amenazas - Softonic English

A North Korean group uses AI-based tactics to infiltrate companies

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations. Taking advantage of telecommuting, the growing reliance on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear […]

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations.

Taking Advantage of Telecommuting

The growing dependence on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear as a genuine candidate, tailoring his applications according to the specific requirements of each position.

According to an analysis by Microsoft, the group uses workflows in human resources software like Workday through programmatic API calls to access data on job postings and active applications. This technique is characterized by its accuracy and repeatability, indicating a more calculated approach than that of a typical applicant.

Once hired, Jasper Sleet has access to various collaborative tools and cloud environments of the organization, allowing him to move freely between sensitive files, eventually leading to possible data theft or extortion. Microsoft has observed patterns of suspicious activity, including “impossible travel” alerts in the months following the onboarding of new employees.

To counter this threat, it is recommended that security and human resources teams work closely together and implement training measures on social engineering. Identifying warning signs in the hiring process may be more effective than trying to detect the threat once the actor already has access to sensitive information.

Automated attacks targeting PHP servers are increasing

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets like Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks. Some simple measures to prevent attacks PHP servers have become the main targets of these […]

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets such as Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks.

Some simple measures to prevent attacks

PHP servers have become the main targets of these campaigns due to the popularity of content management systems (CMS) like WordPress and Craft CMS. The exposure of these servers to misconfigurations and outdated plugins expands their attack surface. Researchers highlight that some of the methods used by attackers involve the query string ‘/?XDEBUG_SESSION_START=phpstorm’, which allows starting debugging sessions that, if left active in production environments, can facilitate the extraction of sensitive data.

Additionally, it has been observed that attackers seek credentials, API keys, and access tokens on servers exposed to the internet, and they also exploit security vulnerabilities in IoT devices. Scanning activity often originates from cloud infrastructures such as AWS and Google Cloud, highlighting how cybercriminals abuse legitimate services to conceal their true locations.

Experts warn that even low-level attackers can cause significant damage thanks to widely available exploitation tools and botnet kits. To mitigate these risks, users are advised to keep their systems updated, remove development tools in production environments, and restrict public access to their cloud infrastructure.

This surge in the capabilities of botnets is reflected in the recent classification by NETSCOUT, which identified the AISURU botnet as a new class of malware capable of launching DDoS attacks exceeding 20 terabits per second. AISURU combines DDoS attack capabilities with additional functions, allowing illicit activities such as the use of residential proxies to conceal malicious activity.

A security vulnerability in Microsoft opens the door to threats from China

A recent investigation has revealed that threat actors with links to China have exploited the security vulnerability ToolShell (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America. A more serious problem than it seems According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-corrected authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet […]

A recent investigation has revealed that threat actors with links to China have exploited the ToolShell security vulnerability (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America.

A problem more serious than it seems

According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-patched authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have been responsible for sophisticated and diversified attacks, using tools like Zingdoor, ShadowPad, and KrustyLoader to carry out their incursions.

The attacks were not restricted to a single sector, as incidents were reported at a university in the U.S., as well as a government agency in an African country and a financial agency in Europe. The multifaceted approach of these operations suggests a strategic interest on the part of threat actors in stealing credentials and establishing persistent and stealthy access to their victims’ networks.

Additionally, it has been documented that some of the attackers also used additional vulnerabilities and DLL side-loading techniques to deliver their malicious payloads. Among these techniques is the exploitation of CVE-2021-36942, an exploit known for its privilege escalation capability, which reinforces the sophistication of their approach.

The findings of the report suggest that, while there is an overlap in the types of victims and tools used, these activities have not been definitively attributed to a specific group. However, all evidence points to the fact that behind these operations are threat actors based in China.

Windows 11 DOWNLOAD

The crucial importance of identity security in the era of AI

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component for protecting organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A failure in logic or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations. The transformation of business security Currently, less than 40% of AI agents have security policies of […]

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component to protect organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A logic failure or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations.

The transformation of business security

Currently, less than 40% of AI agents have identity security policies. This leaves organizations exposed to a range of potential attacks, as these systems operate with access privileges to sensitive data. According to the SailPoint Horizons of Identity Security 2025-2026 report, the situation has become critical, as old security measures, such as firewalls, are no longer sufficient against the new identity-driven threat models.

The report highlights that 63% of organizations are at early levels of maturity in identity security, which increases their risk of attacks. Companies that implement mature identity security programs not only achieve a higher return on investment but also benefit from better operational efficiency and transformative business capabilities.

However, only 25% of organizations consider identity management as a strategic enabler. This limited view prevents many companies from harnessing the full transformative potential that identity security can offer. As the threat landscape continues to evolve, it is imperative that organizations assess their current position regarding identity security and seriously consider their readiness to manage access from automated systems and AI agents.