Austin, TX / USA, 14th January 2026, CyberNewsWire

**Austin, TX / USA, January 14th, 2026, CyberNewsWire**

**New monitoring capability delivers unprecedented visibility into vendor identity exposures, moving enterprises and government agencies from static risk scoring to protecting against actual identity threats.** 

SpyCloud, the leader in identity threat protection, today announced the launch of its **Supply Chain Threat Protection** solution, an advanced layer of defense that expands identity threat protection across the extended workforce, including organizations’ entire vendor ecosystems. Unlike traditional third-party risk management platforms that rely on external surface indicators and static scoring, SpyCloud Supply Chain Threat Protection provides timely access to identity threats derived from billions of recaptured breach, malware, phished, and combolist data assets, empowering organizations – from enterprise security teams to public sector agencies – to act on credible threats rather than simply observe and accept risk.

Supply Chain Threat Protection addresses a critical gap in enterprise security: the inability to maintain real-time awareness of identity exposures affecting third-party partners and vendors. According to the 2025 Verizon Data Breach Investigations Report, third-party involvement in breaches doubled year-over-year, jumping from 15% to 30% primarily due to software vulnerabilities and weak security practices. As supply chain compromises continue to escalate, security teams need intelligence that goes beyond questionnaires and external scans to reveal active threats like phishing campaigns targeting their trusted partners, confirmed credential theft, and malware-infected devices exposing critical business applications to criminals. 

For government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense Industrial Base suppliers had over 11,000 dark web exposed credentials – an 81% increase from the previous year. SpyCloud Supply Chain Threat Protection enables federal, state, and local agencies to identify when suppliers or contractors have been compromised – allowing them to take proactive measures before an identity exposure escalates into a matter of national security.

> “Third-party threats have evolved far beyond what traditional vendor assessment tools can detect,” said Damon Fleury, Chief Product Officer at SpyCloud. “Public and private sector organizations need to know when their vendors’ employees are actively compromised by malware or phishes, when authentication data is circulating on the dark web, and which partners pose the greatest real downstream threat to their business. Our new solution delivers those signals by transforming raw underground data into clear, prioritized actions that security teams use to protect their organization.”

Supply Chain Threat Protection enables organizations and agencies to continuously monitor thousands of suppliers, with each company’s threats enumerated in detail, and also represented in an at-a-glance Identity Threat Index. The Index is a comprehensive and continuously updated analysis that quantifies vendor security posture through the lens of identity exposure, from both active and historical phishing, breach, and malware sources, and surfaces which partners pose the most significant risk based on verified dark web intelligence.

**Key Capabilities Include:**

*   **Real Evidence of Compromise:** Timely recaptured identity data from breaches, malware, and successful phishes collected continuously from the criminal underground, with context that gives security teams enhanced visibility into the identity threats facing suppliers today.
*   **Identity Threat Index:** Aggregates multiple verified data sources weighted by the recency, volume, credibility, and severity of compromise, emphasizing verified identity data over static breach records for more robust and real-time visibility into vendor risk.
*   **Compromised Applications**: Identifies the internal and third-party business applications exposed on malware-infected supplier devices to support deeper investigation and risk assessment.
*   **Enhanced Vendor Management and Communications:** Facilitates sharing of actionable evidence and detailed executive-level reports directly with vendors to collaboratively improve security posture, transforming vendor relationships from adversarial scoring to collaborative protection.
*   **Integrated Response:** Leveraging SpyCloud’s console, teams now have access to identity threat protection beyond the traditional employee perimeter with this extension to suppliers, allowing analysts to respond to workforce identity threats within a single tool. 

SpyCloud Supply Chain Threat Protection is designed to support multiple use cases across Security Operations, Infosec, Vendor Risk Management, and GRC teams. Organizations can leverage the solution for vendor due diligence during procurement and onboarding, continuous risk reviews to strengthen vendor relationships, and accelerated incident response when vendor exposures threaten their own environments.

> “Security teams and their counterparts across the business are overwhelmed with vendor assessments, questionnaires, and risk scores that often don’t translate to real prevention,” said Alex Greer, Group Product Manager at SpyCloud. “Our customers have often reported that when they’re evaluating doing business with a new vendor, they lack the actionable data their legal and compliance teams need for evidence-based decision making. That’s where SpyCloud stands out. Surfacing verified identity threats tied directly to vendor compromise, letting teams escalate to leadership when to restrict data access and prioritize efforts for the greatest impact on reducing organizational risk.”

Unlike existing solutions that rely on external surface indicators and static scoring, SpyCloud provides threat data derived from underground sources – the same recaptured darknet identity data that criminals actively use to target organizations and agencies. This fundamental difference enables SpyCloud customers to move from passive risk acceptance to proactive and holistic identity threat protection.

To learn more about defending organizations from the exposures of vendors and suppliers, registration is open for SpyCloud’s upcoming Live Virtual Event, **Beyond Vendor Risk Scores: How to Solve the Hidden Identity Crisis in Your Supply Chain,** on **Thursday, January 22, 2026, at 11 am CT**. 

**About SpyCloud**

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, users can visit spycloud.com.

**Contact**

**Media Specialist**  
**Phil Tortora**  
**REQ on behalf of SpyCloud**  
**\[email protected\]**

SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-4jrw-64vr-7g8m: Apache Camel camel-neo4j component is vulnerable to cypher injection

A Magecart campaign is skimming card data from online checkouts tied to major payment networks, including AmEx, Diners Club, and Mastercard.

Researchers have been tracking a Magecart campaign that targets several major payment providers, including American Express, Diners Club, Discover, and Mastercard.

