Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-9hp3-f5g8-rccg: The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.
"The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions," the company said. "

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

To reduce the number of harmful apps targeting Android users, Google is making some changes.

To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed.

But this new measure is not just about malware that’s found on the Google Play Store, it’s mainly about sideloaded apps (apps downloaded from outside the official Google Play Store).

Since August 31, 2023, apps on the Play Store already were subject to a D-U-N-S (Data Universal Numbering System) number requirement. Google says this has helped reduce the number of cybercriminals exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.

To broaden this success, Google intends to start sending out invitations gradually starting October 2025, before opening it up to all developers in March 2026. In September 2026, the requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer. The requirements will then be rolled out globally.

This initiative, branded as ‘Developer verification,’ aims to combat the widespread problem of malware from sideloaded apps. Google says its research shows that 50 times more malware comes from sideloaded sources than from Google Play itself.

So, the new rules extend to everyone distributing Android apps, including those hosting them on third-party app stores or offering APK downloads directly. For developers who distribute their apps solely through the Google Play Store there will not be much of a change.

Yet, while legitimate developers will tell you how hard it is to get their apps accepted into the Google Play Store, cybercriminals manage to sneak in their malicious apps anyway.

For a full understanding of the new requirement, we’ll need to explain what “certified Android devices” are.

A definition for a certified Android device is: an Android product—such as a smartphone, tablet, smart TV, or streaming box—that has passed a rigorous series of Google security, compatibility, and performance tests, and is officially approved by Google. Certified devices run an official version of Android and have access to Google apps and the Play Store. Uncertified devices often lack these and may not receive updates or proper security support.

This is important to know because not all Android malware is limited to phones. Take for example, the BadBox botnet which also affects devices like TV streaming boxes, tablets, and smart TVs.

In practice, a certified device encompasses all mainstream devices from Samsung, Xiaomi, Motorola, OnePlus, Oppo, Vivo, and the Google Pixel line.

Reportedly, non-certified devices are those from Huawei, Amazon Fire tablets, and a set of Chinese TV boxes and smartphones that use heavily modified OS images.

Google encourages all developers to sign up for early access as the best way to prepare and stay informed.

>  “Early participants will also get:
> 
> *   An invitation to an exclusive community discussion forum.
> *   Priority support for these new requirements.
> *   The chance to provide feedback and help us shape the experience.”

Whether these controls will be effective largely depends on enforcement and public awareness, but Google feels it marks real progress toward a safer mobile ecosystem. Let us know how you feel about this in the comments.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Developer verification: a promised lift for Android security 

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious container to escape and gain administrator access to the host computer.

A security flaw in Docker Desktop, a popular application for developers, has been fixed after it was found to allow attackers to break out of isolated containers and take full control of a computer. This vulnerability, officially known as CVE-2025-9074 with a critical score of 9.3 out of 10, impacts both Windows and macOS versions of the software.

The flaw, which was patched in Docker Desktop version 4.44.3 on August 20, 2025, allows a malicious program running inside a container to get unauthorised access to the main computer. For your information, containers are isolated environments that keep applications separate from the host system, but this security issue bypassed that protection.

****A Flaw in the System****

The problem was that the Docker Engine’s internal communication system, a type of web address known as an HTTP API, was exposed without any security checks. This meant that a container with malicious code could connect to the API, create a new container with special “privileged” powers, and then access the host computer’s files. The attacker could then modify the system to gain administrator-level control. This is what’s known as a “container escape” or “container breakout” vulnerability.

The vulnerability was so severe that it worked even if the user had turned on Docker’s Enhanced Container Isolation (ECI) feature, which is designed to prevent such attacks. On Windows, an attacker could even use this flaw to overwrite important system files and take over the entire computer.

****The Fix and Recommendations****

Docker quickly released a patch to fix the issue in version 4.44.3. The company stated that the vulnerability was resolved, preventing a malicious container from accessing the Docker Engine to launch other containers.

