Huntress outlines 2025 AI attack speed with automated scripts, but adversaries use familiar tradecraft. Detection and hygiene remain decisive.

Grok’s failure to block sexualized images of minors has turned a single “isolated lapse” into a global regulatory stress test for xAI’s ambitions. The response from lawmakers and regulators suggests this will not be solved with a quick apology and a hotfix.

Last week we reported on Grok’s apology after it generated an image of young girls in “sexualized attire.”

The apology followed the introduction of Grok’s paid “Spicy Mode” in August 2025, which was marketed as edgy and less censored. In practice it enabled users to generate sexual deepfake images, including content that may cross into illegal child sexual abuse material (CSAM) under US and other jurisdictions’ laws.

A report from web-monitoring tool CopyLeaks highlighted “thousands” of incidents of Grok being used to create sexually suggestive images of non-consenting celebrities.

This is starting to backfire. Reportedly, three US senators are asking Google and Apple to remove Elon Musk’s Grok and X apps from their app stores, citing the spread of nonconsensual sexualized AI images of women and minors and arguing it violates the companies’ app store rules.

In their joint letter, the senators state:

“In recent days, X users have used the app’s Grok AI tool to generate nonconsensual sexual imagery of real, private citizens at scale. This trend has included Grok modifying images to depict women being sexually abused, humiliated, hurt, and even killed. In some cases, Grok has reportedly created sexualized images of children—the most heinous type of content imaginable.”

The UK government also threatens to take possible action against the platform. Government officials have said they would fully support any action taken by Ofcom, the independent media regulator, against X. Even if that meant UK regulators could block the platform.

Indonesia and Malaysia already blocked Grok after its “digital undressing” function flooded the internet with suggestive and obscene manipulated images of women and minors.

As it turns out, a user prompted Grok to generate its own “apology,” which it did. After backlash over sexualized images of women and minors, Grok/X announced limits on image generation and editing for paying subscribers only, effectively paywalling those capabilities on main X surfaces.

For lawmakers already worried about disinformation, election interference, deepfakes, and abuse imagery, Grok is fast becoming the textbook case for why “move fast and break things” doesn’t mix with AI that can sexualize real people on demand.

Hopefully, the next wave of rules, ranging from EU AI enforcement to platform-specific safety obligations, will treat this incident as the baseline risk that all large-scale visual models must withstand, not as an outlier.

Keep your children safe

If you ever wondered why parents post images of their children with a smiley across their face, this is the reason.

Don’t make it easy for strangers to copy, reuse, or manipulate your photos.

This incident is yet another compelling reason to reduce your digital footprint. Think carefully before posting photos of yourself, your children, or other sensitive information on public social media accounts.

And treat everything you see online—images, voices, text—as potentially AI-generated unless they can be independently verified. They’re not only used to sway opinions, but also to solicit money, extract personal information, or create abusive material.

---

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

What 2026 will demand from CISOs: resilience over prevention, governed AI, hardened identity, and business continuity in an AI-driven threat landscape

Independent recognition matters in cybersecurity, and it matters a lot to us. It shows how security products perform when they’re tested against in-the-wild threats, using lab environments designed to reflect what people actually face in the real world.

In 2025, Malwarebytes earned awards and recognition from a steady stream of third-party testing labs and industry groups. Here’s what those tests looked like and what they found.  

AVLab Cybersecurity Foundation: Real-world malware, real results  

Malwarebytes earned another Advanced In-The-Wild badge from AVLab Cybersecurity Foundation in 2025, continuing a run of accolades.

In November, AVLab Cybersecurity Foundation tested 244 real-world malware samples across 14 cybersecurity products. Malwarebytes Premium Security detected every single one. On top of that, it removed threats with an average remediation time of 2.18 seconds—nearly 12 seconds faster than the industry average.  

That result also marked our third Excellent badge in 2025, following earlier tests in July and September.

Earlier in the year, Malwarebytes Premium Security was also named Product of the Year for the third consecutive year, after it blocked 100% of in-the-wild malware samples. 

MRG Effitas: Consistent Android protection, proven over time

For the seventh consecutive time, Malwarebytes earned MRG Effitas’ Android 360° Certificate in November, one of the toughest independent tests in mobile security, underscoring the strength and reliability of Malwarebytes Mobile Security. 

MRG Effitas conducted in-depth testing of Android antivirus apps using real-world scenarios, combining in-the-wild malware with benign samples to assess detection gaps and weaknesses. 

Our mobile protection received the highest marks, achieving a near-perfect detection rate in MRG Effitas’ rigorous lab testing, reaffirming what our customers already know: Malwarebytes stops threats before they can cause harm. 

PCMag Readers’ Choice Awards: Multiple category wins 

Not all validation comes from labs. In PCMag’s 2025 Readers’ Choice Awards, Malwarebytes topped three award categories based on reader feedback: Best PC Security Suite, Best Android Antivirus, and Best iOS/iPadOS Antivirus.

A Digital Trends 2025 Recommended Product

Malwarebytes for Windows earned a Digital Trends 2025 Recommended Product designation, with reviewers highlighting its ease of use, fast and effective customer support, and strong value for money. 

CNET: Best Malware Removal Service 2025 

CNET named Malwarebytes the Best Malware Removal Service 2025 after testing setup, features, design, and performance. The review highlighted standout capabilities, including top-tier malware removal and comprehensive Browser Guard web protection. 

AV Comparatives Stalkerware Test: 100% detection rate

In collaboration with the Electronic Frontier Foundation (EFF), AV-Comparatives tested 13 Android security solutions against 17 stalkerware-type apps—software often used for covert surveillance and abuse.

Only a few products handled detection and alerting responsibly. Malwarebytes was the only solution to achieve a 100% detection rate in the September 2025 test.

What we learned from a year of testing

All these results highlight our mission to reimagine security and protect people and data across all devices and platforms. 

Recent innovations like Malwarebytes Scam Guard for Mobile and Windows Tools for PC set new standards for privacy and affordable protection, enhanced by AI-powered features like Trusted Advisor, your built-in personal digital health hub available on all platforms.

