows are probabilistic — they see patterns, form ideas, and give different answers for the same questions. The enterprise, however, needs deterministic outcomes — governance, security, auditability, and operations that don’t hallucinate. Because ServiceNow combines probabilistic intelligence with deterministic workflow orchestration, AI specialists can interpret a request, decide the right action using business context, and execute autonomously across systems with governance built in through the ServiceNow AI Control Tower. Every action is traceable and governed by policies embedded in the workflow layer itself.

ServiceNow EmployeeWorks: Consumer AI experiences meet enterprise-grade execution

ServiceNow is bringing the power of Moveworks to the ServiceNow AI Platform and delivering immediate value to customers with ServiceNow EmployeeWorks, a conversational front door for the enterprise. Available where employees already work and collaborate – whether in Teams, Slack, or on any browser – ServiceNow EmployeeWorks connects Moveworks’ conversational AI chat and deep enterprise search with ServiceNow’s unified portal and autonomous workflows, turning intent into coordinated action across systems.

The platform understands organizational structure, approvals, and authorization — executing tasks that require multi-system coordination while maintaining governance and audit trails.

Availability

  • ServiceNow EmployeeWorks is generally available to customers.
  • The first AI specialist for Autonomous Workforce, a Level 1 Service Desk AI Specialist, is expected to be generally available Q2 2026.
  • Moveworks continues to be offered as a standalone product within the ServiceNow portfolio. Organizations can acquire the Moveworks platform as an independent AI solution or as an integrated component of their ServiceNow deployment, ensuring flexibility in enterprise-wide implementation.

Leave a comment »

Samsung Unveils Galaxy S26 Series Among Other Announcements

Posted in Commentary with tags on February 25, 2026 by itnerd

Today at Galaxy Unpacked in San Francisco, Samsung has announced its newest product lineup including the highly anticipated Galaxy S26 Series. This new device lineup includes the Galaxy S26, S26+ and S26 Ultra, all of which will be available for pre-order beginning February 25th. In addition to the Galaxy S26 lineup, Samsung has also unveiled the newest Galaxy Buds4 lineup, consisting of the Galaxy Buds4 and Buds4 Pro along with the latest Galaxy Book.

Device Key Features 
Galaxy S26 Series Privacy Screen: The privacy screen is a new feature and the first of its kind in smartphone technology. Operating using the phone’s pixels, it can be activated 24/7 or only when using certain apps. Essentially, the feature ensures others around you are unable to see your screen. Users can also opt to place certain conditions on the feature, for example only adding privacy screen to text notifications popping up on one’s screen. Users can activate the feature by with a simple swipe down on the phone’s drop-down menu. Nightography Video: The phone’s wider camera aperture captures more light in low light environments. This allows for crisp and bright outputs when capturing photos or videos in dimly lit environments, ideal for concert goers. Now Nudge: Now Nudge is a new feature that serves as a personal AI Assistant and intuitively supporting users in real time. For instance, if someone texts about availability, it prompts access to your calendar directly from the keyboard. If photos are requested, it surfaces your gallery instantly, reducing friction and eliminating extra steps. Circle to Search 3.0: With the upgraded Circle to Search, users cancircle multiple items within an image, such as an entire outfit, and Galaxy AI will identify and itemize everything at once. Notification Intelligence: The latest device lineup also uses GalaxyAI to prioritize meaningful messages and notifications such as human conversations over promotional or subscription notifications. This means the notifications you value will show up higher in your incoming notifications list from the remaining notifications received.  Seamless AI Access (Multi-Assistant Ecosystem): The latest lineup also allows instant access to Gemini, Bixby, and now, Perplexity, enabling users to retrieve information, manage tasks and navigate their device through natural voice or text prompts based on their AI preferences and individual use cases.  
Galaxy Buds4 Series New Design: The Galaxy Buds4 Series have a new premium blade design, with the Pro model also having silicone tips. The new design created is optimized for a comfortable fit, and the panel on the blade enables touch and swipe gestures to help with everyday use like answering calls.  HiFi Sound: Hi-fi sound is made possible thanks to the 2-way speaker, which now contains a new larger woofer. The buds also have adaptive hearing and adaptive noise control which adjusts depending on the environment you’re in.  Seamless AI Access: Users can enjoy seamless AI access by using voice commands. Just like with the Galaxy S26 Series, users can speak to multiple AI assistance (Gemini, Bixby, Perplexity) and retrieve various info. Additionally, with the addition of head gestures, users can nod or shake their head when wearing the buds to answer/decline calls. 

In terms of pricing, here you go:

Galaxy Buds Pricing

MKT nameColourPrice (MSRP)
   
Galaxy Buds4Black$249.99
Galaxy Buds4White$249.99
Galaxy Buds4 ProBlack$329.99
Galaxy Buds4 ProPink Gold (e-Store ONLY)$329.99
Galaxy Buds4 ProWhite$329.99

Samsung Galaxy S26 Series Pricing

ModelRegular MSRP
S26 Ultra 1TB$    2,599.99
S26 Ultra 512GB$   2,179.99
S26 Ultra 256GB$ 1,899.99
S26 + 512GB$ 1,809.99
S26 + 256GB$ 1,529.99
S26 512GB$   1,529.99
S26 256GB$   1,249.99