Magecart is an umbrella term for criminal groups that specialize in stealing payment data from online checkout pages using malicious JavaScript, a technique known as web skimming.

In the early days, Magecart started as a loose coalition of threat actors targeting Magento‑based web stores. Today, the name is used more broadly to describe web-skimming operations against many e‑commerce platforms. In these attacks, criminals inject JavaScript into legitimate checkout pages to capture card data and personal details as shoppers enter them.

The campaign described by the researchers has been active since early 2022. They found a vast network of domains related to a long-running credit card skimming operation with a wide reach.

> “This campaign utilizes scripts targeting at least six major payment network providers: American Express, Diners Club, Discover (a subsidiary of Capital One), JCB Co., Ltd., Mastercard, and UnionPay. Enterprise organizations that are clients of these payment providers are the most likely to be impacted.”

Attackers typically plant web skimmers on e-commerce sites by exploiting vulnerabilities in supply chains, third-party scripts, or the sites themselves. This is why web shop owners need to stay vigilant by keeping systems up to date and monitoring their content management system (CMS).

Web skimmers usually hook into the checkout flow using JavaScript. They are designed to read form fields containing card numbers, expiry dates, card verification codes (CVC), and billing or shipping details, then send that data to the attackers.

To avoid detection, the JavaScript is heavily obfuscated to and may even trigger a self‑destruct routine to remove the skimmer from the page. This can cause investigations performed through an admin session to appear unsuspicious.

Besides other methods to stay hidden, the campaign uses bulletproof hosting for a stable environment. Bulletproof hosting refers to web hosting services designed to shield cybercriminals by deliberately ignoring abuse complaints, takedown requests, and law enforcement actions.

**How to stay safe**

Magecart campaigns affect three groups: customers, merchants, and payment providers. Because web skimmers operate inside the browser, they can bypass many traditional server‑side fraud controls.

While shoppers cannot fix compromised checkout pages themselves, they can reduce their exposure and improve their chances of spotting fraud early.

A few things you can protect against the risk of web skimmers:

*   **Use virtual or single‑use cards** for online purchases so any skimmed card number has a limited lifetime and spending scope.
*   **Where possible, turn on transaction alerts** (SMS, email, or app push) for card activity and review statements regularly to spot unsolicited charges quickly.
*   **Use strong, unique passwords** on bank and card portals so attackers cannot easily pivot from stolen card data to full account takeover.
*   **Use a web protection solution** to avoid connecting to malicious domains.

Pro tip: Malwarebytes Browser Guard is free and blocks known malicious sites and scripts.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 Online shoppers at risk as Magecart skimming hits major payment networks 

New York, NY, 14th January 2026, CyberNewsWire

**New York, NY, January 14th, 2026, CyberNewsWire**

**Leading secrets security platform sees accelerated adoption across Fortune 500, with 60% of new customers choosing multi-year commitments.**

GitGuardian, the leading secrets and Non-Human Identity security platform, today announced record growth in ARR and customer expansion throughout 2025, reinforcing its position as the enterprise standard for protecting code, collaboration tools, and cloud infrastructure from exposed secrets and credentials.

With 70% of its revenue coming from the US, GitGuardian’s momentum in North America continued to accelerate in 2025, **as the region accounted for over 80% of new ARR**.

**Enterprise Trust & Adoption**

GitGuardian’s momentum was driven by deep adoption among global enterprise customers, including:

*   Deutsche Telekom
*   BASF
*   A leading enterprise cloud platform provider with 25,000+ employees globally headquartered in the USA
*   A major technology-enabled mobility and delivery platform with 30,000+ employees worldwide headquartered in the USA
*   A global pharmaceutical and biotechnology company with 90,000+ employees, headquartered in Europe
*   A major enterprise software vendor with 110,000+ employees
*   Leading financial services cooperative with 55,000+ employees in North America

Demonstrating confidence in GitGuardian’s long-term value, +**60% of new enterprise customers signed multi-year agreements** in 2025.

**Platform Scale & Coverage**

GitGuardian’s Secrets Security platform now protects:

*   **More than 115K developers** across enterprise customers globally.
*   **More than 610K enterprises’ repositories** continuously monitored for exposed secrets.
*   **More than 210K connected collaboration tool sources**, including Slack, Jira, Confluence, and major cloud platforms, this is 7 times 2024 number.
*   More than **16M free users’** **repositories,** 40% more than in 2024.

The platform detected and helped enterprises remediate 350K **new potential secret exposures** in 2025 alone, preventing security incidents before they could impact customers. It also remediated 5x more secrets than in 2024.

**Strong Global & Sector Growth**

The company strengthened its leadership in **Technology & Telecommunications, its core and most mature market**, while achieving **deep adoption across highly regulated industries** including Financial Services, Healthcare, and Insurance, where stringent security and compliance requirements drive platform value.

GitGuardian’s customer base also reflects strong industry diversification, spanning **Energy, Manufacturing, Media, Retail, and Professional Services sectors**.

**Customer Success & Retention**

GitGuardian maintained **industry-leading customer retention**, with customers expanding their use of the platform’s capabilities, including:

*   Digital Ocean
*   Orange

> “GitGuardian Platform has helped save significant time for the security team by eliminating the need to seek out development teams and work with them on exposed secrets, as much of this is now handled proactively.” Ari Kalfus Senior Manager, Product Security at DigitalOcean

> “At the scale of a large enterprise, we wanted to ensure our secrets management approach would meet regulatory standards well ahead of future requirements” Grégory Maitrallain, Solution Architect at Orange Business

**Looking Ahead**

> “Enterprise security teams are recognizing that secrets sprawl across their entire development ecosystem—from code repositories to collaboration tools to AI coding assistants,” said Eric Fourrier, CEO at GitGuardian. “Our customers are not just buying a point solution, but investing in a comprehensive Non-Human Identity security platform that scales with their business, which is why we’re seeing such strong multi-year commitment.”