We’re grateful to the independent organizations that continue to test our products and to the users who trust Malwarebytes every day.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

For the latest discoveries in cyber research for the week of 12th January, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Manage My Health, New Zealand’s largest patient portal, has acknowledged a cyberattack occurred on December 2025, that potentially exposed data of nearly 110K users. An alleged attacker, dubbed Kazu, claimed responsibility and demanded a $60,000 ransom.
• France’s Office for Immigration and Integration has confirmed data theft via a third-party operator after a hacker posted samples online. The exposed records include names, contact details, entry dates, and reasons for stay for foreign residents.
• Ledger, a global crypto hardware wallet maker, has disclosed a breach at e-commerce partner Global-e exposing customer contact and order details. Attackers launched phishing lures impersonating both firms to harvest wallet data. Ledger said wallets and seed phrases were unaffected, but targeted scams increased.
• Giant US fiber broadband provider, Brightspeed, was claimed as breached by the Crimson Collective extortion gang. The intrusion allegedly exposed sensitive information belonging to over 1 million customers; however the company has not yet confirmed the incident.
• American Dartmouth College, has disclosed that an August attack exploiting Oracle E-Business Suite exposed personal information of over 40,000 people. Leaked data includes Social Security numbers and bank account information. Reports attribute the intrusion to Clop ransomware group.

Check Point IPS, Threat Emulation and Harmony Endpoint provide protection against this threat (Oracle Multiple Products Remote Code Execution (CVE-2025-61882, CVE-2025-61884); Ransomware.Win.Clop; Ransomware.Wins.Clop; Ransomware.Wins.Clop.ta.*)

• JBS Mental Health Authority, a regional US nonprofit, has experienced a ransomware attack in late December. The organization was listed by the Medusa ransomware group, which claims it stole 168.6GB of data, including sensitive client records and internal operational information.

Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.Medusa)

• Prosura, an Australia and New Zealand car rental insurance provider, has reported a data breach that resulted from an unauthorized access to parts of its systems. The attacker allegedly exposed driver licenses and policy documents. Prosura paused online self-service and said payment card data is not stored in its systems.
• Free Speech Union, a UK membership organization, has experienced a data breach after activist group Bash Back compromised its website and posted transaction details online. Records for thousands of donations were leaked, including amounts and comments. The organization took its site offline as a precaution.

VULNERABILITIES AND PATCHES

• SmarterTools fixed CVE-2025-52691, a critical pre-auth remote code execution flaw with a CVSS score of 10.0. Successful exploitation allows an attacker to upload files and write to web-accessible paths, potentially resulting in full server compromise.

Check Point IPS provides protection against this threat (SmarterMail Arbitrary File Upload (CVE-2025-52691))

• A patch was released for CVE-2025-64496 vulnerability in Open WebUI, a self-hosted interface for AI models, enabling code injection via the Direct Connection feature and potential remote code execution. Versions through 0.6.34 are affected.
• Cisco has addressed CVE-2026-20029, a medium-severity flaw in Identity Services Engine and ISE-PIC, which allows administrators to access sensitive files via improper XML parsing. Exploitation of the flaw requires valid admin credentials.

THREAT INTELLIGENCE REPORTS

• Check Point Research observed GoBruteforcer, a modular Go botnet brute-forcing Linux servers running phpMyAdmin, MySQL, PostgreSQL and FTP. Campaigns exploit AI-generated server deployments that propagate common usernames and weak defaults. The botnet converts hosts into scanners and credential harvesters, with crypto-focused runs stealing funds and expanding access through backdoors and IRC-based control.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat

• Check Point researchers identified the OPCOPRO “Truman Show” investment scam, which industrializes social engineering via WhatsApp and Telegram. Apps from official stores serve as interfaces to attacker servers, fabricating balances and trades, harvesting KYC documents, and driving identity theft and deposits.

Check Point Harmony Endpoint provides protection against this threat

• Researchers analyzed LockBit 5.0 ransomware, detailing ChaCha20-Poly1305 file encryption, X25519 with BLAKE2b key exchange, termination of VSS and backup services, and Temp directory cleanup. LockBit 5.0 uses custom random extensions per execution, excludes system files, supports Stealbit exfiltration, and drops a ransom note threatening data leakage.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Ransomware.Wins.Lockbit; Ransomware.Wins.Lockbit.ta.*; Ransomware.Win.LockBit; Gen.Win.Crypter.Lockbit)

• Researchers uncovered PHALT#BLYX, an ongoing campaign that targets European hospitality via Booking.com-themed phishing and ClickFix-style fake BSOD/captcha lures that prompt PowerShell execution. The chain aims for credential theft and privilege elevation.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (RAT.Wins.Dcrat; RAT.Win.DCRat; InfoStealer.Wins.DcRat)

The post 12th January – Threat Intelligence Report appeared first on Check Point Research.

Last week on Malwarebytes Labs:

• pcTattletale founder pleads guilty as US cracks down on stalkerware
• Are we ready for ChatGPT Health?
• CISA warns of active attacks on HPE OneView and legacy PowerPoint
• Lego’s Smart Bricks explained: what they do, and what they don’t
• Fake WinRAR downloads hide malware behind a real installer
• One million customers on alert as extortion group claims massive Brightspeed data haul
• Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins
• Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law
• ALPRs are recording your daily drive (Lock and Code S06E26)
• Grok apologizes for creating image of young girls in “sexualized attire”

Stay safe!

---

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

This week on the Lock and Code podcast…

There’s a bizarre thing happening online right now where everything is getting worse.

Your Google results have become so bad that you’ve likely typed what you’re looking for, plus the word “Reddit,” so you can find discussion from actual humans. If you didn’t take this route, you might get served AI results from Google Gemini, which once recommended that every person should eat “at least one small rock per day.” Your Amazon results are a slog, filled with products that have surreptitiously paid reviews. Your Facebook feed could be entirely irrelevant because the company decided years ago that you didn’t want to see what your friends posted, you wanted to see what brands posted, because brands pay Facebook, and you don’t, so brands are more important than your friends.

But, according to digital rights activist and award-winning author Cory Doctorow, this wave of online deterioration isn’t an accident—it’s a business strategy, and it can be summed up in a word he coined a couple of years ago: Enshittification.

Enshittification is the process by which an online platform—like Facebook, Google, or Amazon—harms its own services and products for short-term gain while managing to avoid any meaningful consequences, like the loss of customers or the impact of meaningful government regulation. It begins with an online platform treating new users with care, offering services, products, or connectivity that they may not find elsewhere. Then, the platform invites businesses on board that want to sell things to those users. This means businesses become the priority and the everyday user experience is hindered. But then, in the final stage, the platform also makes things worse for its business customers, making things better only for itself.

This is how a company like Amazon went from helping you find nearly anything you wanted to buy online to helping businesses sell you anything you wanted to buy online to making those businesses pay increasingly high fees to even be discovered online. Everyone, from buyers to sellers, is pretty much entrenched in the platform, so Amazon gets to dictate the terms.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Doctorow about enshittification’s fast damage across the internet, how to fight back, and where it all started.

