A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices.
The malware embeds a hard-coded list comprising over 400 applications spanning banking, financial technology, payment processors, cryptocurrency

A new Android malware named **Albiriox** has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices.

The malware embeds a hard-coded list comprising over 400 applications spanning banking, financial technology, payment processors, cryptocurrency exchanges, digital wallets, and trading platforms.

"The malware leverages dropper applications distributed through social engineering lures, combined with packing techniques, to evade static detection and deliver its payload," Cleafy researchers Federico Valentini, Alessandro Strino, Gianluca Scotti, and Simone Mattia said.

Albiriox is said to have been first advertised as part of a limited recruitment phase in late September 2025, before shifting to a MaaS offering a month later. There is evidence to suggest that the threat actors are Russian-speaking based on their activity on cybercrime forums, linguistic patterns, and the infrastructure used.

Prospective customers are provided access to a custom builder that, per the developers' claims, integrates with a third-party crypting service known as Golden Crypt to bypass antivirus and mobile security solutions.

The end goal of the attacks is to seize control of mobile devices and conduct fraudulent actions, all while flying under the radar. At least one initial campaign has explicitly targeted Austrian victims by leveraging German-language lures and SMS messages containing shortened links that lead recipients to fake Google Play Store app listings for apps like PENNY Angebote & Coupons.

Unsuspecting users who clicked on the "Install" button on the lookalike page are compromised with a dropper APK. Once installed and launched, the app prompts them to grant it permissions to install apps under the guise of a software update, which leads to the deployment of the main malware.

Albiriox uses an unencrypted TCP socket connection for command-and-control (C2), allowing the threat actors to issue various commands to remotely control the device using Virtual Network Computing (VNC), extract sensitive information, serve black or blank screens, and turn the volume up/down for operational stealth.

It also installs a VNC‑based remote access module to allow threat actors to remotely interact with the compromised phones. One version of the VNC-based interaction mechanism makes use of Android's accessibility services to display all user interface and accessibility elements present on the device screen.

"This accessibility-based streaming mechanism is intentionally designed to bypass the limitations imposed by Android's FLAG\_SECURE protection," the researchers explained.

"Since many banking and cryptocurrency applications now block screen recording, screenshots, and display capture when this flag is enabled, leveraging accessibility services allows the malware to obtain a complete, node-level view of the interface without triggering any of the protections commonly associated with direct screen-capture techniques."

Like other Android-based banking trojans, Albiriox supports overlay attacks against a hard-coded list of target applications for credential theft. What's more, it can serve as overlays mimicking a system update or a black screen to enable malicious activities to be carried out in the background without attracting any attention.

Cleafy said it also observed a slightly altered distribution approach that redirects users to a fake website masquerading as PENNY, where the victims are instructed to enter their phone number so as to receive a direct download link via WhatsApp. The page currently only accepts Austrian phone numbers. The entered numbers are exfiltrated to a Telegram bot.

"Albiriox exhibits all core characteristics of modern on-device fraud (ODF) malware, including VNC-based remote control, accessibility-driven automation, targeted overlays, and dynamic credential harvesting," Cleafy said. "These capabilities enable attackers to bypass traditional authentication and fraud-detection mechanisms by operating directly within the victim's legitimate session."

The disclosure coincides with the emergence of another Android MaaS tool codenamed RadzaRat that impersonates a legitimate file management utility, only to unleash extensive surveillance and remote control capabilities post-installation. The RAT was first advertised in an underground cybercrime forum on November 8, 2025.

"The malware's developer, operating under the alias 'Heron44,' has positioned the tool as an accessible remote access solution that requires minimal technical knowledge to deploy and operate," Certo researcher Sophia Taylor said. "The distribution strategy reflects a troubling democratization of cybercrime tools."

Central to RadzaRat is its ability to remotely orchestrate file system access and management, allowing the cybercriminals to browse directories, search for specific files, and download data from the compromised device. It also abuses accessibility services to log users' keystrokes and use Telegram for C2.

