GlassWorm self-propagating malware hits the streets

Posted in Commentary with tags on October 21, 2025 by itnerd

GlassWorm, a highly sophisticated self-propagating malware campaign targeting Visual Studio Code developers via the OpenVSX marketplace, has been discovered by Koi Security. The worm steals credentials from NPM, GitHub, and Git, drains cryptocurrency extensions, deploys hidden VNC and SOCKS proxies, and spreads through compromised extensions using stolen credentials. Notably, GlassWorm hides its payload with invisible Unicode variation selectors, rendering it invisible to human reviewers and many static analysis tools. Its command-and-control leverages the Solana blockchain for persistence and anonymity, with Google Calendar as backup infrastructure. Over 35,800 installations have been affected, with at least 10 extensions still active as of this weekend.

Dale Hoak, CISO, RegScale had this comment:

     “The GlassWorm campaign underscores the growing compliance and regulatory risks inherent in today’s open-source and developer ecosystems. Software supply chain attacks no longer target only the end product—they exploit the very tools and dependencies developers trust most. Organizations must move beyond periodic control reviews and adopt continuous monitoring and automation across their build pipelines to detect drift, compromise, or unauthorized changes in real time. Compliance controls governing software supply chain integrity should be codified and enforced as part of the CI/CD process, ensuring that when vulnerabilities like this surface, evidence of continuous validation, provenance tracking, and rapid remediation is already embedded in the operational fabric. This event is another reminder that compliance cannot be static documentation—it must be a living control system that evolves with every dependency update and build cycle.”

Will Baxter, Field CISO, Team Cymru follows with this:

      “The GlassWorm campaign marks a fundamental shift in the developer-ecosystem threat model: a self-propagating worm hidden inside VS Code extensions that leverages invisible Unicode, blockchain-based C2 (Solana) and legitimate infrastructure (Google Calendar) to resist coordinated takedown. By harvesting NPM, GitHub and OpenVSX tokens, hijacking crypto-wallet extensions and converting developer machines into SOCKS proxies and hidden VNC nodes, the attackers move far beyond standard supply-chain compromises. This isn’t just a supply-chain problem—it’s a new infrastructure layer merging cyber-crime tooling, blockchain resilience and developer-tooling pivoting. Intelligence sharing between registry operators, threat researchers and blockchain-monitoring partners must work together if we’re to see these hybrid attacks flagged and disrupted before developer systems become massive proxy networks.”

Gunter Ollmann, CTO, Cobalt adds this:

     “This campaign underscores how adversaries are evolving their tradecraft to weaponize the software supply chain at its roots. Developers have become high-value targets because compromising their toolchains can cascade across entire ecosystems. The use of blockchain and invisible Unicode payloads shows how detection and takedown are becoming increasingly difficult and require coordination across a growing number of stakeholders. Botnets and bot agents like GlassWorm are precisely the kind of technologies leveraged by state actors in preparation for cyberwarfare, where persistence and resilience to disruption are core tactical advantages. Frequent testing of defenses, SOC playbooks, and offensive security readiness is essential to expose weaknesses before attackers do.”

Even in a moment in time where there’s a new campaign every week from the forces of evil, this one is pretty bad. I am hoping that the result of this campaign is not as devastating and I think it will be. Though I will not be shocked if it is.

Leave a comment »

CISA Adds Vulnerabilities To The KEV Catalog

Posted in Commentary with tags on October 21, 2025 by itnerd

The CISA has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: one in Windows SMB Client and two in Kentico Xperience CMS. The Windows flaw (CVE-2025-33073, CVSS 8.8) allows privilege escalation via improper access control and has been exploitable since June, when proof-of-concept code was released. The Kentico vulnerabilities (CVE-2025-2746 and CVE-2025-2747, CVSS 9.6) are authentication bypass issues that could enable full administrative takeover when chained with remote code execution. CISA also confirmed exploitation of a 2022 Apple arbitrary code execution bug (CVE-2022-48503). Federal agencies now have three weeks to patch affected systems under Binding Operational Directive 22-01.