 ”Once these laws were established, the tech companies were able to take advantage of them. And today we have a bunch of companies that aren’t tech companies that are nevertheless using technology to rig the game in ways that the tech companies pioneered.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

---

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

The New Frontier of Agentic Development: Accelerating Developer Productivity

The world of software development is undergoing a rapid transformation, driven by the rise of AI agents and autonomous tools. Factory is advancing this shift through agent-native development, a new paradigm where developers focus on high-level design and agents, called Droids, handle the execution. Designed to support work across the software development lifecycle, these agents enable a new mode of development, delivering significant gains in speed and productivity, without sacrificing developer control.

As developer workflows increasingly rely on autonomous development agents, the way software is built evolves. This shift introduces important security considerations, such as prompt injection, sensitive data loss, unsafe URL access and malicious code execution, which, if left unaddressed, can undermine the very benefits these agents offer. Accelerating productivity depends not just on deploying agents, but on deploying them securely. This is where Palo Alto Networks, with its purpose-built AI security platform, Prisma^® AIRS™, plays a critical role.

The Productivity Paradox: Where Agents Introduce Risk

Autonomous agents operating across the software development lifecycle accelerate developer productivity, while also introducing a complex, language-driven threat surface that traditional security tools are not equipped to handle. As a result, new risks emerge, such as prompt injection or leaking secrets that extend beyond the visibility and control assumptions of traditional security approaches. Addressing these considerations is essential to preserving the benefits that agentic development provides.

Recognizing this shift, Palo Alto Networks has introduced targeted capabilities to accelerate secure development workflows. These efforts focus on three critical defense areas: preventing prompt injection, blocking sensitive data leaks and enabling robust malicious code detection capabilities, all of which are necessary to secure the full lifecycle of agent-driven systems.

The Solution: Securing Agentic Workflows for Acceleration

The solution is designed to convert security challenges directly into deployment confidence, dramatically accelerating productivity. By natively integrating Prisma AIRS within Factory’s Droid Shield Plus, the platform is able to inspect all large language model (LLM) interactions, including prompts, responses and subsequent tool calls, to enable comprehensive security across each interaction with the agent.

Prisma AIRS is a comprehensive platform designed to provide organizations with the visibility and control needed to safeguard AI agents across any environment. The platform continuously monitors agent behavior in real time to detect and prevent threats unique to agent-driven systems.

How Security Drives Speed

Embedding security natively into the Factory platform enables two crucial outcomes. To start, it delivers a secure, agent-native development experience for every developer, fostering immediate trust in the integrity of the generated code and documentation. This assurance removes friction often associated with AI-powered workflows, which can accelerate enterprise adoption and scaling of the Factory platform across the organization.

When developers can trust the agents and the integrity of the generated code and documentation, they can innovate faster and deploy with greater confidence. Instead of waiting for security reviews or dealing with fragmentation, security is woven seamlessly into the development lifecycle.

The integration follows a clear API Intercept design pattern:

• When a user enters a prompt or initiates work in Factory, Prisma AIRS intercepts the workflow. If a malicious prompt is detected, the platform can add logic to coach or block the user.

• Similarly, after the LLM generates code, Prisma AIRS intercepts the generated content. If secrets are detected, the platform again adds logic to coach or block the result before it reaches Factory or the user.

This real-time inspection of prompts and generated code enables development teams to be protected against threats, such as privilege escalation, prompt injection and malicious code execution, without disrupting developer velocity.

Deploy Bravely

Prisma AIRS 2.0 establishes a unified foundation for scalable and secure AI innovation. By combining Factory’s agent-native development platform with the threat detection capabilities of Palo Alto Networks Prisma AIRS, organizations gain a powerful advantage. Together, this approach helps organizations adopt agentic development with confidence by embedding security directly into the development experience.

For enterprises looking to confidently scale AI automation and realize the immense productivity gains offered by Factory’s Droids, integrating Prisma AIRS is the next step. This combined approach enables teams to "Deploy Bravely." To learn more about this strategic partnership and integration, see our latest integration announcement and review the Droid Shield Plus integration documentation.

---

Key Takeaways for Secure Agentic Development

When adopting Factory with Prisma AIRS, enterprises realize immediate benefits that accelerate their AI strategy:

1. Specialized Threat Defense
   Enterprises gain real-time, targeted protection against agent-specific threats, specifically prompt injection attacks and data leaks, which legacy tools cannot address.
2. Native, Seamless Security
   Moving from a fragmented review process to a continuous, automated defense via API Interception, security enables compliance without slowing down development velocity.
3. Deployment Confidence
   The native integration transforms security risks into operational assurance, accelerating the large-scale enterprise adoption and scaling of your Factory agent-native automation initiatives.

The post Prisma AIRS Secures the Power of Factory’s Software Development Agents appeared first on Palo Alto Networks Blog.

Artificial intelligence has shifted to being the primary engine for market leadership. To compete, enterprises are shifting from general-purpose computing to AI factories, specialized infrastructures designed to manage the entire lifecycle of AI. However, this transition requires robust security without sacrificing performance and efficiency.

We are proud to announce that Palo Alto Networks Prisma^® AIRS™, accelerated on the NVIDIA BlueField data processing unit (DPU), is now part of the NVIDIA Enterprise AI Factory validated design.

The integrated solution embeds zero trust security directly into the AI infrastructure, providing comprehensive protection without impacting AI performance. By deploying Palo Alto Networks Prisma^® AIRS™ Network Intercept directly onto the NVIDIA BlueField and extending to the cloud, Prisma AIRS establishes an essential zero trust governance fabric for the AI factory, enabling enterprises to accelerate innovation while maintaining control.

This critical architectural shift enables optimal AI performance and infrastructure efficiency by offloading security processing to an isolated domain, while leveraging the DPU's hardware acceleration via NVIDIA DOCA to enforce security policies at line speed. The implementation also leverages real-time workload information captured using DOCA Argus, which is then passed to Cortex XSIAM^® where it is used for AI-driven responses using the Cortex XSOAR^® orchestration platform.

Rich Campagna, SVP Product Management, Palo Alto Networks said:

The AI Factory is the new engine for value creation, and securing it is a board-level imperative. The validation of Palo Alto Networks Prisma AIRS accelerated with NVIDIA BlueField within the NVIDIA Enterprise AI Factory enables a new security architecture for the AI era. We are embedding trust directly into the infrastructure, giving leaders the confidence to safeguard their proprietary intelligence and deploy AI bravely.

Kevin Deierling, senior vice president of Networking at NVIDIA said:

AI is transforming every industry and security must evolve to protect AI factories. To be scalable, security must be distributed and embedded within the AI infrastructure. This is achieved with NVIDIA BlueField running Palo Alto Networks Prisma AIRS to deliver robust, runtime security for the AI factory, with optimal AI performance and efficiency.