Galaxy Book Pricing

ModelModel NumberSpecMSRP
Galaxy Book6NP740VJG-KA1CAGB6 | U5 | 512GB | 16GB | NT | 14″ | –$             1,449.99
Galaxy Book6NP740VJG-KG1CAGB6 | U7 | 512GB | 16GB | NT | 14″ | –$             1,599.99
Galaxy Book6NP740VJG-KG2CAGB6 | U7 | 1TB | 16GB | NT | 14″ | –$             1,899.99
Galaxy Book6NP760XJG-KG1CAGB6 | U7 | 512GB | 16GB | Touch | 16″ | –$             1,699.99
Galaxy Book6NP760XJG-KG2CAGB6 | U7 | 1TB | 16GB | Touch | 16″ | –$             2,099.99
Galaxy Book6 ProNP960XJG-KG2CAGB6 Pro | U7 | 512GB | 32GB | Touch | 16″ | –$             2,649.99
Galaxy Book6 ProNP960XJG-KG1CAGB6 Pro | U7 | 1TB | 32GB | Touch | 16″ | –$             2,949.99
Galaxy Book6 ProNP940XJG-KG1CAGB6 Pro | U7 | 512GB | 16GB | Touch | 14″ | –$             2,199.99
Galaxy Book6 UltraNP960UJG-KG2CAGB6 Ultra | U7 | 1TB | 32GB | Touch | 16″ | ARC$             3,499.99
Galaxy Book6 UltraNP960UJH-XG1CAGB6 Ultra | U9 | 1TB | 32GB | Touch | 16″ | NVIDIA$             4,499.99

Leave a comment »

Targus Releases Its 2026 Global Sustainability Report 

Posted in Commentary with tags on February 25, 2026 by itnerd

Targus today announced the publication of its 2026 Global Sustainability Report, providing an in-depth update on the company’s purpose-driven progress across circular product design, sustainable innovation, and strengthened accountability.

Throughout the 2026 report, Targus outlines its annual environmental progress, actions aligned to five priority UN SDGs, and its roadmap and commitments through 2030.

Key 2026 Highlights

EcoSmart Milestones: Targus has now recycled more than 53 million plastic bottles into its EcoSmart® product line, equivalent to an estimated savings of 3 million lbs. of CO₂ emissions compared to virgin plastic. In the past year, Targus also continued to broaden its portfolio of products designed with sustainable materials, including the introduction of new EcoSmart docking stations made from 75% recycled post-consumer plastics and aluminum, alongside premium laptop bags like HeritageLuxe and an expanded range of eco-engineered tech accessories.

Sustainable Packaging: Marking an important milestone in the company’s sustainability journey, 95 percent of Targus packaging is now fully recyclable, with an average of 50 percent made from recycled or compostable materials. The company has also eliminated problematic single-use plastics from all its packaging.

Increased Global Reporting with Stronger Results: 

  • EcoVadis Bronze Rating: Targus currently holds a Bronze Sustainability Medal from EcoVadis. This achievement ranks Targus among the top 35 percent of sustainable companies, globally.
  • Walmart Project Gigaton: The company has achieved Giga Guru status for three years in a row, recognizing leadership in supply chain emissions reduction.
  • Scope 1, 2, and 3 Emissions Transparency & Reductions: The company continued rigorous reporting across Scope 1, 2, and measured Scope 3 emissions, including a reduction in location based Scope 2 from 134 Mt CO₂e (2023) to 100 Mt CO₂e (2025) through efficiency and renewable energy initiatives. 

Looking Ahead
Targus is on a mission to achieve a brighter future by driving real and meaningful change to help safeguard people and our planet. 

You can also follow Targus on their sustainability journey on the Targus blog.

Leave a comment »

DPRK Research from Abstract’s ASTRO team: Contagious Interview: Evolution of VSCode and Cursor Tasks Infection Chains (Part 1)

Posted in Commentary on February 25, 2026 by itnerd

Abstract’s threat research team (ASTRO) just published original research documenting fresh evolutions in the Contagious Interview campaign, a North Korea-linked operation (broadly attributed to Lazarus Group) which targets software developers, specifically those in DeFi and crypto industries.

This is a follow-up to ASTRO’s prior reporting on IDE task auto-execution abuse in January, and it captures attacker behavior changes observed in the last 1–2 weeks that have not yet appeared in public write-ups.

3 specific evolutions ASTRO is breaking:

  1. URL shorteners as Vercel obfuscation. Actors are now routing malicious payloads through short[.]gy shortened URLs that resolve to the same Vercel infrastructure previously reported. The change suggests deliberate fingerprint reduction in response to prior public reporting — a direct reaction to defenders and researchers (including ASTRO’s earlier work).
  2. GitHub Gists with convincing NVIDIA/CUDA impersonation. Payloads are now being staged on GitHub Gists under a username (cuda-toolkit) and filenames (cuda_toolkit_sim_v12.4.ps1, metal_pytorch_sim_v2.3.0.sh) designed to mimic legitimate NVIDIA software. The gists were live briefly and then deleted — a rapid deploy-and-destroy pattern that makes detection harder and timeliness of publication critical.
  3. Google Drive payload delivery with a confirm= fallback bypass. A malicious NPM package (eslint-validator) pulls its payload from Google Drive, with code that specifically handles Google’s virus-scan warning interstitial by falling back to a drive.usercontent.google.com endpoint with a confirm=t parameter. This is a novel and practical bypass technique with direct defensive detection value.
    The report includes GitHub search queries defenders can run right now, full indicator lists, and a preview of Part 2 covering the recovered Gist payload chains.

You can read the research here: Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains – Part 1 | Abstract Security

Leave a comment »

« Older Entries