Will Baxter, Field CISO, Team Cymru had this to say:

     “The inclusion of both recent and legacy vulnerabilities in CISA’s KEV catalog underscores how threat actors mix newly developed exploits with long-lived flaws to sustain access and expand operational reach. Even when patches are available, adversaries rely on delayed remediation and incomplete asset visibility — the very gaps KEV aims to close. Active monitoring of external infrastructure and intelligence sharing across organizations remain essential to identify when known vulnerabilities are being re-weaponized in the wild.”

Andrew Obadiaru, CISO, Cobalt follows with this:

     “This is a reminder that patching and vulnerability scanning aren’t the same as true resilience. The lag between disclosure and exploitation is shrinking, and adversaries are quick to capitalize on unpatched systems even within well-defended networks. Continuous offensive testing—validating exploitability in real-world conditions—remains one of the most effective ways to ensure critical exposures are prioritized and remediated before attackers strike.

This is why I recommend that people patch all the things when patches appear or soon after they appear. The bad guys will not waste any time in terms of reverse engineering the flaws that these patches fix and using those to launch attacks.

Leave a comment »

Retail giant Muji halts online sales after ransomware attack on supplier

Posted in Commentary with tags on October 21, 2025 by itnerd

Japanese retail giant Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. 

Rebecca Moody, Head of Data Research at Comparitech

“This is another prime example of how far-reaching the consequences of a ransomware attack can be and highlights why sectors like retail and manufacturing remain a key focus for hackers. 

So far this year, we’ve recorded nearly 400 claims from ransomware groups on retailers across the world with 40 of these having been confirmed by the entity involved. While we don’t yet know which gang is responsible for the attack on Askul, you can bet your bottom dollar we’ll find out soon if ransom negotiations fail. It’s also likely that the hackers will have stolen data in the process of their attack, and with the size of Askul and the number of companies it deals with, this could be significant.”

Martin Jartelius, AI Product Director at Outpost24:

“This is a different form of supply chain attack – the company is affected because a core service provider was compromised, rather than its own IT systems. It’s encouraging to see that Muji is taking preventive actions and already has contingency and communication plans in motion. This is the best way to fight ransomware: be prepared, recover quickly, work around disruptions, and avoid paying the groups behind them.

For the organization that suffered the direct breach, it’s still too soon to draw broader conclusions. Neither the perpetrator nor the ransomware strain has been confirmed, and while there have been other major regional incidents recently, any link at this stage would be purely speculative.”

Javvad Malik, Lead CISO Advisor at KnowBe4

“The reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware. Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust. It’s why it’s important to map critical dependencies beyond IT to logistics and fulfilment, set minimum security baselines in contracts, and practice “supplier outage” playbooks. Monitor for brand impersonation during downtime, and pre‑agree data‑sharing for rapid joint incident response. Ultimately, resilience must extend past your perimeter to the partners that support your operations.”

You’re only as secure as the people that you work with. Thus my recommendation is that you work with your partners to assure your mutual security. After all, these days your mutual security is a requirement and not an option.

Leave a comment »

Agentiiv and the CMA debut $5M AI accelerator to power Canada’s innovation ecosystem

Posted in Commentary with tags on October 21, 2025 by itnerd

As small- to medium-sized businesses (SMBs) and nonprofits face growing costs and pressures to modernize, Agentiiv, in partnership with the Canadian Marketing Association (CMA), Ownr, Staples and the CCNDR, has launched a $5-million accelerator program to help organizations adopt and use artificial intelligence (AI) more effectively. 

Helping organizations build capacity through AI 

The You.Scaled. Accelerator program will provide 350 grants for SMBs and 150 for nonprofits across Canada. The program is designed for organizations that often lack the resources to adopt new technologies, offering in-kind grants through Agentiiv platform subscriptions, training from the CMA and integration support from partners. By reducing costs and providing practical training and services, the program will help businesses and nonprofits improve operations, strengthen customer and supporter experiences and grow with confidence.  