Deploy AI Bravely with a Future-Proof Foundation

The Future of Secure AI Factories

In addition to deploying Palo Alto Networks Prisma AIRS on NVIDIA BlueField in a distributed model, it’s essential to maintain a centralized Hyperscale Security Firewall (HSF) cluster at the ingress and egress points of the AI factory to enforce a defense-in-depth strategy. Beyond network segmentation, individual workloads can selectively route traffic through hyperscale clusters to detect advanced application-layer threats and prevent lateral movement. These hyperscale firewall clusters scale elastically with demand, delivering session resiliency and the high availability required for critical AI operations.

This architecture fundamentally improves the Total Cost of Ownership (TCO) for AI infrastructure. By isolating security functions on BlueField, enterprises enable 100% of host computing resources to be dedicated to AI applications. This elimination of resource contention allows the AI Factory to maximize token throughput and capital efficiency.

This validated design is the blueprint for immediate efficiency. It provides a seamless path for enterprises to shift from general-purpose clusters to secure AI factory infrastructure without costly overhauls. More importantly, this collaboration establishes an unparalleled roadmap for future-proofing your investment. By securing operations with the high-performance NVIDIA BlueField-3 today, the architecture is inherently ready for the next generation, NVIDIA BlueField-4. This forward compatibility helps AI factories immediately handle gigascale demands, scaling up to 6X the compute power and doubling the bandwidth when BlueField-4 becomes available.

The inclusion of the Palo Alto Networks Prisma AIRS platform in the NVIDIA Enterprise AI Factory Validated Design bolsters enterprise AI security. By establishing the zero trust governance fabric of Prisma AIRS runtime security on NVIDIA BlueField, organizations gain a comprehensive defense. Proprietary and sensitive data is secured throughout the entire stack, and models are protected from adversarial threats, such as prompt injection attacks. With Prisma AIRS, the world's most comprehensive AI security platform, leaders gain the confidence to innovate and deploy AI bravely. This validated design is the essential blueprint for securely accelerating your market leadership without compromising security.

Join our "How to Secure the AI Factory" breakout session at NVIDIA GTC 2026, March 16-19, in San Jose, CA to hear more about this transformative solution and accelerate your AI innovation securely.

The post Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory appeared first on Palo Alto Networks Blog.

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained strength in online shopping. Yet behind this surge in legitimate traffic, retailers also faced a sharp rise in automated abuse, account takeover attempts, and reconnaissance across their digital storefronts.

This post breaks down what we saw across our network during the Black Friday period, including traffic trends, attack behavior, targeted geographies, and insights retailers can apply to strengthen their defenses ahead of the holiday home stretch.

What We Saw

Massive Traffic Surges Extending Past Black Friday

Retail traffic surged 37% above November averages, peaking on Black Friday but continuing into the weekend of November 29–30. Traditionally, traffic dips slightly on Saturday before building again on Cyber Monday, but this year showed a clear shift: shoppers kept buying throughout the weekend. This aligns with broader retail trends showing consumers taking advantage of longer promotional windows rather than concentrating purchases on a single day.

For retailers, this means the “peak” period is expanding- and with it, the window of exposure to cyber threats.

Bot Attacks Rose 50%, Focused on High-Value Workflows

Alongside legitimate traffic, bot attacks on retail sites spiked 50% over the November average. The timing closely tracked promotional activity, suggesting attackers were attempting to exploit increased consumer volume to blend in and avoid detection.

Broadly, these bots targeted:

• Authentication and account flows (e.g., /login)
• Inventory and product data endpoints (e.g., /datastore, /event/)
• Transaction and application paths (e.g., credit-card application flows, lottery/promotion services, and user log endpoints)

This behavior reflects typical seasonal abuse campaigns: credential stuffing to hijack accounts, automated scraping to gain pricing or inventory intelligence, and attempts to manipulate promotions or loyalty flows.

Attacks Concentrated on the US, UK, and Australia

Malicious traffic during Black Friday was heavily concentrated in three markets: the US (46%), Australia (12%), and the UK (11%). These regions represent some of the world’s most active e-commerce ecosystems, and attackers mirrored legitimate consumer behavior by focusing on markets with the highest transaction volumes and promotional activity.

The US, in particular, drew nearly half of all observed attacks, consistent with its dominant share of global Black Friday spending. Australia and the UK followed, reflecting strong regional participation in holiday sales events and an attacker strategy aimed at exploiting high-demand markets where automated activity can more easily blend in with legitimate traffic.

For retailers operating in these geographies, the data underscores the importance of region-aware threat monitoring and the need to maintain heightened vigilance throughout the extended holiday weekend.

Attack Patterns Reveal Automation, ATO Prep, and Abuse at Scale

Based on attacker activity observed over the holiday shopping weekend, several clear patterns emerged, showing a mix of high-volume automation, credential-based attacks, and spam and proxy abuse. Overall, the attack data suggests that adversaries were focused on the following behaviors:

1. Heavy Use of Known Bad Bots and Automated Browsers

A significant portion of malicious traffic came from known automated frameworks, including headless browsers and scripted tools designed to mimic real users. This type of activity typically supports:

• Large-scale login attempts
• Price, inventory, or content scraping
• Testing of checkout, promotion, and product pages for weaknesses

Attackers were industrializing their activity using automation that can rapidly adapt during peak events.

2. Preparing and Executing Account Takeover (ATO)

We observed high levels of activity associated with login reconnaissance and credential-testing behavior, indicating attempts to stage or execute ATO. Attackers were:

• Testing large volumes of username/password combinations
• Probing login endpoints to identify which attempts were blocked, challenged, or allowed
• Taking advantage of elevated holiday traffic to blend their activity into normal user patterns

This aligns with typical seasonal fraud behavior, where attackers target stored payment methods, loyalty balances, and customer identities.

3. Evading Detection Through Proxies and Client Impersonation

A large volume of traffic originated from anonymous proxies, VPNs, and other anonymization services, combined with indicators of client spoofing meant to disguise automation. Attackers were:

• Rapidly rotating IP addresses
• Using advanced bots, attempting to masquerade as legitimate browsers
• Using more simple bots, which use fingerprints or user agents that fell outside normal human patterns

In response, much of this traffic triggered JavaScript challenges or CAPTCHA enforcement, forcing suspicious clients to prove they were human.

4. Abusing Forms and Content Channels for Spam

We also observed activity consistent with comment spam, referrer manipulation, and other low-effort abuse aimed at exploiting retail sites as platforms for unwanted advertising or redirection. This typically includes:

• Submitting spam content through comment or feedback forms
• Inserting malicious or low-quality URLs via referrer fields
• Attempting to poison analytics or direct traffic elsewhere

While not as immediately damaging as ATO, these campaigns can harm site performance, customer trust, and brand analytics.