To achieve persistence, the malware uses RECEIVE\_BOOT\_COMPLETED and RECEIVE\_LOCKED\_BOOT\_COMPLETED permissions, along with a dedicated BootReceiver component, to ensure that it's automatically launched upon a device restart. Additionally, it seeks the REQUEST\_IGNORE\_BATTERY\_OPTIMIZATIONS permission to exempt itself from Android's battery optimization features that may restrict its background activity.

"Its disguise as a functional file manager, combined with extensive surveillance and data exfiltration capabilities, makes it a significant threat to individual users and organizations alike," Certo said.

The findings come as fake Google Play Store landing pages for an app named "GPT Trade" ("com.jxtfkrsl.bjtgsb") have distributed the BTMOB Android malware and a persistence module referred to as UASecurity Miner. BTMOB, first documented by Cyble back in February 2025, that's known to abuse accessibility services to unlock devices, log keystrokes, automate credential theft through injections, and enable remote control.

Social engineering lures using adult content as lures have also underpinned a sophisticated Android malware distribution network to deliver a heavily obfuscated malicious APK file that requests sensitive permissions for phishing overlays, screen capture, installing other malware, and manipulating the file system.

"It employs a resilient, multi-stage architecture with front-end lure sites that use commercial-grade obfuscation and encryption to hide and dynamically connect to a separate backend infrastructure," Palo Alto Networks Unit 42 said. "The front-end lure sites use deceptive loading messages and a series of checks, including the time it takes to load a test image, to evade detection and analysis."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.
"These attacks highlight a notable shift in Tomiris's tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as

Malware / Threat Intelligence

The threat actor known as **Tomiris** has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.

"These attacks highlight a notable shift in Tomiris's tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as command-and-control (C2) servers," Kaspersky researchers Oleg Kupreev and Artem Ushkov said in an analysis. "This approach likely aims to blend malicious traffic with legitimate service activity to evade detection by security tools."

The cybersecurity company said more than 50% of the spear-phishing emails and decoy files used in the campaign used Russian names and contained Russian text, indicating that Russian-speaking users or entities were the primary focus. The spear-phishing emails have also targeted Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan using tailored content written in their respective national languages.

The attacks aimed at high-value political and diplomatic infrastructure have leveraged a combination of reverse shells, custom implants, and open-source C2 frameworks like Havoc and AdaptixC2 to facilitate post-exploitation.

Details of Tomiris first emerged in September 2021 when Kaspersky shed light on the inner workings of a backdoor of the same name, pinpointing its links with SUNSHUTTLE (aka GoldMax), a malware used by the Russian APT29 hackers behind the SolarWinds supply chain attack, and Kazuar, a .NET-based espionage backdoor used by Turla.

Despite these overlaps, Tomiris is assessed to be a different threat actor that mainly focuses on intelligence gathering in Central Asia. Microsoft, in a report published in December 2024, connected the Tomiris backdoor to a Kazakhstan-based threat actor it tracks as Storm-0473.

Subsequent reports from Cisco Talos, Seqrite Labs, Group-IB, and BI.ZONE have strengthened this hypothesis, with the analyses identifying overlaps with clusters referred to as Cavalry Werewolf, ShadowSilk, Silent Lynx, SturgeonPhisher, and YoroTrooper.

The latest activity documented by Kaspersky begins with phishing emails containing malicious password-protected RAR files. The password to open the archive is included in the text of the email. Present within the file is an executable masquerading as a Microsoft Word document (\*.doc.exe) that, when launched, drops a C/C++ reverse shell that's responsible for gathering system information and contacting a C2 server to fetch AdaptixC2.

The reverse shell also makes Windows Registry modifications to ensure persistence for the downloaded payload. Three different versions of the malware have been detected this year alone.