Closing the gap in AI adoption 

Despite growing awareness of the potential of generative AI, adoption among Canadian organizations remains low. There are 1.2 million SMBs nationwide yet, according to Statistics Canada, only 12.2 per cent of Canadian businesses currently use AI technology. Meanwhile, 73 per cent of SMBs have yet to consider implementing AI, according to the Canadian Chamber of Commerce

To help bridge this gap, You.Scaled. will provide step-by-step support to guide organizations through AI adoption in a structured, practical way. Each recipient will receive tailored onboarding, mentorship and access to learning sessions that help translate training into measurable outcomes such as improving efficiency, enhancing customer or supporter experiences and identifying new opportunities for growth. 

Eligibility and selection 

The You.Scaled. Accelerator Program is open to registered Canadian SMBs with up to 40 employees and registered Canadian nonprofits. Applicants will be evaluated on three criteria: AI readiness to adopt, the quality of their implementation plan and their potential for positive economic and social impact. 

Grants will be distributed across Canada, ensuring representation from urban, rural and remote communities. The program also includes a commitment to equitable access for organizations led by women, Indigenous Peoples, visible minorities and members of the 2SLGBTQIA+ community. 

Chosen recipients will gain access to membership benefits, services and discounts through key partners. They will also receive free access to the CMA’s generative AI On-Demand training course and a reduced one-year CMA membership to help integrate AI more effectively into their operations.   

Apply now 

Applications for the You.Scaled. Accelerator Program are open until November 15.  

Learn more here: www.youscaled.com/ (EN) and www.vousamplifié.com (FR).  

Leave a comment »

Kyndryl Readiness Report: AI Delivers Early Returns, Pushing Enterprises to a Tipping Point

Posted in Commentary with tags on October 21, 2025 by itnerd

Kyndryl today released its second annual Kyndryl Readiness Report, drawing on responses from 3,700 senior leaders across 21 countries. The data reveals an instance of momentum and reflection ? as businesses report growing returns from AI investments while facing mounting pressure to modernize infrastructure, scale innovation efforts, reskill workforces and manage risk in an increasingly fragmented regulatory landscape.

Last year’s report revealed a critical gap between perception and preparedness: while 90% of business leaders believed their IT infrastructure was best in class, only 39% felt it was ready for future disruption. While there has been momentum ? that tension remains. This year:

  • ROI on the rise, but AI stuck in experimentation phase: While 54% of organizations reported seeing positive returns on AI investments ? an increase of 12 points from 2024 ? 62% still haven’t advanced their AI projects beyond the pilot stage.
  • Confidence continues to outweigh capability: While 90% say their tools and processes allow them to rapidly test and scale new ideas, more than half say their foundational technology stack holds back innovation.
  • AI driving workforce transformation, but skills gaps remain: 87% say AI will “completely” transform jobs at their organizations within 12 months, even though many say their employees are not using AI frequently today and few have the technical skills necessary.
  • Geopolitical pressures forcing a data pivot: While reporting clear benefits from cloud adoption, organizations are now reevaluating where and how their data is stored, processed, accessed and secured amid an increasingly fragmented regulatory landscape. Businesses are also balancing legacy infrastructure challenges, with 70% of CEOs saying they reached their cloud setup “by accident rather than design.”

AI spending rises along with ROI expectations ? with cyber resilience top of mind

Business leaders across all industries and countries say their company’s AI spending jumped 33% on average since last year, with 68% investing “heavily” in at least one form of AI. As AI investments rise, so does the pressure to show value ? and protect it. Three in five leaders say they feel more pressure this year to deliver ROI from AI than last. Their top use case? Cybersecurity.