What This Means for Retailers

Black Friday 2025 reinforced several themes:

1. The peak holiday season is widening.
   High traffic persisted later into the weekend than in prior years. Retailers should consider extending peak staffing and monitoring coverage accordingly.
2. Attackers are increasingly using shopper traffic as camouflage.
   Surges in human activity closely mirror surges in automated abuse. Retailers need strong bot detection, fingerprinting, and behavioral analysis—not just rate limiting.
3. API security is now as important as web application security.
   Many of the top targeted URLs were APIs tied to data, personalization, or analytics. These endpoints often sit behind the UI and may not receive the same scrutiny as consumer-facing pages.
4. Geographic targeting is aligned with opportunity.
   The US, Australia, and UK remain prime markets for both legitimate and malicious traffic. Retailers serving these regions must expect elevated attack pressure during every promotional period.

Conclusion

This year’s Black Friday illustrated both consumer resilience and the evolving sophistication of attackers. Retailers saw new sales records, and attackers took advantage of the same moment to blend in, scale operations, and probe for weaknesses.

As the holiday season continues, retailers should ensure that defenses are calibrated for:

• Sustained high traffic (not just one peak day)
• Increased bot sophistication
• ATO protection
• Region-specific targeting aligned with revenue hotspots

By understanding the patterns we saw during Black Friday, retailers can prepare for the continued wave of holiday traffic and ensure a safer, smoother experience for their customers through the end of the year.

The post Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season appeared first on Blog.

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational – embedded into products and services by design, not bolted on as an afterthought. This principle underpins our commitment to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s Secure-by-Design pledge, which calls on software manufacturers to establish security features like multi-factor authentication (MFA) as standard across their product portfolios.

As digital transformation accelerates and attack surfaces expand, the gap between security capabilities and emerging threats continues to widen. According to the 2025 Thales Data Threat Report, organisations are grappling with unprecedented challenges: 69% regard the fast-moving ecosystem as the most concerning GenAI security risk, whilst 83% report that strong MFA is used more than 40% of the time. This indicates both progress and significant opportunity for improvement. These findings underscore a critical reality: whilst security tools and technologies have advanced, comprehensive deployment and consistent enforcement remain essential challenges that demand immediate attention.

This blog examines the pivotal role of multi-factor authentication in modern cybersecurity strategies. We explore the fundamentals of MFA, analyse the evolving threat landscape that necessitates its adoption, and provide practical guidance on implementation. Whether you are a security professional seeking to strengthen your organisation’s defences or an individual user looking to protect personal accounts, this resource offers the insights and actionable steps needed to embrace MFA with confidence and rigour.

Understanding Multi-Factor Authentication: The Basics

Multi-factor authentication verifies your identity using two different forms of identification. Typically this involves something you know (like a password) and something you have (like a code on your phone). Think of it like using an ATM: you need both your bank card and your PIN to withdraw cash.

This dual-layer approach creates a significant barrier for attackers. Even if someone steals your password, they still can’t log in without that second factor. It’s elegantly simple, yet remarkably powerful – your password alone is no longer enough to unlock the door.

The Growing Threat Landscape: Why MFA Is No Longer Optional

Cyberattacks have grown increasingly sophisticated, with stolen passwords at the heart of many breaches. According to the 2023 Verizon Data Breach Investigations Report, nearly 49% of data breaches involved the use of stolen credentials.

MFA directly addresses this vulnerability. Our own research at Thales demonstrates the critical importance of strong authentication measures. According to the 2025 Thales Data Threat Report, 83% of organisations report that strong MFA is used more than 40% of the time, yet significant challenges remain in achieving comprehensive deployment. This data underscores both the growing recognition of MFA’s importance and the continued need for organisations to strengthen their authentication posture.

Furthermore, our 2025 Digital Trust Index – Third-Party Edition reveals a concerning reality: 40% of users reset passwords once or twice a month, highlighting the inherent weakness of password-only authentication systems. These frequent password resets not only frustrate users but also create security vulnerabilities that MFA effectively mitigates.

How MFA Defeats Common Attack Methods

MFA thwarts the most prevalent attack techniques:

Brute-force and credential stuffing attacks: These automated attacks become practically futile with MFA enabled because guessing the password isn’t enough to break in.

Phishing attacks: Even if you unwittingly hand over your password to a phisher, they still can’t access your account without the one-time code or second factor that MFA requires.

It’s no surprise that CISA’s Secure-by-Design guidelines explicitly call for making MFA a built-in, default security feature. In today’s threat landscape, MFA has evolved from a nice-to-have extra to an essential safeguard.

Thales’ Commitment: Security by Design and by Default

At Thales, we build security into our products by design, baked into our products and services. Our commitment to CISA’s Secure-by-Design pledge is reflected in how we develop features like MFA.
We already implement robust MFA across our cloud services to help safeguard your accounts and data. By requiring two forms of identification to access the Thales Cloud Security Console, we add an extra layer of protection that makes it “much harder for unauthorised users to access sensitive information”. This significantly reduces the risk of breaches and builds trust.

The Principle of Shared Responsibility

Thales’ approach recognises shared responsibility. “Security by default” means we provide secure settings and features right out of the box. However, security is also a partnership – we provide the tools, whilst you play a crucial role by using them.
We’ve made MFA available and straightforward to configure, and we actively encourage customers to use advanced authentication methods. Whilst MFA might not be mandated on all accounts by default today, we strongly recommend that you activate it. By choosing to enable MFA now, you’re not only protecting yourself immediately but also aligning with best practices that Thales and the cybersecurity community advocate globally.

Getting Started: How to Set Up MFA

Enabling multi-factor authentication on your Thales account is quick and straightforward. Here’s how:

1. Log in and navigate to your user settings. Go to Account Settings or Profile, where you’ll find security settings for MFA management. You can find these options in the Thales Cloud Security Console setup checklist.
2. Locate the Multi-Factor Authentication option and click to begin setup.
3. Select your preferred MFA method: authenticator app, SMS, or email.
4. Configure the chosen method:
   • For an authenticator app, scan the displayed QR code with your app ( MobilPASS+, Google Authenticator, Microsoft Authenticator, Authy, etc.).
   • For SMS, enter your mobile number to receive a verification code.
   • For email, a code will be sent to your registered email address.
5. Save your backup codes. These are your safety net if you lose access to your MFA device. Store them in a secure location like a password manager.
6. Complete and test the setup. Once verified, MFA will be enabled. Log out and log in again to ensure everything works properly.

That’s it! You’ve added a powerful extra layer of security in just a few minutes.