**About GitGuardian**

GitGuardian is an end-to-end NHI Security platform that empowers software-driven organizations to secure their Non-Human Identities (NHIs) and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non-human identities and their secrets’ lifecycles. The platform is the world’s most installed GitHub application and supports over 550+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom for robust secrets protection.

**Contact**

**Sr. Partner**  
**Holly Hagerman**  
**Connect Marketing**  
**\[email protected\]**

GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.
The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.
"An improper neutralization of special elements used in an OS command ('OS command

Vulnerability / Patch Management

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.

The operating system (OS) injection vulnerability, tracked as **CVE-2025-64155**, is rated 9.4 out of 10.0 on the CVSS scoring system.

"An improper neutralization of special elements used in an OS command ('OS command injection') vulnerability \[CWE-78\] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests," the company said in a Tuesday bulletin.

Fortinet said the vulnerability affects only Super and Worker nodes, and that it has been addressed in the following versions -

*   FortiSIEM 6.7.0 through 6.7.10 (Migrate to a fixed release)
*   FortiSIEM 7.0.0 through 7.0.4 (Migrate to a fixed release)
*   FortiSIEM 7.1.0 through 7.1.8 (Upgrade to 7.1.9 or above)
*   FortiSIEM 7.2.0 through 7.2.6 (Upgrade to 7.2.7 or above)
*   FortiSIEM 7.3.0 through 7.3.4 (Upgrade to 7.3.5 or above)
*   FortiSIEM 7.4.0 (Upgrade to 7.4.1 or above)
*   FortiSIEM 7.5 (Not affected)
*   FortiSIEM Cloud (Not affected)

Horizon3.ai security researcher Zach Hanley, who is credited with discovering and reporting the flaw on August 14, 2025, said it comprises two moving parts -

*   An unauthenticated argument injection vulnerability that leads to arbitrary file write, allowing for remote code execution as the admin user
*   A file overwrite privilege escalation vulnerability that leads to root access and completely compromises the appliance

Specifically, the problem has to do with how FortiSIEM's phMonitor service – a crucial backend process responsible for health monitoring, task distribution, and inter-node communication via TCP port 7900 – handles incoming requests related to logging security events to Elasticsearch.

This, in turn, invokes a shell script with user-controlled parameters, thereby opening the door to argument injection via curl and achieving arbitrary file writes to the disk in the context of the admin user.

This limited file write can be weaponized to achieve full system takeover by weaponizing the curl argument injection to write a reverse shell to "/opt/charting/redishb.sh," a file that's writable by an admin user and is executed every minute by the appliance by means of a cron job that runs with root-level permissions.

In other words, writing a reverse shell to this file enables privilege escalation from admin to root, granting the attacker unfettered access to the FortiSIEM appliance. The most important aspect of the attack is that the phMonitor service exposes several command handlers that do not require authentication. This makes it easy for an attacker to invoke these functions simply by obtaining network access to port 7900.

Fortinet has also shipped fixes for another critical security vulnerability in FortiFone (CVE-2025-47855, CVSS score: 9.3) that could allow an unauthenticated attacker to obtain device configuration via a specially crafted HTTP(S) request to the Web Portal page. It impacts the following versions of the enterprise communications platform -

*   FortiFone 3.0.13 through 3.0.23 (Upgrade to 3.0.24 or above)
*   FortiFone 7.0.0 through 7.0.1 (Upgrade to 7.0.2 or above)
*   FortiFone 7.2 (Not affected)

Users are advised to update to the latest versions for optimal protection. As workarounds for CVE-2025-64155, Fortinet is recommending that customers limit access to the phMonitor port (7900).

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Customer support teams adopt chatbots to reduce workload, shorten response times, and control costs. Freshdesk makes chatbot deployment…

Customer support teams adopt chatbots to reduce workload, shorten response times, and control costs. Freshdesk makes chatbot deployment accessible through built-in automation, integrations, and APIs. Yet many teams discover that adding a chatbot does not automatically improve outcomes. In some cases, it increases escalations, frustrates customers, and adds operational risk.

The difference between success and failure lies in understanding when chatbots actually make sense in Freshdesk and when they introduce more problems than they solve. This article examines the conditions where chatbots deliver measurable value, the scenarios where they fail, and how support teams should evaluate chatbot readiness before deploying one.

****What Chatbots Are Designed to Do in Freshdesk****

Chatbots in Freshdesk serve one core function: handling repetitive, language-based interactions at scale. They work best when customer questions follow predictable patterns and when correct answers already exist in structured knowledge sources.

Typical chatbot use cases include order status checks, password reset instructions, basic account questions, shipping timelines, subscription changes, and standard policy explanations. In these scenarios, chatbots reduce incoming ticket volume by responding instantly, without agent involvement.

Freshdesk chatbots also support ticket pre-qualification. They collect information such as order numbers, product versions, or issue categories before creating or routing a ticket. This reduces agent handling time and improves first-response quality. When chatbots operate within these boundaries, they improve efficiency without compromising accuracy or customer trust.

****When Chatbots Make Sense in Freshdesk********High Volume, Low Variability Inquiries****

Chatbots make sense when a large portion of incoming tickets repeat the same questions with minimal variation. If 40–70% of tickets ask about the same topics using similar phrasing, automation becomes viable.