Alternatively, the RAR archives propagated via the emails have been found to deliver other malware families, which, in turn, trigger their own infection sequences -

*   A Rust-based downloader that collects system information and sends it to a Discord webhook; creates Visual Basic Script (VBScript) and PowerShell script files; and launches the VBScript using cscript, which runs the PowerShell script to fetch a ZIP file containing an executable associated with Havoc.
*   A Python-based reverse shell that uses Discord as C2 to receive commands, execute them, and exfiltrate the results back to the server; conducts reconnaissance; and downloads next-stage implants, including AdaptixC2 and a Python-based FileGrabber that harvests files matching jpg, .png, .pdf, .txt, .docx, and .doc. extensions.
*   A Python-based backdoor dubbed Distopia that's based on the open-source dystopia-c2 project and uses Discord as C2 to execute console commands and download additional payloads, including a Python-based reverse shell that uses Telegram for C2 to run commands on the host and send the output back to the server.

Tomiris' malware arsenal also comprises a number of reverse shells and implants written in different programming languages -

*   A C# reverse shell that employs Telegram to receive commands
*   A Rust-based malware named JLORAT that can run commands and take screenshots
*   A Rust-based reverse shell that uses PowerShell as the shell rather than "cmd.exe"
*   A Go-based reverse shell that establishes a TCP connection to run commands via "cmd.exe"
*   A PowerShell backdoor that uses Telegram to execute commands and download an arbitrary file to the "C:\\Users\\Public\\Libraries\\" location
*   A C# reverse shell that uses establishes a TCP connection to run commands via "cmd.exe"
*   A reverse SOCKS proxy written in C++ that modifies the open-source Reverse-SOCKS5 project to remove debugging messages and hide the console window
*   A reverse SOCKS proxy written in Golang that modifies the open-source ReverseSocks5 project to remove debugging messages and hide the console window

"The Tomiris 2025 campaign leverages multi-language malware modules to enhance operational flexibility and evade detection by appearing less suspicious," Kaspersky said. "The evolution in tactics underscores the threat actor's focus on stealth, long-term persistence, and the strategic targeting of government and intergovernmental organizations."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

CloudSEK found over 2,000 fake sites impersonating Amazon and top brands before Cyber Monday and Black Friday. Learn the key fraud signs now to stay safe.

Shoppers looking for great deals this holiday season need to be extra careful, as a massive operation involving over 2,000 fake online stores has been found, timed perfectly to steal money and personal details during peak sales like Black Friday and Cyber Monday.

Cybersecurity firm CloudSEK recently discovered this huge network and shared its research with Hackread.com. According to CloudSEK’s analysis, these aren’t isolated incidents; they are highly organised operations using identical methods to trick people, making this one of the largest coordinated scam efforts seen this shopping season.

The fake sites were identified by their suspicious resource usage and recurring templates. This operation includes two main groups: one with over 750 interconnected sites, 170 of which impersonate Amazon using uniform banners, flipclock-style urgency timers, and misleading trust symbols. The second group comprises over 1,000 .shop domains impersonating major brands like Apple, Samsung, Dell, Ray-Ban, and Xiaomi.

****How Scammers Are Tricking Customers****

These fake shops look real because scammers have used the same basic tools (phishing kits) to quickly build thousands of similar websites. To rush buyers into purchasing, they use fake countdown timers and urgent messages about low stock.

The sites are linked because they all load their designs from the same shared source, like a digital fingerprint, which allowed CloudSEK to trace these stores back to a single criminal group. The sites are spread through social media ads, search results, and messaging apps like WhatsApp and Telegram

Researchers explain that once a shopper decides to buy, they are sent to a shell checkout page, which looks like a standard payment screen but is actually designed to steal sensitive financial details. For example, the domain amaboxreturns.com redirects payment through another unflagged domain, allowing criminals to complete fraudulent transactions without raising alarms. CloudSEK noted that these payment portals often use a China-based provider for hosting.

Use of fake trust badges, scarcity messaging, and fabricated recent-purchase pop-ups to create urgency, and Checkout pages capture full billing and payment details for financial theft (Source: CloudSEK)

“WHOIS records for georgmat.com indicate hosting through a China-based provider (Alibaba Cloud Computing Ltd.) with registration details listing Guangdong as the administrative state. The geographic mismatch between the infrastructure and the impersonated US retail brands increases suspicion and supports the assessment that the domain is being leveraged as part of a fraudulent, holiday-themed payment redirection scheme,” the blog post reads.