This incident makes it critical for anyone using Docker Desktop to remain vigilant. To stay secure, first, update all your software, including Docker Desktop to version 4.44.3. Second, harden your settings by avoiding overly permissive configurations, such as the –privileged command, and by restricting what containers can access. Finally, continuously monitor your system for any suspicious activity, such as unusual resource usage, to detect malicious programs.

_“_Docker Desktop is a very useful tool when it comes to running isolated environments and applications without touching the host system and this vulnerability essentially breaches that boundary and lets a malicious user explore the host file system which is supposed to be out of bounds for the container,_“_ said Ms. Nivedita Murthy, Senior Staff Consultantat Black Duck, a Burlington, Massachusetts-based provider of application security solutions:.

_“_The developer community heavily uses Docker Desktop on their systems, which would primarily be either Windows or, in some cases, Mac systems as well,_“_ she pointed out. _“_IT teams should push for updates and sound an alert to all users to upgrade immediately. They should also proactively search the organisation’s assets for any installed versions of the software and either remove or upgrade them as needed to ensure organisation deliver development velocity with trust,” Nivedita advised.

Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC).
According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat

ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots

Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.

AI-Powered Ransomware Has Arrived With 'PromptLock'

Failure to comply with consumer data access and deletion requests highlights the urgent need for standardized verification processes and stronger enforcement mechanisms to protect consumer privacy.

Gaps in California Privacy Law: Half of Data Brokers Ignore Requests

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed MFA using stolen OAuth tokens and what organizations can do to secure non-human identities.

A recent advisory issued by the Google Threat Intelligence Group (GTIG) and Mandiant has revealed a widespread data theft campaign targeting Salesforce. The campaign, which took place from as early as August 8 through at least August 18, 2025, was carried out by a threat actor known as UNC6395.

****Bypassing Security with a Digital Key****

As per GTIG’s advisory, in this case, the attackers didn’t exploit a vulnerability in the core Salesforce platform; instead, they compromised OAuth tokens from the Salesloft Drift third-party application.

For your information, OAuth tokens are like a special digital key that grants access to a user’s account without needing a password. Because the attackers abused these non-human identities (NHIs), they could completely bypass traditional security measures like Multi-Factor Authentication (MFA), which protects against simple password theft.

Once inside, UNC6395 systematically exported large volumes of data from numerous corporate Salesforce accounts. Their primary goal was to harvest credentials and search for high-value “secrets” that could be used for further attacks.

The threat actor specifically targeted data from customer accounts, users, and opportunities, looking for sensitive information such as AWS access keys and Snowflake tokens.

The advisory noted that Google Cloud customers were not directly impacted by this campaign.

****Rapid Response****

The attackers showed an awareness of security, deleting their query jobs to cover their tracks. However, their activity was still logged, providing a trail for security teams to follow.

In a swift response, Salesloft, in collaboration with Salesforce, revoked all active access tokens for the Drift app on August 20, 2025. Also, Salesforce temporarily removed the Drift application from its AppExchange platform while the investigation continues.

Both companies and GTIG have notified the organizations affected by the breach.

Reflecting upon this incident, Astrix Security shared its observations in a separate blog post, revealing that exploiting NHIs is a growing trend for attackers because these identities are persistent and often have high-level privileges.

Astrix dubs this campaign a textbook example of this trend, where attackers gain a direct, trusted path to exfiltrate data and hunt for even more high-value NHIs, like cloud infrastructure keys.

Therefore, organizations must adopt proactive security measures. GTIG suggests hardening access controls by restricting Connected App scopes, searching for exposed secrets within their Salesforce data, rotate compromised credentials, checking for specific IP addresses/User-Agent strings, and enforcing IP restrictions to limit future risk.

Jonathan Sander, Field CTO at Astrix Security, stated in a comment shared with Hackread.com that the breach was a “classic NHI attack.” He explained that attackers steal things that “humans won’t notice” and operate in the shadows to steal more and more.

“Sadly, most of the time what we see is that people don’t know what they don’t know about their NHIs,” he said, highlighting that many organizations have not even created a basic inventory of these non-human identities.