Freshdesk ticket history provides clear signals. Teams should analyze the last 3–6 months of tickets and identify clusters by topic, intent, and resolution steps. If most resolutions rely on existing help articles or canned replies, chatbot deflection is appropriate.

In these cases, chatbots reduce queue pressure, improve response times, and allow agents to focus on non-routine issues.

****Stable Policies and Product Information****

Chatbots rely on stable information. They perform well when policies, pricing rules, product configurations, and workflows change infrequently.

For example, if refund policies, shipping rules, or onboarding steps remain consistent over time, chatbots can answer confidently. Freshdesk knowledge bases, FAQs, and solved tickets provide a reliable grounding.

When content changes weekly or differs by customer segment without clear logic, chatbot accuracy drops. Stability is a prerequisite for safe automation.

****Clear Escalation Paths****

Chatbots make sense when teams define clear boundaries for escalation. A chatbot should know when to stop responding and hand off the conversation.

Freshdesk supports escalation through confidence thresholds, keyword detection, sentiment analysis, and fallback rules. When a chatbot detects uncertainty, negative sentiment, or sensitive topics, it should create or update a ticket immediately. Chatbots that escalate early prevent customer frustration and reduce the risk of incorrect responses being sent.

****Measurable Success Criteria****

Teams that succeed with chatbots define success metrics before deployment. These include deflection rate, first-contact resolution, escalation percentage, customer satisfaction, and error rate.

Freshdesk reporting allows teams to track chatbot-driven interactions separately from human-handled tickets. When metrics improve consistently over time, chatbot usage makes operational sense. Without defined benchmarks, teams often misinterpret chatbot performance and scale automation prematurely.

****When Chatbots Do Not Make Sense in Freshdesk****

1.  **High-Risk or Compliance-Sensitive Conversations**

Chatbots should not handle conversations involving legal obligations, financial commitments, identity verification, or regulatory compliance.

Billing disputes, chargebacks, contract terms, refunds above thresholds, and account security issues require precise, auditable responses. Even small errors in these areas create financial or legal risk.

Freshdesk teams should route these topics directly to trained agents. Automating them increases exposure without meaningful efficiency gains.

2.  **Complex Troubleshooting and Diagnostic Flows**

Chatbots struggle with multi-step troubleshooting that depends on context, judgment, or real-time decision-making. Issues involving integrations, environment-specific bugs, or customer-specific configurations require human reasoning.

In Freshdesk, these tickets often involve back-and-forth exchanges, logs, screenshots, or cross-team collaboration. Chatbots cannot reliably manage this complexity.

Attempting to automate such flows increases resolution time and customer dissatisfaction.

3.  **Poor or Fragmented Knowledge Bases**

Chatbots amplify the quality of underlying data. If knowledge articles are outdated, contradictory, or incomplete, chatbots produce inaccurate responses with confidence.

Many Freshdesk teams underestimate the effort required to clean and structure content before automation. Without consistent tagging, version control, and ownership, chatbot accuracy degrades quickly.

In these environments, deploying a chatbot exposes knowledge gaps rather than solving them.

4.  **Lack of Governance and Oversight**

Chatbots fail when teams treat them as set-and-forget tools. Without review processes, error monitoring, and feedback loops, incorrect responses go unnoticed.

Freshdesk teams need visibility into chatbot conversations, escalation triggers, and failure cases. Without governance, automation becomes a liability instead of an asset.

****When Advanced Chatbots Become Necessary****

As ticket volume grows, many Freshdesk teams reach a point where basic rule-based chatbots stop delivering results. Static decision trees cannot adapt to phrasing variations, language differences, or evolving customer behavior.

This is where AI-driven approaches become relevant. In practice, teams adopt solutions like CoSupport AI chatbot for Freshdesk when they need higher accuracy, real-time learning, and deeper integration with existing ticket data.

In implementation-focused deployments, AI chatbots read historical Freshdesk tickets, help articles, and internal documentation to generate responses grounded in actual resolutions. They summarize conversations, apply tags, and escalate with context instead of generic handoffs.

This approach makes sense only after teams validate data quality, define escalation rules, and assign ownership for monitoring and improvement. AI does not replace governance; it increases the need for it.

****How to Evaluate Chatbot Readiness in Freshdesk****

Before deploying or expanding chatbot usage, support teams should assess readiness across four dimensions.

*   First, ticket composition. At least half of inbound volume should be repetitive and language-driven. If most tickets require investigation or judgment, automation will fail.
*   Second, data quality. Knowledge sources must be accurate, current, and structured. Every automated answer should trace back to an approved source.
*   Third, escalation design. Teams must define triggers for handoff, including confidence thresholds, keywords, sentiment signals, and customer intent shifts.
*   Fourth, accountability. Someone must own chatbot performance, review failures weekly, and update content continuously.

Teams that skip any of these steps experience higher error rates and lower customer trust.

****Common Mistakes Freshdesk Teams Make With Chatbots****

One common mistake is automating too much, too early. Teams often attempt to cover all inquiries instead of starting with a narrow scope. This increases failure rates and damages credibility.

Another mistake is measuring success only by deflection rate. High deflection without accuracy leads to repeated contacts and lower satisfaction.

The third mistake is ignoring agent feedback. Agents see chatbot failures first. Excluding them from optimization slows improvement and increases resistance. Finally, teams often underestimate maintenance. Chatbots require ongoing updates as products, policies, and customer behavior evolve.