Researchers estimate that with a conversion rate of between 3% to 8% of visitors becoming victims, scammers could potentially earn between $2,000 and $12,000 per fake site before it gets shut down. While some fake domains have been closed, many remain active, becoming fully operational right before big sales events to maximise the number of victims.

“If left unchecked, these scams could cause significant financial losses for consumers and erode trust in global e-commerce during its busiest season,” said Ibrahim Saify, Security Researcher, CloudSEK

****What Shoppers Need to Look Out For****

Finding a deal that is too good to be true is the first sign of a scam. To stay safe, CloudSEK says shoppers should watch out for flashy banners or aggressive messages like “Limited Time!” designed to create panic; domain names that combine a brand name with extra words like safe, fast, or sale (like brandname-safe.shop); missing or fake contact information; and identical layouts across different store names.

If you see any of these warning signs, the safest choice is to avoid the site and verify the deal on the brand’s official website.

Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence.

Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit preparation that costs organisations 30-40 hours per audit cycle.

The announcement includes two integrated capabilities: API-driven compliance automation that feeds structured security evidence into GRC platforms and the Quttera Threat Encyclopedia, an AI-powered resource providing instant context for detected threats.

****Automating the Manual Evidence Chase****

Organisations preparing for SOC 2, ISO 27001, and PCI DSS v4.0 audits traditionally spend dozens of hours manually collecting security evidence, exporting reports, capturing screenshots, and mapping findings to compliance controls. This approach creates outdated evidence, doesn’t scale across frameworks, and fails to prove continuous monitoring.

“Security teams are exhausted by the manual ‘evidence chase’ required before every audit,” said Michael Novofastovsky, CTO of Quttera. “We’re transforming malware detection into ‘Evidence-as-Code’ structured, real-time security data that flows automatically into compliance workflows. Whether organisations use Drata, Vanta, or custom GRC systems, our API provides continuous proof without human intervention.”

Quttera’s API converts threat detection into structured JSON with embedded compliance metadata, mapping findings to controls across SOC 2 (CC6.1, CC7.2), PCI DSS v4.0 (Requirements 6.4.3, 11.6.1), ISO 27001, and GDPR simultaneously.

****Addressing PCI DSS v4.0’s New Requirements****

The update specifically targets PCI DSS v4.0 requirements mandatory since March 2025, particularly Requirements 6.4.3 (script authorisation on payment pages) and 11.6.1 (file integrity monitoring). These requirements demand continuous automated detection capabilities that manual processes cannot provide at scale.

“PCI DSS v4.0 requires real-time detection of unauthorised changes to payment scripts,” Novofastovsky explained. “Our API provides timestamped evidence that monitoring is active 24/7, changes are detected automatically, and controls are continuously validated.”

****AI-Powered Threat Intelligence****

The Threat Encyclopedia addresses the context gap security teams face when responding to detections. Integrated directly into scan reports, it provides:

*   Step-by-step remediation guidance
*   Business impact and risk classification
*   Connections to known attack campaigns
*   Technical breakdown of malware behaviour

“We’re automating both sides of the problem,” said Novofastovsky. “The API handles compliance proof. The Threat Encyclopedia handles operational response. Together, they eliminate manual evidence collection and research overhead.”

The Encyclopedia currently documents 80+ web malware categories, with AI-assisted expansion based on emerging threats.

****Key Capabilities****

*   Automated Control Mapping: Detections tagged for multiple compliance frameworks simultaneously
*   Real-Time Evidence Streaming: Continuous JSON feeds replace static PDF reports
*   Behavioural Detection: Heuristic scanning identifies zero-day and polymorphic threats
*   Integration Flexibility: Works with existing GRC platforms via standard REST API

****Availability****

Enhanced capabilities are available immediately to all Quttera API subscribers.

API Documentation: https://quttera.com/quttera-web-malware-scanner-api

Integration Help: https://quttera.com/quttera-anti-malware-api-help

Threats Library: https://threats.quttera.com/

****About Quttera****

Quttera provides automated website security and malware detection solutions, delivering compliance-ready evidence for organisations across financial services, healthcare, e-commerce, and technology sectors. Its comprehensive suite includes advanced heuristic scanning, blacklist monitoring, and remediation services, helping businesses worldwide protect their digital assets and reputation.