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

Cybercriminals are increasingly using generative AI tools to fuel their attacks, with new research finding instances of AI being used to develop ransomware.

As cybercrime surges around the world, new research increasingly shows that ransomware is evolving as a result of widely available generative AI tools. In some cases, attackers are using AI to draft more intimidating and coercive ransom notes and conduct more effective extortion attacks. But cybercriminals’ use of generative AI is rapidly becoming more sophisticated. Researchers from the generative AI company Anthropic today revealed that attackers are leaning on generative AI more heavily—sometimes entirely—to develop actual malware and offer ransomware services to other cybercriminals.

Ransomware criminals have recently been identified using Anthropic’s large language model Claude and its coding-specific model, Claude Code, in the ransomware development process, according to the company’s newly released threat intelligence report. Anthropic’s findings add to separate research this week from the security firm ESET that highlights an apparent proof of concept for a type of ransomware attack executed entirely by local LLMs running on a malicious server.

Taken together, the two sets of findings highlight how generative AI is pushing cybercrime forward and making it easier for attackers—even those who don’t have technical skills or ransomware experience—to execute such attacks. “Our investigation revealed not merely another ransomware variant, but a transformation enabled by artificial intelligence that removes traditional technical barriers to novel malware development,” researchers from Anthropic’s threat intelligence team wrote.

Over the last decade, ransomware has proven an intractable problem. Attackers have become increasingly ruthless and innovative so victims will keep paying out. By some estimates, the number of ransomware attacks hit record highs at the start of 2025, and criminals continue to make hundreds of millions of dollars per year. As former US National Security Agency and Cyber Command chief Paul Nakasone put it at the Defcon security conference in Las Vegas earlier this month: “We are not making progress against ransomware.”

Adding AI into the already hazardous ransomware cocktail only increases what hackers may be able to do. According to Anthropic’s research, a cybercriminal threat actor based in the United Kingdom, which is tracked as GTG-5004 and has been active since the start of this year, used Claude to “develop, market, and distribute ransomware with advanced evasion capabilities.”

On cybercrime forums, GTG-5004 has been selling ransomware services ranging from $400 to $1,200, with different tools being provided for different package levels, according to Anthropic’s research. The company says that while GTG-5004’s products include a range of encryption capabilities, different software reliability tools, and methods designed to help the hackers avoid detection, it appears the developer is not technically skilled. “This operator does not appear capable of implementing encryption algorithms, anti-analysis techniques, or Windows internals manipulation without Claude’s assistance,” the researchers write.

Anthropic says it banned the account linked to the ransomware operation and introduced “new methods” for detecting and preventing malware generation on its platforms. These include using pattern detection known as YARA rules to look for malware and malware hashes that may be uploaded to its platforms.

While such activity so far does not appear to be the norm across the ransomware ecosystem, the findings represent a stark warning.

“There are definitely some groups that are using AI to aid with the development of ransomware and malware modules, but as far as Recorded Future can tell, _most_ aren’t,” says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. “Where we do see more AI being used widely is in initial access.”

Separately, researchers at the cybersecurity company ESET this week claimed to have discovered the “first known AI-powered ransomware,” dubbed PromptLock. The researchers say the malware, which largely runs locally on a machine and uses an open source AI model from OpenAI, can “generate malicious Lua scripts on the fly” and uses these to inspect files the hackers may be targeting, steal data, and deploy encryption. ESET believes the code is a proof-of-concept that has seemingly not been deployed against victims, but the researchers emphasize that it illustrates how cybercriminals are starting to use LLMs as part of their toolsets.

“Deploying AI-assisted ransomware presents certain challenges, primarily due to the large size of AI models and their high computational requirements. However, it’s possible that cybercriminals will find ways to bypass these limitations,” ESET malware researchers Anton Cherepanov and Peter Strycek, who discovered the new ransomware, wrote in an email to WIRED. “As for development, it is almost certain that threat actors are actively exploring this area, and we are likely to see more attempts to create increasingly sophisticated threats.”