Cloud is under pressure as geopolitical and regulatory disruption drive change

Many organizations are also revisiting their cloud infrastructure, prompted by new global regulations and growing concerns about data sovereignty. Three in four leaders report concerns about the geopolitical risks associated with storing and managing data in global cloud environments, and 65% have adjusted their cloud strategies in response ? by investing in data repatriation, reassessing vendors, and shifting toward private cloud models.

Talent and Culture ? the next readiness frontier

As leaders look to scale innovation, people readiness is emerging as a key barrier ? and a key opportunity. While nearly 9 in 10 believe AI will completely reshape jobs in the next year, only 29% feel their workforce is ready to successfully leverage the technology and concerns remain around the skills needed to succeed in this era. Many organizations are also battling cultural barriers ? with nearly half of CEOs reporting their organization stifles innovation (48%) and moves too slowly in decision-making (45%). Those pulling ahead ? dubbed “Pacesetters” in the report ? aren’t just investing in innovation. They’re uniquely prioritizing culture, upskilling and leadership alignment.

Compared to organizations who are lagging in these areas, Pacesetters are:

  • 32 points less likely to cite their tech stack as a barrier
  • 30 points more likely to say their cloud can adapt to new regulations
  • 20 points less likely to report a cyber-related outage in the past year

To read the report, visit Kyndryl’s Readiness Report.

Methodology

The 2025 Kyndryl Readiness Report combines survey data from 3,700 senior leaders and decision-makers across 21 countries with insights from Kyndryl Bridge, the company’s AI-powered, open integration digital business platform. The Report uncovers the drivers, barriers and trade-offs that can make or break the ability of organizations to protect, sustain and accelerate their performance and future-proof their mission-critical processes.

Leave a comment »

Expert panel report examines security risk and resilience in Canada’s research enterprise

Posted in Commentary with tags , on October 21, 2025 by itnerd

In a moment defined by shifting geopolitics, intense global competition for talent and technology, and rapid investments in national infrastructure critical to sovereignty, Canada must protect sensitive research and the benefits it creates—without closing the doors on the relationships that make Canadian science thrive. A new report from the Council of Canadian Academies (CCA), Balancing Research Security and Open Science, offers an independent assessment of national and foreign efforts to promote research security, highlighting potential strategies to safeguard national interests while preserving the openness that drives discovery, innovation, and prosperity.

Balancing Research Security and Open Science was commissioned by Defence Research and Development Canada and the Public Health Agency of Canada, with support from other government departments and agencies. The report explores measures for identifying and safeguarding sensitive research of concern and highlights the need for their continuous application and reassessment throughout the research process, fostering a modern research mindset. It also describes the importance of:

  • Increased training and capacity-building, especially for smaller universities, colleges, and polytechnics with limited research-security resources;
  • Greater integration of the private sector, which plays a critical role in Canada’s research ecosystem but frequently lacks oversight; and
  • Recognition of First Nations, Inuit, and Métis Peoples’ right to govern research about them and their lands.

Balancing Research Security and Open Science recognizes the critical importance of coordinated, collaborative research security efforts. The consequences for misuse of sensitive research can be severe, imperiling national and economic security, health, and well-being. With adequate training, resources, and capacity, Canada can encourage a modern research mindset, strengthening the research community and encouraging ethical and open science against an uncertain future.

Balancing Research Security and Open Science is available at cca-reports.ca.

Leave a comment »

Guest Post: AWS Outage Creates “Perfect Storm” for Social Engineering Attacks 

Posted in Commentary with tags on October 21, 2025 by itnerd

By Stefanie Schappert

Yesterday Amazon Web Services (AWS) went down in the US causing a ripple effect, from governments and local municipalities, to enterprises, small businesses and the individuals who rely on these services daily. 

AWS is a cloud-based service thousands of major companies use to not only store their data, but run their apps and software for many critical business services.  