****Contact****

CTO  
Michael Novofastovsky  
Quttera  
\[email protected\]

Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.
The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via

Hacktivism / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.

The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via system\_settings.shtm. It impacts the following versions -

*   OpenPLC ScadaBR through 1.12.4 on Windows
*   OpenPLC ScadaBR through 0.9.1 on Linux

The addition of the security defect to the KEV catalog comes a little over a month after Forescout said it caught a pro-Russian hacktivist group known as TwoNet targeting its honeypot in September 2025, mistaking it for a water treatment facility.

In the compromise aimed at the decoy plant, the threat actor is said to have moved from initial access to disruptive action in about 26 hours, using default credentials to obtain initial access, followed by carrying out reconnaissance and persistence activities by creating a new user account named "BARLATI."

The attackers then proceeded to exploit CVE-2021-26829 to deface the HMI login page description to display a pop-up message "Hacked by Barlati," and modify system settings to disable logs and alarms unaware that they were breaching a honeypot system.

TwoNet Attack Chain

"The attacker did not attempt privilege escalation or exploitation of the underlying host, focusing exclusively on the web application layer of the HMI," Forescout said.

TwoNet began its operations on Telegram earlier this January, initially focusing on distributed denial-of-service (DDoS) attacks, before pivoting to a broader set of activities, including the targeting of industrial systems, doxxing, and commercial offerings like ransomware-as-a-service (RaaS), hack-for-hire, and initial access brokerage.

It has also claimed to be affiliated with other hacktivist brands such as CyberTroops and OverFlame. "TwoNet now mixes legacy web tactics with attention-grabbing claims around industrial systems," the cybersecurity company added.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by December 19, 2025, for optimal protection.

**OAST Service Fuels Exploit Operation**

The development comes as VulnCheck said it observed a "long-running" Out-of-Band Application Security Testing (OAST) endpoint on Google Cloud driving a regionally-focused exploit operation. Data from internet sensors deployed by the firm shows that the activity is aimed at Brazil.

"We observed roughly 1,400 exploit attempts spanning more than 200 CVEs linked to this infrastructure," Jacob Baines, VulnCheck CTO, said. "While most of the activity resembled standard Nuclei templates, the attacker's hosting choices, payloads, and regional targeting did not align with typical OAST use."

The activity entails exploiting a flaw, and if it is successful, issue an HTTP request to one of the attacker's OAST subdomains ("\*.i-sh.detectors-testing\[.\]com"). The OAST callbacks associated with the domain date back to at least November 2024, suggesting it has been ongoing for about a year.

The attempts have been found to emanate from U.S.-based Google Cloud infrastructure, illustrating how bad actors are weaponizing legitimate internet services to evade detection and blend in with normal network traffic.

VulnCheck said it also identified a Java class file ("TouchFile.class") hosted on the IP address ("34.136.22\[.\]26") linked to the OAST domain that expands on a publicly available exploit for a Fastjson remote code execution flaw to accept commands and URL parameters, and execute those commands and make outbound HTTP requests to the URLs passed as input.

"The long-lived OAST infrastructure and the consistent regional focus suggest an actor that is running a sustained scanning effort rather than short-lived opportunistic probes," Baines said. "Attackers continue to take off-the-shelf tooling like Nuclei and spray exploits across the internet to quickly identify and compromise vulnerable assets."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-66422

**trytond allows remote attackers to obtain sensitive trace-back (server setup) information**

Moderate severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

**Package**

pip trytond (pip)

**Affected versions**

\>= 7.5.0, < 7.6.11

\>= 7.1.0, < 7.4.21

\>= 7.0.0, < 7.0.40

< 6.0.70

**Patched versions**

7.6.11

7.4.21

7.0.40

6.0.70

**Description**

Published to the GitHub Advisory Database

Nov 30, 2025

GHSA-jqfc-9q34-prhg: trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-66421

**Tryton sao allows XSS because it does not escape completion values**

Moderate severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

**Package**

npm tryton-sao (npm)