Although PromptLock hasn’t been used in the real world, Anthropic’s findings further underscore the speed with which cybercriminals are moving to building LLMs into their operations and infrastructure. The AI company also spotted another cybercriminal group, which it tracks as GTG-2002, using Claude Code to automatically find targets to attack, get access into victim networks, develop malware, and then exfiltrate data, analyze what had been stolen, and develop a ransom note.

In the last month, this attack impacted “at least” 17 organizations in government, health care, emergency services, and religious institutions, Anthropic says, without naming any of the organizations impacted. “The operation demonstrates a concerning evolution in AI-assisted cybercrime,” Anthropic’s researchers wrote in their report, “where AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually.”

The Era of AI-Generated Ransomware Has Arrived

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system.

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system.

TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim’s Android phone. It then monitors that phone’s activities and sends the information it gathers back to a central server. On Monday, TechCrunch revealed—not for the first time—that the servers are vulnerable to attack. It found that anyone can reset the password of any account on the app, meaning they could hijack anyone’s data.

The security researcher, Swarang Wade, demonstrated the vulnerability to TechCrunch by changing the passwords on several tests accounts. The publication isn’t revealing exactly how it was done, to prevent anyone from abusing the flaw.

TheTruthSpy gathers a lot of data about its victims. It provides the person who installed it with information about what calls or texts were made or received on the victim’s phone, and its location (harvested from the GPS), along with activities associated with messaging apps and files.

This isn’t the first time that TheTruthSpy has suffered from security issues:

*   In 2018, a hacker gained access to all its servers.
*   In 2019, it exposed pictures of kids taken with infected phones online.
*   In 2024, stalkerware researchers found an unpatched flaw that rendered all data on the app’s servers accessible.

This would all be very bad if people using the app knew that they were doing so, and that their personal usage data was stored online. But many of them are oblivious to the fact.

TheTruthSpy’s vendor, Vietnam-based 1Byte Software, warns that people must obtain consent before installing the app on someone else’s phone. However it also specifically advertises ‘stealth mode’, which makes it “completely invisible to users on phones/tablets where it’s installed.”

The software’s website touts its ability to spy on phone users as a way for parents to monitor and protect their children. That raises its own ethical questions, especially given the multiple data leaks. But that isn’t its only use. Abusers will use apps like these to monitor their current or ex-partners, or other stalking targets.

Once a victim has this installed on their phone without their knowledge, the installer can monitor their photos, social media interactions, emails, and internet browsing history. It will also record audio and log keystrokes without them being aware.

Van (Vardy) Thieu, owner of 1Byte Software, told TechCrunch that its source code was lost. He claimed to be building a new version from scratch, although TechCrunch’s reporters found that it was using the same vulnerable software library as the older version.

The software’s multiple bugs demonstrate just how dangerous it is to put this – or indeed any stalkerware app – on someone’s phone. The operators of these apps are often difficult to track down and hold accountable for their security issues.

**How to check if you have stalkerware on your phone**

What can you do if you suspect your phone might be infected with stalkerware? We think TechCrunch’s guide deserves a mention here, as does The Coalition Against Stalkerware, of which Malwarebytes is a founding member. The latter includes per-country links to organizations that help victims of domestic violence.

It is good to keep in mind however that by removing any stalkerware-type app, you will alert the person spying on you that you know the app is there.

Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes for Android can help you.

1.  Open Malwarebytes on your Android.
2.  Open the app’s dashboard
3.  Tap **Scan** **now**
4.  It may take a few minutes to scan your device.

 If malware is detected you can act on it in the following ways:

*   **Uninstall**. The threat will be deleted from your device.
*   **Ignore Always**. The file detection will be added to the Allow List, and excluded from future scans. Legitimate files are sometimes detected as malware. We recommend reviewing scan results and adding files to Ignore Always that you know are safe and want to keep.
*   **Ignore Once**: A file has been detected as a threat, but you are not sure whether to add it to your Allow List or delete. This option will ignore the detection this time only. It will be detected as malware on your next scan.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Latest News