Whether basic communications using apps such as Snapchat, Signal and Reddit to airlines such as Delta and United reporting disruptions to their customer facing operations, when these services go down it highlights the reliance on just a few cloud services companies (AWS, Microsoft Azure, ANd Google Cloud) to run the country so to speak. 

The AWS outage has further impacted shopping websites, banking apps, and even streaming and smart homes devices.

And while organizations scramble to ensure business operations continue to run, it’s also an opportunity for individuals to do a quick check-in on their own cyber hygiene. 

Cybercriminals and hackers can easily take advantage of these types of outages to deploy an array of social engineering attacks. 

Whether in the office or at home, nothing is more frustrating than losing the ability to access files and documents, and communicate with business associates or loved ones, especially in an emergency or crisis.  

Hackers who rely on mass urgency and panic will see this as an opportunity to take advantage of people’s heightened emotions with phishing emails offering to “fix” the issue and get you back online and into your accounts or apps.  

But in reality, these scammers are looking to steal your personal information, such as login credentials by tricking you into updating your software or resetting your password.   

During major outages, users should avoid clicking on any links in emails, texts and pop-ups claiming to be able to fix the outage. 

Additionally, double check that any alerts or update messages from organizations, such as your bank or payment apps, are verified from the official website or app.   

This is the time to make sure you are using a strong password and multifactor authentication to prevent any unauthorized access to your accounts. 

However, individuals should also delay making sensitive transactions, such as major financial transactions, resetting your password, or installing critical software updates, until the service in question has been announced as officially restored. 

Furthermore, when the service disruption has ended, users should also monitor any affected accounts for unusual activity, discrepancies, and duplicate or fraudulent transactions. 

Finally, this is an excellent reminder for individuals to make sure they have a back-up system in place to access important documents and for communications.  

This can be as easy as keeping a secondary email account or even a back-up mobile phone.

ABOUT THE AUTHOR

Stefanie Schappert, MSCY, CC, Senior Journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019.  She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News.  With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google.  Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines. 

Leave a comment »

Fortra Tracks Fivefold Increase in Brokerage Account Attacks

Posted in Commentary with tags on October 21, 2025 by itnerd

Fortra Intelligence and Research Experts (FIRE) have uncovered a fivefold increase in attacks targeting brokerage accounts year-over-year, with activity accelerating sharply in mid-2025. The campaigns demonstrate content patterns resembling the Chinese Phishing-as-a-Service group known as the “Smishing Triad,” use deceptive text messages to steal credentials, and intercept authentication codes. Once inside, attackers execute “ramp-and-dump” stock manipulation schemes while leaving almost no digital trace. 

You can read the report here: https://www.fortra.com/blog/fortra-tracks-fivefold-increase-brokerage-attacks-yoy

Leave a comment »

Chipmind launches from stealth with $2.5m for its AI agents to speed chip making

Posted in Commentary with tags on October 21, 2025 by itnerd

Today Chipmind, the first European startup building AI agents to accelerate the development of microchips, launches Chipmind Agents, optimized to empower engineering teams in semiconductor companies to speed-up the path from specification to chip manufacturing. 

Chipmind Agents are a new class of AI agents designed to automate and optimize the most complex chip design and verification tasks. Uniquely built upon each customer’s own proprietary, design-specific data, these agents seamlessly integrate into existing workflows, intelligently self-adapting to the specific design context, auto-customizing for proprietary EDA tools, and understanding the entire chip design hierarchy. Functioning as a fully aware and collaborative co-worker, Chipmind Agents enhance engineering productivity by autonomously executing complex, multi-step tasks while ensuring the human engineer always remains in full control. This holistic and purpose-built approach is designed to dramatically reduce time-to-solve cycles within any custom chip design environment, empowering teams to achieve results faster.

The evolution of chip design has created powerful, deeply embedded EDA tool flows that were not designed for interaction with modern AI agents. Recognizing that these critical systems can’t be discarded, we developed Chipmind’s agent-building technology. This foundational platform is the key to unlocking AI’s potential, as it prepares a company’s current designs and development environment for agentic automation. Instead of replacing legacy systems, our technology makes them ready for the future of chip design.

