When you hear or read "Nation-state attackers", you can think of the worst. If you throw in fake Google ads and infostealers into the mix, then you might think: Who is safe? How about "cache poisoning vulnerabilities?" Or some legitimate concerns about AI systems? Then you can conclude that: careers in cybersecurity are not going anywhere anytime soon.
Welcome to this week's review. I missed last week's edition because I forgot to publish after I wrote it. I know. How is that possible? Because I am human.
Let's get started.
Nation-state hackers deliver malware from “bulletproof” blockchains
In simplest terms: Nation-state hackers are using blockchains to distribute malware, making it difficult for researchers or the government to take them down.
From the article:
The method, known as EtherHiding, embeds the malware in smart contracts, which are essentially apps that reside on blockchains for Ethereum and other cryptocurrencies.
In essence, EtherHiding represents a shift toward next-generation bulletproof hosting, where the inherent features of blockchain technology are repurposed for malicious ends.
This technique underscores the continuous evolution of cyber threats as attackers adapt and leverage new technologies to their advantage.
Google ads for fake Homebrew, LogMeIn sites push infostealers
Do you need to download any of the above-named software, go to the official website by typing them into the address bar of your web browser. If you find this difficult, double-check the address. You can never be too careful.
From the article:
A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey.
AMOS, first documented in April 2023, is a malware-as-a-service (MaaS) available under a $1,000/month subscription. It can steal a broad range of data from infected hosts. Recently, its creators added a backdoor component to the malware to give operators remote persistent access capabilities.
TikTok videos continue to push infostealers in ClickFix attacks
I leave a clear warning here. If you're on TikTok and a video prompts you to run a command on your computer because you want to get licensed software for free, don't. Why? You can install malware!
Do you need more convincing? Okay. Here you go:
ClickFix attacks have become very popular over the past year, used to distribute various malware strains in ransomware and cryptocurrency theft campaigns.
As a general rule, users should never copy text from a website and run it in an operating system dialog box, including within the File Explorer address bar, command prompt, PowerShell prompts, macOS terminal, and Linux shells.
Cache poisoning vulnerabilities found in 2 DNS resolving apps
The article's title says it all. Meanwhile, know the following: the vulnerabilities are tracked as CVE-2025-40778 and CVE-2025-40780, each with a severity rating of 8.6.
Here is how the vulnerabilities can be exploited:
The vulnerabilities can be exploited to cause DNS resolvers located inside thousands of organizations to replace valid results for domain lookups with corrupted ones. The corrupted results would replace the IP addresses controlled by the domain name operator (for instance, 3.15.119.63 for arstechnica.com) with malicious ones controlled by the attacker.
SnakeStealer: How it preys on personal data – and how you can protect yourself
If there is any malware that should scare you, it should be infostealers. These silent beasts can steal your login credentials and crypto wallet seed phrases, potentially locking you out of your online account or causing you great financial pain.
From the article:
Detected by ESET products mainly as MSIL/Spy.Agent.AES, SnakeStealer first appeared in 2019. Early reports traced it to a threat originally marketed as 404 Keylogger or 404 Crypter on underground forums before it rebranded under its current name.
SnakeStealer may not break new ground, but it’s polished, reliable, and easy to deploy. It offers a full toolkit of capabilities that’s typical of professional-grade info-stealing malware, and given its modularity, attackers can switch features on or off to suit their needs.
Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment
I mean, you have to be skilled enough to know when an AI chatbot spits something that needs fixing even if it "works". Why, the code might work as expected. However, without experience you can't spot any vulnerability, potentially exposing your systems to attacks or to a data breach— both can happen if you deploy your vibe-coded application to production.
From the article:
The problem is not that vibe coding introduces an excessive number of vulnerabilities. Comparative analysis shows AI vulnerabilities are at a similar density per line of code to those introduced by humans. Code quality is not the problem. It’s just there’s too much of it, too fast, and it lacks good judgment.
AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk
The thing here is that malicious web browser extensions can impersonate the AI sidebar of these AI-powered browsers, leaving users at risk of phishing and being infected with malware.
From the article:
If the victim wants help with the installation of an app that requires the execution of commands, the fake AI sidebar can display instructions for executing a reverse shell that provides remote access to the device, enabling the deployment of malware.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)