****Use Chatbots Where They Add Control, Not Chaos****

Chatbots make sense in Freshdesk when they operate within clear boundaries, supported by clean data, strong escalation rules, and active governance. They excel at handling repetitive, low-risk conversations and reducing operational load.

They do not make sense when accuracy is critical, context is complex, or data quality is poor. In those cases, automation increases risk instead of efficiency.

The most successful Freshdesk teams treat chatbots as operational tools, not shortcuts. They deploy them deliberately, measure performance continuously, and scale only after proving reliability. When used this way, chatbots become a stabilizing force in high-volume support environments rather than a source of hidden problems.

(Image by Alexandra\_Koch from Pixabay)

When Does a Chatbot Make Sense in Freshdesk and When It Doesn’t

Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.

It starts with a simple search.

You need to set up remote access to a colleague’s computer. You do a Google search for “RustDesk download,” click one of the top results, and land on a polished website with documentation, downloads, and familiar branding.

You install the software, launch it, and everything works exactly as expected.

What you don’t see is the second program that installs alongside it—one that quietly gives attackers persistent access to your computer.

That’s exactly what we observed in a campaign using the fake domain **rustdesk\[.\]work**.

**The bait: a near-perfect impersonation**

We identified a malicious website at **rustdesk\[.\]work** impersonating the legitimate RustDesk project, which is hosted at **rustdesk.com**. The fake site closely mirrors the real one, complete with multilingual content and prominent warnings claiming (ironically) that rustdesk\[.\]work is the _only_ _official domain_.

This campaign doesn’t exploit software vulnerabilities or rely on advanced hacking techniques. It succeeds entirely through deception. When a website looks legitimate and the software behaves normally, most users never suspect anything is wrong.

**What happens when you run the installer**

The installer performs a deliberate bait-and-switch:

1.  It installs **real RustDesk**, fully functional and unmodified
2.  It quietly installs **a hidden backdoor**, a malware framework known as **Winos4.0**

The user sees RustDesk launch normally. Everything appears to work. Meanwhile, the backdoor quietly establishes a connection to the attacker’s server.

By bundling malware with working software, attackers remove the most obvious red flag: broken or missing functionality. From the user’s point of view, nothing feels wrong.

**Inside the infection chain**

The malware executes through a staged process, with each step designed to evade detection and establish persistence:

**Stage 1: The trojanized installer**

The downloaded file (rustdesk-1.4.4-x86_64.exe) acts as both **dropper and decoy**. It writes two files to disk:

*   The legitimate RustDesk installer, which is executed to maintain cover
*   logger.exe, the Winos4.0 payload

The malware hides in plain sight. While the user watches RustDesk install normally, the malicious payload is quietly staged in the background.

**Stage 2: Loader execution**

The logger.exe file is a loader — its job is to set up the environment for the main implant. During execution, it:

*   Creates a new process
*   Allocates executable memory
*   Transitions execution to a new runtime identity: Libserver.exe

This loader-to-implant handoff is a common technique in sophisticated malware to separate the initial dropper from the persistent backdoor.

By changing its process name, the malware makes forensic analysis harder. Defenders looking for “logger.exe” won’t find a running process with that name.

**Stage 3: In-memory module deployment**

The Libserver.exe process unpacks the actual Winos4.0 framework entirely in memory. Several WinosStager DLL modules—and a large ~128 MB payload—are loaded without being written to disk as standalone files.

Traditional antivirus tools focus on scanning files on disk (file-based detection). By keeping its functional components in memory only, the malware significantly reduces the effectiveness of file-based detection. This is why behavioral analysis and memory scanning are critical for detecting threats like Winos4.0.

The secondary payload is identified as **Winos4.0 (WinosStager)**: a sophisticated remote access framework that has been observed in multiple campaigns, particularly targeting users in Asia.

Once active, it allows attackers to:

*   Monitor victim activity and capture screenshots
*   Log keystrokes and steal credentials
*   Download and execute additional malware
*   Maintain persistent access even after system reboots

This isn’t simple malware—it’s a full-featured attack framework. Once installed, attackers have a foothold they can use to conduct espionage, steal data, or deploy ransomware at a time of their choosing.

**Technical detail: How the malware hides**

The malware employs several techniques to avoid detection:

**What it does**

**How it achieves this**

**Why it matters**

**Runs entirely in memory**

Loads executable code without writing files

Evades file-based detection

**Detects analysis environments**

Checks available system memory and looks for debugging tools

Prevents security researchers from analyzing its behavior

**Checks system language**

Queries locale settings via the Windows registry

May be used to target (or avoid) specific geographic regions

**Clears browser history**

Invokes system APIs to delete browsing data

Removes evidence of how the victim found the malicious site

**Hides configuration in the registry**

Stores encrypted data in unusual registry paths

Hides configuration from casual inspection

****Command-and-control activity****

Shortly after installation, the malware connects to an attacker-controlled server:

*   **IP:** 207.56.13\[.\]76
*   **Port:** 5666/TCP

This connection allows attackers to send commands to the infected machine and receive stolen data in return. Network analysis confirmed sustained two-way communication consistent with an established command-and-control session.

****How the malware blends into normal traffic****

The malware is particularly clever in how it disguises its network activity:

**Destination**

**Purpose**

207.56.13\[.\]76:5666

**Malicious:** Command-and-control server

209.250.254.15:21115-21116

**Legitimate:** RustDesk relay traffic

api.rustdesk.com:443

**Legitimate:** RustDesk API

Because the victim installed real RustDesk, the malware’s network traffic is mixed with legitimate remote desktop traffic. This makes it much harder for network security tools to identify the malicious connections: the infected computer looks like it’s just running RustDesk.