Chipmind is the first European startup focusing on AI agents for chip design and verification, its origin story is built on the strong, trusting relationship between its founders, Harald Kröll and Sandro Belfanti, who met during their PhD studies at ETH Zurich. Both have extensive experience in AI and chip design, and have developed more than 20 chips, ranging from modems for mobile phones to system-on-chip solutions.

The semiconductor industry is at a critical inflection point. As the demand for more powerful chips continues to skyrocket, the complexity of designing them has grown exponentially, pushing traditional methodologies to their limits. This is no longer a problem that can be solved by simply hiring more engineers. Concurrently, a new generation of engineers is becoming increasingly accustomed to working with AI tools and agents, creating fertile ground for a new market of intelligent, collaborative design solutions. This confluence of need and acceptance sets the stage for a new paradigm: the integration of sophisticated AI agents into the core of chip design. This human-AI collaboration is the key to managing immense complexity, unlocking engineering creativity, and ultimately enabling the next generation of technology that will define our future.

Chipmind has successfully raised $2.5M in its pre-seed round, led by Founderful with participation of prominent angel investors from the semiconductor industry. This investment allows Chipmind to expand its world-class engineering team, accelerate product development, and deepen its engagements with key industry players.

Leave a comment »

MIND Announces Endpoint DLP Innovations to Better Protect Data in the AI Era

Posted in Commentary with tags on October 21, 2025 by itnerd

MIND today announced new innovations to endpoint data protection. These AI-native DLP capabilities redefine how enterprises prevent data loss, on every user device, across every environment, with unmatched content- and context-awareness. As GenAI usage continues to expand, it’s every organization’s imperative to stop data leaks on endpoints without disrupting productivity and innovation.

As the most immediate and active touchpoint for sensitive data, the endpoint plays a pivotal role in the data security lifecycle. Endpoint DLP has historically been one of the most challenging areas of data protection, prone to noise, complexity, blind spots and user friction. But it’s also where some of the most critical risks originate. From accidental file uploads to intentional data exfiltration, the endpoint is where sensitive data is most often handled, manipulated and moved. MIND addresses these risks head-on with a platform that detects risk in real time and responds automatically with dynamic, policy-based remediation and prevention. MIND gives security teams a more accurate, proactive way to stop data leaks before they happen.

MIND’s new endpoint innovations deliver enhanced controls to its award-winning platform, one built for the future of data protection in the AI era, where visibility, context and automation are seamlessly connected. Built on MIND’s unified platform that spans discovery, classification, detection, remediation, policy management and prevention, this expansion brings the same level of simplicity and automation to the protection of endpoints and the data they process. With this announcement, MIND becomes the first in the industry to combine built-in advanced AI data classification, risk remediation and now modern enterprise endpoint protection.

Endpoint data protection and more, upgraded

MIND is transforming endpoint DLP into a less stressful part of the data security lifecycle. Legacy tools have long been complex, noisy and disconnected, yet the endpoint remains one of the most critical control points in modern data security. It’s where AI tools interact with sensitive data and where it is most vulnerable. This expanded approach replaces friction with automation, noise with intelligence and complexity with a simple, stress-free approach. These platform enhancements are designed to simplify and fortify sensitive data protection at the edge.

MIND’s Endpoint DLP elevates the experience with:

  • Full Data Lineage: Track every sensitive file’s journey across users, devices, origins and destinations.
  • Native App Protection: Protect data used inside locally installed applications without agent sprawl or user disruption, including GenAI apps.
  • USB and Peripheral Controls: Automatically govern and stop data leaks to external devices connected to the endpoint with precision.
  • Evidence Collection: When triggered by policy violations, capture screenshots, file actions, user behavior and more for investigations and audits.

Leave a comment »

« Older Entries
Newer Entries »