Choosing Your MFA Method: A Comparison

For organisations seeking a comprehensive overview of authentication options, Thales offers an extensive portfolio of MFA tokens and authenticators. Our OneWelcome Authenticators Portfolio includes FIDO2 passkeys, hardware tokens, smart cards, and software authenticators, ensuring secure access across different environments and devices . This breadth of choice allows organisations to select the authentication method best suited to their security requirements and user needs

When setting up MFA, you have several authentication options:

Authenticator App (recommended): Generates a new 6-digit code every 30 seconds. This method is very secure, works offline, and is significantly more phishing-resistant. Pros: High security, no network dependency. Cons: Requires your phone.

Text Message (SMS): Sends a one-time code to your mobile phone. Pros: Easy to use, no app required. Cons: Slightly less secure than authenticator apps due to potential SIM-swapping attacks, but still greatly improves security over no MFA. CISA recommends SMS-based authentication only as a “last resort” when more secure options aren’t available

Email Codes: Sends verification codes to your registered email. Pros: No extra device needed. Cons: Least secure option if your email is compromised. Use only if other methods aren’t feasible, and ensure your email itself has MFA.

Hardware Security Keys: Physical devices, such as Thales FIDO Security Keys that you plug in or tap to verify login. Pros: Highest level of security, phishing-resistant. Cons: Requires purchasing a device.

Which should you choose? If possible, use an authenticator app or hardware key, as these are most secure. For most users, an authenticator app strikes an excellent balance. SMS is a solid fallback, and email can work if necessary – just be aware of the security trade-offs.

Moving Beyond Passwords: Passwordless Authentication

Whilst MFA significantly strengthens security, the most forward-thinking organisations are taking the next step: eliminating passwords altogether. Passwordless authentication removes the vulnerabilities inherent in password-based systems – no passwords to steal, phish, or reuse.

Thales’ SafeNet Trusted Access empowers organisations to build comprehensive passwordless policies using FIDO2 passkeys, biometrics, and hardware authenticators. Our Passwordless 360 approach provides a detailed framework for implementing passwordless authentication across your organisation, combining security, user experience, and regulatory compliance.

Troubleshooting and Frequently Asked Questions

Q: Do I have to enter an MFA code every single time I log in?
A: Often not every time. Many systems offer the option to “remember” a device for a certain period (e.g., 14 days). This means you won’t need to enter a code each time on that trusted device. However, use this feature only on personal devices you control, not shared or public computers.

Q: I’m not receiving the MFA code, or it says the code is wrong. What should I do?
A: Common solutions include: For SMS, check your signal and that your phone number is correct in account settings. Wait a moment and click “Resend code” if available. For authenticator apps, ensure your phone’s clock is accurate, as codes are time-based. For email, check your spam folder.

Q: What if I lose access to my phone or MFA device?
A: Use your saved backup codes to log in. If you’ve lost those as well, contact Thales support for account recovery assistance.

Q: Can we use our own IdP?
A: Yes, you can leverage external IdPs like SafeNet Trusted Access by Thales, which allows you to build adaptive authentication policies and leverage a broad range of MFA options.

Q: Can I switch MFA methods?
A: Yes. You can disable MFA and re-enable it with a new method anytime through your account settings.

Q: Is MFA required?
A: Whilst not mandatory on all accounts today, we strongly recommend enabling it. It’s one of the most effective ways to protect your account.

Understanding Digital Trust: Research from Thales

Thales’ research demonstrates the critical importance of strong identity and access management. Our 2025 Digital Trust Index – Third-Party Edition reveals that 96% of third-party users face issues logging into partner systems, wasting 48 minutes a month on average. Additionally, 40% reset passwords once or twice a month – highlighting the need for more secure, passwordless methods like MFA.

The 2025 Data Threat Report further emphasises this urgency. According to our research, 83% of organisations report that strong MFA is used more than 40% of the time, yet challenges remain. As organisations adopt AI and face evolving quantum threats, robust authentication becomes even more critical.

Thales’ comprehensive Identity and Access Management solutions provide organisations with the capabilities needed to improve user experiences whilst strengthening security. From Multi-Factor Authentication and Single Sign-On to passwordless authentication and passkeys, Thales delivers the tools to make IAM processes straightforward and dependable.

Final Thought

Cybersecurity is a shared responsibility. We design secure systems, and you make them stronger by turning on protections like MFA. Enable MFA today in your Thales account settings. It takes just a few minutes and makes a significant difference.

Secure by design starts with secure choices.

The post Security by Design: Why Multi-Factor Authentication Matters More Than Ever appeared first on Blog.

After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks.

Executive Summary

We identified a new way external Jupyter notebooks could be exploited by threat actors to lure unsuspecting users and compromise their workstation.

Companies are recommended to use a centralized Jupyter server, stay up to date and strictly restrict external files susceptible to processing with Jupyter software.

Introduction

Jupyter notebook is quite an institution in the development of AI projects. Back in 2015, around 200,000 notebooks were publicly available on GitHub—by early 2021 that number had surged to nearly 10 million. Used by more than 80 % of data scientists and AI engineers worldwide, Jupyter is deeply embedded in every stage of AI workflows, from exploratory analysis and visualization to model prototyping and collaboration.

When investigating this ecosystem, our approach was to try to imagine where a threat actor could find his way through, and leverage functionalities to exploit victims’ environments. The first direction came surprisingly easily: the configuration files.

Configuration files are often considered innocuous. However, they may include obscure parameters that most users aren’t aware of. Ignoring them would be a critical mistake.

Config files have led to vulnerabilities in many other instances. For example, in VSCode’s IDE, the .vscode/settings.json config file was also a key component in multiple high severity vulnerabilities discovered (CVE‑2021‑34529 , CVE‑2025‑53773 or CVE-2025-54130).

One specificity of the Jupyter ecosystem that makes this attack vector even more interesting is the fact that configuration files are also perfectly valid Python executables- making them easier to exploit.

Jupyter Configuration Files

The most common configuration file is jupyter_notebook_config.py, typically found in the user-specific configuration directory (~/.jupyter/). It’s responsible for defining core Notebook server settings such as network bindings, authentication options, file system paths, and various security-related parameters. However, other config files may also be used depending on the component, such as jupyter_nbconvert_config.py for export settings, or jupyter_server_config.py for Jupyter Server.

Configuration files can actually exist in any directory, allowing for layered overrides. Available options cover a wide range of functionality, from UI behavior and authentication to kernel management, export formats, logging, and more. This approach gives users fine-grained control over the entire Jupyter ecosystem.

For example:

c = get_config()
c.NotebookApp.port = 8888
c.FileContentsManager.save_script = True

However, acknowledging a high severity impact, Jupyter decided in October 2022 to remove CWD from the config paths, reducing the risk presented significantly.