**What this campaign reveals**

This attack demonstrates a troubling trend: legitimate software used as camouflage for malware.

The attackers didn’t need to find a zero-day vulnerability or craft a sophisticated exploit. They simply:

1.  Registered a convincing domain name
2.  Cloned a legitimate website
3.  Bundled real software with their malware
4.  Let the victim do the rest

This approach works because it exploits human trust rather than technical weaknesses. When software behaves exactly as expected, users have no reason to suspect compromise.

**Indicators of compromise****File hashes (SHA256)**

File

SHA256

Classification

Trojanized installer

330016ab17f2b03c7bc0e10482f7cb70d44a46f03ea327cd6dfe50f772e6af30

Malicious

logger.exe / Libserver.exe

5d308205e3817adcfdda849ec669fa75970ba8ffc7ca643bf44aa55c2085cb86

Winos4.0 loader

RustDesk binary

c612fd5a91b2d83dd9761f1979543ce05f6fa1941de3e00e40f6c7cdb3d4a6a0

Legitimate

**Network indicators**

**Malicious domain:** rustdesk\[.\]work

**C2 server:** 207.56.13\[.\]76:5666/TCP

**In-memory payloads**

During execution, the malware unpacks several additional components directly into memory:

**SHA256**

**Size**

**Type**

a71bb5cf751d7df158567d7d44356a9c66b684f2f9c788ed32dadcdefd9c917a

107 KB

WinosStager DLL

900161e74c4dbab37328ca380edb651dc3e120cfca6168d38f5f53adffd469f6

351 KB

WinosStager DLL

770261423c9b0e913cb08e5f903b360c6c8fd6d70afdf911066bc8da67174e43

362 KB

WinosStager DLL

1354bd633b0f73229f8f8e33d67bab909fc919072c8b6d46eee74dc2d637fd31

104 KB

WinosStager DLL

412b10c7bb86adaacc46fe567aede149d7c835ebd3bcab2ed4a160901db622c7

~128 MB

In-memory payload

00781822b3d3798bcbec378dfbd22dc304b6099484839fe9a193ab2ed8852292

307 KB

In-memory payload

**How to protect yourself**

The rustdesk\[.\]work campaign shows how attackers can gain access without exploits, warnings, or broken software. By hiding behind trusted open-source tools, this attack achieved persistence and cover while giving victims no reason to suspect compromise.

The takeaway is simple: _software behaving normally does not mean it’s safe._ Modern threats are designed to blend in, making layered defenses and behavioral detection essential.

**For individuals:**

*   **Always verify download sources.** Before downloading software, check that the domain matches the official project. For RustDesk, the legitimate site is rustdesk.com—not rustdesk.work or similar variants.
*   **Be suspicious of search results.** Attackers use SEO poisoning to push malicious sites to the top of search results. When possible, navigate directly to official websites rather than clicking search links.
*   **Use security software.** Malwarebytes Premium Security detects malware families like Winos4.0, even when bundled with legitimate software.

**For businesses:**

*   **Monitor for unusual network connections.** Outbound traffic on port 5666/TCP, or connections to unfamiliar IP addresses from systems running remote desktop software, should be investigated.
*   **Implement application allowlisting.** Restrict which applications can run in your environment to prevent unauthorized software execution.
*   **Educate users about typosquatting.** Training programs should include examples of fake websites and how to verify legitimate download sources.
*   **Block known malicious infrastructure.** Add the IOCs listed above to your security tools.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Passionate about antivirus solutions, Stefan has been involved in malware testing and AV product QA from an early age. As part of the Malwarebytes team, Stefan is dedicated to protecting customers and ensuring their security.

 How real software downloads can hide remote backdoors 

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Wednesday, January 14, 2026 06:00

Cisco Talos is kicking off the new year with a behind-the-scenes look at incident response through the eyes of Terryn Valikodath, Senior Incident Response Consultant at Talos. In this episode, Amy sits down with Terryn to explore the realities of a job that blends technical know-how with communication skills, proactive planning, and a passion for problem-solving. Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Join us as Terryn shares what keeps him motivated during high-pressure incidents, the satisfaction he finds in teaching others during cyber range trainings, and the creative outlets that help him recharge.

**Amy Ciminnisi: Can you tell us a little bit about what you do here in Talos?**

Terryn Valikodath: Absolutely. I’m a Senior Incident Response Consultant, so essentially an incident responder. The unique thing about our team is that we handle both proactive and reactive work. On the proactive side, we help develop incident response plans, run tabletop exercises, threat hunts, training, and similar tasks. On the reactive side, we step in when an organization experiences a security event, investigate, and provide recommendations to get them back up and running. It’s rewarding to see both sides of the work.

**AC: On my end, I'm always amazed at all the different services Cisco Talos Incident Response provides. Is it difficult to balance them, and is there a part of the job you enjoy most?**

TV: It definitely takes some getting used to since most cybersecurity roles focus on either proactive or reactive tasks, not both. But it’s helpful, because our direct experience informs the advice we give. For example, when we develop an incident response plan, we can reference real situations we’ve handled. That builds trust with customers. My favorite aspect is running cyber range trainings — a three-day course where we teach technical folks how to handle incident response. I’m passionate about teaching, both externally and within our team. I enjoy demystifying the field and showing people that it’s about dedication and learning, not just being a specialist.

_Want to see more? Watch the_ _full interview__, and don’t forget to subscribe to our YouTube channel for future episodes of Humans of Talos._

Brushstrokes and breaches with Terryn Valikodath

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. 
Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).

Download the

*   Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.
*   Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
*   Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).