**Affected versions**

\>= 7.5.0, < 7.6.11

\>= 7.1.0, < 7.4.21

\>= 7.0.0, < 7.0.40

< 6.0.69

**Patched versions**

7.6.11

7.4.21

7.0.40

6.0.69

**Description**

Published to the GitHub Advisory Database

Nov 30, 2025

GHSA-6qj9-2g9m-29x9: Tryton sao allows XSS because it does not escape completion values

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-66423

**trytond does not enforce access rights for the route of the HTML editor.**

High severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

**Package**

pip trytond (pip)

**Affected versions**

\>= 7.5.0, < 7.6.11

\>= 7.1.0, < 7.4.21

\>= 7.0.0, < 7.0.40

\>= 6.0.0, < 6.0.70

**Patched versions**

7.6.11

7.4.21

7.0.40

6.0.70

**Description**

Published to the GitHub Advisory Database

Nov 30, 2025

GHSA-p3p5-xrmv-4j6x: trytond does not enforce access rights for the route of the HTML editor.

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-66424

**trytond does not enforce access rights for data export**

Moderate severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

**Package**

pip trytond (pip)

**Affected versions**

\>= 7.5.0, < 7.6.11

\>= 7.1.0, < 7.4.21

\>= 7.0.0, < 7.0.40

\>= 6.0.0, < 6.0.70

**Patched versions**

7.6.11

7.4.21

7.0.40

6.0.70

**Description**

Published to the GitHub Advisory Database

Nov 30, 2025

GHSA-2w93-qwpp-vgvj: trytond does not enforce access rights for data export

Cybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the '#' symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google's Gemini remains at risk.

On November 25, 2025, cybersecurity firm Cato Networks revealed HashJack, a new threat where the simple pound sign (#) in a web address (URL) hides malicious instructions for AI browser assistants like Google’s Gemini, Microsoft’s Copilot, and Perplexity’s Comet.

****The Vulnerability****

HashJack is the first of its kind example of an indirect prompt injection technique, where an attacker hides commands in content the AI will read later, in this case, the URL itself. This allows HashJack to exploit how AI assistants read the full URL, including the section after the # (the URL fragment), which web servers normally ignore.

This allows bad actors to weaponise any legitimate website without hacking the site itself. As Cato Networks’ senior security researcher Vitaly Simonovich explains, the weakness is in the AI assistant’s handling of the URL. Since users trust the legitimate site, they trust the AI’s manipulated advice.

The hidden commands can lead to a variety of malicious actions, including tricking users into revealing their login details (credential theft) and even giving false health-related advice (medical harm). More concerning is that, in advanced agentic modes (where the AI performs tasks automatically), the assistant can be instructed to steal sensitive user data (data exfiltration) by fetching an attacker’s URL in the background.

Furthermore, the AI can be guided to give step-by-step instructions for risky technical tasks, such as opening system ports or downloading a package that is actually malware. Researchers also noted that in some advanced AI browsers, like Perplexity’s Comet, the attack can even escalate to the AI assistant automatically fetching and sending user data to an external address.

HashJack attack chain (Source: Cato Networks)

****Mixed Response from Tech Giants****

The Cato Networks threat research team disclosed their findings to the affected companies starting in July and August of 2025. Microsoft responded quickly, applying a fix for Copilot for Edge on October 27. Perplexity also applied a fix for their Comet browser by November 18, 2025.

Google, however, has not yet resolved the issue for Gemini in Chrome. The report was marked by Google Abuse VRP / Trust & Safety in October 2025 as “Won’t Fix (Intended Behaviour)” with a low severity rating. It is worth noting that the issue remained unresolved at the time the research was published.

Watch the video demonstration of the HashJack attack shared by Cato Networks:

The findings from Cato CTRL™ Threat Research, shared exclusively with Hackread.com, introduce a new class of AI security risk because malicious commands are hidden in URL fragments, bypassing traditional firewalls. This discovery reminds the industry that, as AI assistants handle sensitive data, vendors must urgently fix flaws in AI design to prevent future context manipulation attacks.

Tag

#git