This was the starting point of our research. We started searching for a similar or stronger way to exploit the same idea: having a file whose name is not constrained adjacent to a jupyter notebook, assuming an unsuspecting user would trigger an innocuous operation on a perfectly legit Jupyter notebook on the official Jupyter software and inadvertently allow full system compromise.

And this is exactly what we found by investigating the official export tool of Jupyter, nbconvert.

The Vulnerability

The vulnerability we discovered allows arbitrary code execution on Windows machines when exporting a notebook to PDF. By placing a properly named, malicious script in the notebook folder location, an attacker could hijack the conversion process and execute code with the privileges of the user.

When a Jupyter notebook containing SVG output is exported via nbconvert, the svg2pdf.py preprocessor is triggered to convert SVG images via the Inkscape tool. During this process, the path to Inkscape executable is resolved using Python’s shutil.which() via the following expression:

inkscape_path = which("inkscape")

without including inkscape anywhere as a mandatory nbconvert dependency. This opened the door to unintended code execution as the following figure shows:

Fig. 1: High level flow of exploitation of the security issue

shutil.which behavior is controlled internally by the Windows API function NeedCurrentDirectoryForExePathW, which returns TRUE (include CWD) when the NoDefaultCurrentDirectoryInExePath environment variable is not set, which is the default configuration on standard Windows installations.

In Python versions earlier than 3.12, `shutil.which()` ignores the `NoDefaultCurrentDirectoryInExePath` environment variable entirely, making it impossible to prevent this unsafe search behavior through configuration.

Python 3.12 and later versions properly respect this environment variable when set, but the variable remains unset by default on Windows systems, leaving many vulnerable.

Since nbconvert officially supports Python versions starting from 3.9, it includes versions that are affected by this issue both ways.

CVE-2025-53000

This unsafe lookup behavior aligns with CWE-427: Uncontrolled Search Path Element. Therefore, we recommended disabling the searching of inkscape software from CWD and relying on fixed safe search places.

Upon receiving our report, the Jupyter team reproduced the issue, acknowledged the associated risk, and requested a CVE (see below). A discussion was then initiated regarding how to fix the issue. However, the Jupyter team eventually stopped responding to our messages and has not addressed the issue to date.

CVE-2025-53000 has been assigned to this vulnerability. At the time of publication, the Github advisory has not yet been released by the maintainers.

Because export functionality is commonly used and generally trusted, it presents an attractive target for attackers, and especially in environments where notebooks are frequently shared—such as academic research groups, data science teams, or educational institutions—the potential for exploitation increases substantially.

Eventually, following our 90-day policy, we decided to publish this advisory to help protect the community.

Demonstration Video

The following demonstration video was recorded on a Windows 10 Enterprise x64 machine with default settings, using miniconda3 and Python 3.13.9, using the latest available Jupyter software versions, including:

Jupyter Core 5.9.1, nbconvert 7.16.6, and Notebook 7.5.0

Post Exploitation

Once successfully triggered, this vulnerability gives the attacker arbitrary code-execution in the context of the user. This immediately impacts confidentiality, integrity, and availability, as the attacker can access, modify, or disrupt the user’s data and workflows. On typical Windows data-science workstations, victim accounts almost always have:

• Direct access to sensitive notebooks and datasets.
• Cached cloud credentials (AWS CLI, Azure CLI, gcloud, Databricks etc.)
• Locally installed package managers (conda, pip, winget) and DevOps pipelines that will happily run additional code.

This potentially amplifies the radius of compromise, allowing its effects to spread beyond the initial workstation.

Recommendations

Companies are recommended to rely on a centralized Jupyter server, ensure that all Jupyter-related software remains up to date, and enforce strict restrictions on external files that may be processed through Jupyter tools.

It is also recommended to enable the NoDefaultCurrentDirectoryInExePath environment variable to reduce the risk of unintentionally executing files from untrusted locations.

Conclusion

This vulnerability shows how the invisible glue of our workflows can become points of failure when not properly scrutinized.

We expect more vulnerabilities to surface in this fast-growing AI ecosystem as workflows become more automated, composable, and cloud-integrated, and we hope this report encourages teams to take a closer look at the quiet dependencies holding their environments together.

Timeline

• June 8: Disclosure report submitted.
• June 12: Issue reproduced.
• June 25: CVE reservation by Jupyter team.

The post Code Execution in Jupyter Notebook Exports appeared first on Blog.

The surge in AI-driven traffic is transforming how websites manage their content. With AI bots and agents visiting sites at unprecedented rates (often scraping without permission, payment, or attribution) content owners face a critical challenge: how to protect their intellectual property while capitalizing on legitimate AI use cases.

Today, we’re excited to announce Imperva’s integration with TollBit, a groundbreaking solution that enables our Cloud Web Application Firewall (CWAF) customers to monetize traffic from AI bots and crawlers that would otherwise scrape their content without permission or compensation.

Meeting the AI Traffic Challenge

The traditional ad-supported and subscription-based content models are being disrupted by AI. This integration provides a new economic model where value flows fairly between content creators and AI developers, transforming unauthorized scraping into a sustainable revenue stream.

How Imperva and TollBit Work Together

The integration leverages Imperva’s industry-leading Web Application Firewall capabilities alongside TollBit’s analytics and monetization platform to create a comprehensive solution:

1. Detection & Enforcement: Imperva CWAF identifies AI bot traffic at the edge, providing the critical first layer of protection.
2. Intelligent Redirection: Using Imperva’s redirect rules, requests from AI bots are automatically redirected to a TollBit subdomain (e.g., tollbit.example.com), with CWAF returning an HTTP 302 response.
3. Payment Gateway: The TollBit subdomain returns an HTTP 402 response code (payment required), prompting AI bot operators to obtain valid TollBit tokens for authorized access.
4. Analytics & Insights: Through SIEM log integration, Imperva Access and Security logs flow to TollBit’s analytics engine, providing executives with clear, AI-specific analytics that show how bots are engaging with their content and the business impact of that traffic both within Tollbit and Imperva’s UMC.

Implementation Architecture

The integration requires a straightforward setup process:

• Onboard your domain to Imperva Cloud WAF
• Create a TollBit account and verify domain ownership via DNS TXT records
• Configure a TollBit subdomain with appropriate DNS NS records
• Create redirect rules in Imperva’s management console to route AI bot traffic
• Set up AWS S3 bucket integration for log processing and analytics

To ensure compatibility with TollBit’s requirements, an AWS Lambda function prefixes dates to Imperva log file names, enabling seamless ingestion into TollBit’s analytics platform.

A Shared Vision for Fair Compensation

This partnership represents a fundamental shift in how content owners approach AI traffic. Rather than simply blocking all bots or allowing unrestricted scraping, sites now have granular control to enforce access rules and pricing on their own terms.