> **Download the complete 43-page analysis →**

****TL;DR****

A critical disconnect emerges in the 2026 research: While 81% of security leaders call web attacks a top priority, only 39% have deployed solutions to stop the bleeding.

Last year's research found 51% unjustified access. This year it's 64% — and accelerating into public infrastructure.

****What is Web Exposure?****

Gartner coined 'Web Exposure Management' to describe security risks from third-party applications: analytics, marketing pixels, CDNs, and payment tools. Each connection expands your attack surface; a single vendor compromise can trigger a massive data breach by injecting code to harvest credentials or skim payments.

This risk is fueled by a governance gap, where marketing or digital teams deploy apps without IT oversight. The result is chronic misconfiguration, where over-permissioned applications are granted access to sensitive data fields they don't functionally need.

This research analyzes exactly what data these third-party apps touch and whether they have a legitimate business justification.

****Methodology****

Over 12 months (ending Nov. 2025), Reflectiz analyzed 4,700 leading websites using its proprietary Exposure Rating system. It analyzes the huge number of data points it gathers from scanning millions of websites by considering each risk factor in context, adds them together to create an overall level of risk, and expresses this as a simple grade, from A to F. Findings were supplemented by a survey of 120+ security leaders in the healthcare, finance, and retail sectors.

****The Unjustified Access Crisis****

The report highlights a growing governance gap termed "unjustified access": instances where third-party tools are granted access to sensitive data without a demonstrable business need.

Access is flagged when a third-party script meets any of these criteria:

*   **Irrelevant Function:** Reading data unnecessary for its task (e.g., a chatbot accessing payment fields).
*   **Zero-ROI Presence:** Remaining active on high-risk pages despite 90+ days of zero data transmission.
*   **Shadow Deployment:** Injection via Tag Managers without security oversight or "least privilege" scoping.
*   **Over-Permissioning:** Utilizing "Full DOM Access" to scrape entire pages rather than restricted elements.

"Organizations are granting sensitive data access by default rather than exception." This trend is most acute in Entertainment and Online Retail, where marketing pressures often override security reviews.

The study identifies specific tools driving this exposure:

*   **Google Tag Manager:** Accounts for 8% of all unjustified sensitive data access.
*   **Shopify:** 5% of unjustified access.
*   **Facebook Pixel:** In 4% of analyzed deployments, the pixel was found to be over-permissioned, capturing sensitive input fields it did not require for functional tracking.

This governance gap isn't theoretical. A recent survey of 120+ security decision-makers from healthcare, finance, and retail found that 24% of organizations rely solely on general security tools like WAF, leaving them vulnerable to the specific third-party risks this research identified. Another 34% are still evaluating dedicated solutions, meaning 58% of organizations lack proper defenses despite recognizing the threat.

****Critical Infrastructure Under Siege****

While the stats show massive spikes in Government and Education breaches, the _cause_ is financial rather than technical.

*   Government Sector: Malicious activity exploded from 2% to 12.9% .
*   Education Sector: Signs of compromised sites quadrupled to 14.3% (1 in 7 sites)
*   Insurance Sector**:** By contrast, this sector reduced malicious activity by 60%, dropping to just 1.3%.

Budget-constrained institutions are losing the supply chain battle. Private sectors with better governance budgets are stabilizing their environments.

Survey respondents confirmed this: 34% cited budget constraints as their primary obstacle, while 31% pointed to lack of manpower – a combination that hits public institutions particularly hard.

****The Awareness-Action Gap****

Security leader survey findings expose organizational dysfunction:

*   **81% call web attacks a priority** → Only 39% deployed solutions
*   **61% still evaluating or using inadequate tools** → Despite 51% → 64% unjustified access surge
*   **Top obstacles:** Budget (34%), regulation (32%), staffing (31%)

**Result:** Awareness without action creates vulnerability at scale. The 42-point gap explains why unjustified access grows 25% year-over-year.

****The Marketing Department Factor****

A key driver of this risk is the "Marketing Footprint." The research found that Marketing and Digital departments now drive 43% of all third-party risk exposure, compared to just 19% created by IT.

The report found that 47% of apps running in payment frames lack business justification. Marketing teams frequently deploy conversion tools into these sensitive environments without realizing the implications.

Security teams recognize this threat: in the practitioner survey, 20% of respondents ranked supply chain attacks and third-party script vulnerabilities among their top three concerns. Yet the organizational structure that would prevent these risks – unified oversight of third-party deployments – remains absent at most organizations.

****How a Pixel Breach Could Eclipse Polyfill.io****

With 53.2% ubiquity, the Facebook Pixel is a systemic single point of failure. The risk is not the tool, but unmanaged permissions: "Full DOM Access" and "Automatic Advanced Matching" transform marketing pixels into unintentional data scrapers.

**The Precedent:** A compromise would be 5x larger than the 2024 Polyfill.io attack, exposing data across half the major web simultaneously. Polyfill affected 100K sites over weeks; Facebook Pixel's 53.2% ubiquity means 2.5M+ sites are compromised instantly.

**The Fix:** Context-Aware Deployment. Restrict pixels to landing pages for ROI, but strictly block them from payment and credential frames where they lack business justification.

> **What about TikTok pixel and other trackers? Download the full report for more insights >>**

****Technical Indicators of Compromise****

For the first time, this research pinpoints technical signals that predict compromised sites.

Compromised sites don't always use malicious apps – they're characterized by "noisier" configurations.

**Automated Detection Criteria:**

*   **Recently Registered Domains:** Domains registered within the last 6 months appear 3.8x more often on compromised sites.
*   **External Connections:** Compromised sites connect to 2.7x more external domains (100 vs. 36).
*   **Mixed Content:** 63% of compromised sites mix HTTPS/HTTP protocols.

