Tag: ciberseguirdad

A North Korean group uses AI-based tactics to infiltrate companies

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations. Taking advantage of telecommuting, the growing reliance on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear […]

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations.

Taking Advantage of Telecommuting

The growing dependence on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear as a genuine candidate, tailoring his applications according to the specific requirements of each position.

According to an analysis by Microsoft, the group uses workflows in human resources software like Workday through programmatic API calls to access data on job postings and active applications. This technique is characterized by its accuracy and repeatability, indicating a more calculated approach than that of a typical applicant.

Once hired, Jasper Sleet has access to various collaborative tools and cloud environments of the organization, allowing him to move freely between sensitive files, eventually leading to possible data theft or extortion. Microsoft has observed patterns of suspicious activity, including “impossible travel” alerts in the months following the onboarding of new employees.

To counter this threat, it is recommended that security and human resources teams work closely together and implement training measures on social engineering. Identifying warning signs in the hiring process may be more effective than trying to detect the threat once the actor already has access to sensitive information.

A serious security flaw exposes confidential data on the Lovable platform

A serious authorization vulnerability in the Lovable platform, a popular AI-powered app builder, has allowed unauthorized users to access sensitive data from numerous projects. According to reports, this critical flaw, classified as Broken Object Level Authorization, affects all projects created before November 2025, exposing confidential information that includes source code, database credentials, and customer interaction logs. Change your keys now This vulnerability occurs when an API grants access to objects without verifying whether the requesting user actually has the authorization to view them. Recent investigations […]

A serious authorization vulnerability in the platform Lovable, a popular AI-powered app builder, has allowed unauthorized users to access sensitive data from numerous projects. According to reports, this critical flaw, classified as Broken Object Level Authorization, affects all projects created before November 2025, exposing confidential information that includes source code, database credentials, and customer interaction logs.

Change your passwords now

This vulnerability occurs when an API grants access to objects without verifying whether the requesting user actually has the authorization to view them. Recent investigations have revealed that users with free accounts can make unauthenticated API calls to the platform and retrieve data from other users’ projects. Among the exposed information, database credentials and customer data have been found, linking organizations such as Connected Women in AI and Accenture, as well as employees of Nvidia and Microsoft.

The problem was reported to Lovable through HackerOne approximately 48 days before its public disclosure on March 3, 2026, but a patch has still not been implemented for older projects. Although the platform has applied fixes for new projects, the risk for existing applications remains critical, leaving many users vulnerable.

Experts warn users of old projects that they should urgently change their API keys and credentials, assuming that their information may have already been compromised. This situation highlights a recurring challenge in AI-native development platforms: security measures are often insufficient compared to the rapid deployment of new features, leaving early adopters of these technologies in a dangerous position.

The EvilAI campaign exploits trusted applications to spread malicious software

Threat actors have begun to use seemingly legitimate artificial intelligence tools to distribute malware, affecting various industries such as manufacturing, government, and healthcare in countries like the U.S., India, and several European nations. This campaign, known as EvilAI, is an active and evolving effort in which attackers disguise malicious software as productivity tools or AI-enhanced applications. The great danger for all types of organizations Cybercriminals use professional interfaces and valid digital signatures to make these applications appear legitimate, making it difficult for users and security tools to detect them. Among the […]

Threat actors have begun using seemingly legitimate artificial intelligence tools to distribute malware, affecting various industries such as manufacturing, government, and health in countries like the U.S., India, and several European nations. This campaign, known as EvilAI, is an active and evolving effort in which attackers disguise malicious software as productivity tools or AI-enhanced applications.

The great danger for all types of organizations

Cybercriminals use professional interfaces and valid digital signatures to make these applications appear legitimate, making it difficult for users and security tools to detect them. Among the distributed programs are AppSuite, Epi Browser, and PDF Editor, which act as vehicles to conduct extensive reconnaissance and exfiltrate sensitive data from the victims’ browsers.

The propagation techniques are diverse and include the use of newly registered websites that mimic provider portals, malicious advertising, and SEO manipulation to promote download links on forums and social media. Some attacks have been facilitated with certificates from companies in Panama and Malaysia, and it has been documented that malware developers have used multiple certificates to make their software appear legitimate over the years.

Recent investigations have revealed that the actors behind applications like OneStart and ManualFinder share the same server infrastructure, suggesting a malware-as-a-service model. Additionally, advanced techniques such as Unicode encoding and the use of the NeutralinoJS framework are being employed to conceal malicious activities and evade detection.

This remarkable approach to camouflage and evasion capabilities has allowed attackers to gain access to systems, raising alarms about the increasing sophistication of digital threats and the exploitation of user trust.