****Benchmarks for Security Leaders****

Among the 4,700 analyzed sites, 429 demonstrated strong security outcomes. These organizations prove that functionality and security can coexist:

*   **ticketweb.uk:** Only site meeting all 8 benchmarks (Grade A+)
*   **GitHub, PayPal, Yale University:** Meeting 7 benchmarks (Grade A)

****The 8 Security Benchmarks: Leaders vs Average****

The benchmarks below represent achievable targets based on real-world performance, not theoretical ideals. Leaders maintain ≤8 third-party apps, while average organizations struggle with 15-25. The difference isn't resources – it's governance. Here's how they compare across all eight metrics:

****Three Quick Wins To Prioritize********1\. Audit Trackers****

**Inventory every pixel/tracker:**

*   Identify the owner and business justification
*   Remove tools that can't justify data access

**Priority fixes:**

*   Facebook Pixel: Disable 'Automatic Advanced Matching' on PII pages
*   Google Tag Manager: Verify no payment page access
*   Shopify: Review app permissions

****2\. Implement Automated Monitoring****

Deploy runtime monitoring for:

*   Sensitive field access detection (cards, SSNs, credentials)
*   Real-time alerts for unauthorized collection
*   CSP violation tracking

****3\. Address the Marketing-IT Divide****

**Joint CISO + CMO review:**

*   Marketing tools in payment frames
*   Facebook Pixel scoping (use Allow/Exclusion Lists)
*   Tracker ROI vs. security risk

****Download the Full Report****

Get the complete 43-page analysis, including:

✅ **Sector-by-sector risk breakdowns**

✅ **Complete list of high-risk third-party apps**

✅ **Year-over-year trend analysis**

✅ **Security leaders best practices**

> **DOWNLOAD THE FULL REPORT HERE**

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

A new investigation by GreyNoise reveals a massive wave of over 90,000 attacks targeting AI tools like Ollama and OpenAI. Experts warn that hackers are conducting "reconnaissance" to map out vulnerabilities in enterprise AI systems.

In a recent discovery, researchers have found that cybercriminals are turning their focus toward the systems that power modern artificial intelligence (AI). Between October 2025 and January 2026, a specialized honeypot (a trap set by security experts to catch hackers) recorded 91,403 attack sessions.

This investigation was conducted by the research firm GreyNoise, which set up fake installations of a popular AI tool called Ollama to act as bait. The research reveals that there isn’t just one group at work, but two separate campaigns are active, each trying to find a different way to exploit the growing world of AI.

****The Phone Home Trick****

The first group of attackers used a method known as Server-Side Request Forgery (SSRF). To put it simply, this is a trick where a hacker fools a company’s server into making a connection to the hacker’s own computer. Researchers noted that the attackers specifically targeted Ollama and Twilio (a popular messaging service).

By sending a “malicious registry URL,” they could force the AI server to “phone home” to their own systems. It is worth noting that this activity saw a “dramatic spike over Christmas,” with 1,688 sessions occurring in just 48 hours, according to GreyNoise’s blog post. While some of these might be security researchers or bug bounty hunters looking for rewards, the timing suggests they were pushing boundaries while IT teams were on holiday.

Campaign 1 timeline (Source: GreyNoise)

****Building a Hit List for AI Models****

The second campaign is even more concerning. Starting on December 28, 2025, two specific digital addresses (45.88.186.70 and 204.76.203.125) began a massive, methodical search of over 73 different AI endpoints. While investigating, researchers found that in just eleven days, they generated 80,469 sessions to see which AI models they could reach.

According to researchers, these were professional actors, perhaps conducting reconnaissance since they weren’t trying to break things yet. Also, they noted the actors were “building target lists” by testing models from big names like Anthropic (Claude), Meta (Llama), xAI (Grok), and DeepSeek.

> _“The attack tested both OpenAI-compatible API formats and Google Gemini formats. Every major model family appeared in the probe list: OpenAI (GPT-4o and variants), Anthropic (Claude Sonnet, Opus, Haiku), Meta (Llama 3.x), DeepSeek (DeepSeek-R1), Google (Gemini), Mistral, Alibaba (Qwen), and xAI (Grok).”_
> 
> GreyNoise

Further probing revealed that these attackers used simple, innocent questions like “How many states are there in the United States?” just to see which models would respond.

Campaign 2 test queries (source: GreyNoise)

****How to Protect Your Systems****

To keep these systems secure, researchers at GreyNoise suggest that companies should only allow AI models to be downloaded from trusted sources. It is also important to watch out for rapid-fire requests that ask the same simple questions over and over. The scale of these attacks is massive, involving 62 source IPs across 27 countries, which is a clear sign that hackers are now mapping out their next big move.

****Expert Warnings on AI Risks****

Security teams are viewing these findings as an early warning of a much broader risk. Chris Hughes, VP of Security Strategy at Zenity, shared his perspective exclusively with Hackread.com, noting that while probing models is a concern, the immediate danger lies in how AI agents interact with company systems.

“While this marks the first public confirmation of attackers targeting AI systems, it certainly won’t be the last,” Hughes stated. He explained that the information gained from these probes will likely be used for future attacks. He warned that the greater risk appears when AI tools access enterprise systems or cloud environments without proper oversight.

“As attackers move from probing models to exploiting agents, organizations that focus only on model-centric security will be responding to incidents they never saw coming,” he added.

(Photo by Egor Komarov on Unsplash)

Latest News