Content owners deserve fair compensation for how their content powers the AI ecosystem. By combining Imperva’s security capabilities with TollBit’s monetization tools, we’re enabling the transition from unauthorized scraping to sustainable, licensed transactions.

What This Means for Imperva Customers

With this integration, Imperva CWAF customers gain:

• Robust protection against unauthorized AI scraping at the application layer
• Complete visibility into AI traffic patterns and behaviors through dedicated analytics
• Flexible control to decide which AI agents can access content and under what conditions
• New revenue streams that turn scraping attempts into legitimate, paid transactions

The agent economy is here, and autonomous AI visitors are becoming a permanent fixture of web traffic. With Imperva and TollBit, you can ensure these interactions happen on your terms—fairly, transparently, and profitably.

Get Started

If you’re an Imperva Cloud WAF customer and want to activate the integration:

• Create your own Tollbit account on the TollBit platform https://app.tollbit.com/sign-up.
• Create custom rules in the Imperva Cloud WAF platform as instructed in the TollBit Docs.

TollBit is free for publishers and websites so you can be up and running in no time.

Learn more about how Imperva’s integration with TollBit can help you protect and monetize your content in the AI era.

The post Imperva Partners with TollBit to Power AI Traffic Monetization for Content Owners appeared first on Blog.

Introduction and Vulnerability Overview 

Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components (RSC). That post focused on the essentials: a critical flaw arising from unsafe server-side deserialization of client-controlled RSC payloads, its potential to enable unauthenticated remote code execution, and what we do to protect against it.  

In this follow-up, we expand on that foundation by examining what makes this vulnerability so dangerous. We explore the real-world footprint of this vulnerability, look at how it has appeared in the wild across different countries and sites, examine recorded exploit attempts that use this vulnerability as an entry point in opportunistic malware campaigns, and assess how the flood of AI-generated PoCs is complicating real-world defenses. 

General Statistics 

Before diving into the technical details, let’s begin with a macro-view of its real-world impact across the globe. 

Over the past week, Imperva sensors recorded over 127 million requests related to React2Shell (CVE‑2025‑55182) probing and exploitation attempts, highlighting the scale and automation targeting this vulnerability. These attempts spanned across more than 87 thousand distinct sites, showing that opportunistic scanning far outweighs targeted, single-tenant attacks.  

Activity was observed across 128 countries, with the United States and Singapore emerging as the most heavily targeted regions, underscoring the global reach of this CVE. 

The industry reach is widespread, although Education and Financial Services sites collectively account for almost half of all attacks.

The PoC Slop

Shortly after the public disclosure of React2Shell (CVE-2025-55182), a flood of what claimed to be “proof-of-concept” exploits began circulating. As the original disclosure site warns, many of these PoCs were invalidly crafted under incorrect assumptions, such as requiring explicit exposure of dangerous server-side functionality such as child_process.exec, vm.runInThisContext, or fs.writeFile rather than exploiting the actual flaw in the RSC Flight deserialization logic.

This surge of AI-generated PoC samples has a harmful side effect: it has muddied the waters for defenders. Instead of concentrating on the real vulnerability, security teams must sift through a sea of false or irrelevant exploit attempts. Attackers and bots are now producing a vast number of convincing-looking payloads, making it much harder for defenders to tell legitimate exploits from background noise.

An example of AI POC:

Malicious campaigns

In the immediate aftermath of the React2Shell disclosure, Imperva Threat research observed a large volume of malicious campaigns leveraging the vulnerability as an entry point. The following is a summary of just a few of the campaigns we observed along with the relevant IoCs:

1. Linux Remote Access Trojan Campaign
2. XNote RAT
3. Snowlight dropper
4. ReactOnMyNuts: Botnet and Cryptominer spreader campaign
5. Runnv Cryptojacking campaign

1. Linux Remote Access Trojan Campaign

Description:

A widespread campaign, where attackers leveraged the React Server Components vulnerability to download a malicious RAT executable. Once installed, the malware contacts a C2 server and retrieves JSON-based task instructions, such as running system commands, opening a reverse shell, and uploading or downloading files.

Top Targeted Countries: United States, Indonesia Thailand, Brazil, United Kingdom

Top Targeted Industries: Telecom and ISPs, Business, Financial Services, Gambling

Malicious command:

IoCs:

2. XNote RAT

Description:

A highly targeted campaign, affecting only financial services sites in Hong Kong, utilizing the React2Shell vulnerability to deploy the Xnote Remote Access Trojan Linux malware. The Xnote malware was exposed by Russian anti-virus company Doctor Web, who believe that there is “good reason to believe that some members of the Chinese hacker group called ChinaZ took part in the development of this Trojan.”

Targeted Country: Hong Kong

Targeted Industry: Financial Services

Malicious command:

IoCs:

3. Snowlight dropper

A campaign focused on deploying the SnowLight dropper through the React2Shell vulnerability. SnowLight serves as both an initial access vector and a persistence mechanism, executing malicious scripts that retrieve and install additional, more advanced payloads, most notably the VShell Remote Access Trojan (RAT).

SnowLight is associated with Chinese state-sponsored threat actors tracked as UNC5174, a group known for targeting research and education institutions, businesses, charities, NGOs, and government organizations across Southeast Asia, the United States, and the United Kingdom.

Targeted Countries: Indonesia, Australia, United States, Kuwait

Targeted Industry: Financial Services, Telecom and ISPs, Retail

Malicious command:

IoCs:

4. ReactOnMyNuts: Botnet and Cryptominer spreader campaign

Description:

A campaign utilizing the React2Shell vulnerability to spread both Mirai and XMRig cryptojacking malware samples using shared server architecture. The attackers used the vulnerability to execute a one-liner command aimed at downloading and installing both Mirai botnet and XMRig cryptojacking malware.

Cryptojacker configuration showing wallet addresses

Top Targeted Countries: United States, Australia, United Kingdom, Argentina, Columbia

Top Targeted Industries: Healthcare, Business, Financial Services, Computing & IT

Malicious commands:

IoCs:

5. Runnv Cryptojacking campaign

Description:

A cryptojacking campaign, with indicators of Chinese origin. The attackers utilized the React2Shell vulnerability to execute a dropper bash script, which downloads several second stage files including bash scripts and gzip compressed data. These components form the code and configuration of the cryptojacking operation. From an investigation of the wallet addresses used in the campaign we can see that (at the time of investigation) the threat actors were making around 170 USD per day, or around 62,050 USD per year.

Screenshot downloader script showing Chinese characters

Crypto wallet address:

Campaign Monero Wallet Statistics

Top Targeted Countries: United States, Brazil, United Kingdom, Colombia, Canada

Top Targeted Industries: Business, Financial Services, Lifestyle, Healthcare

Malicious commands:

IoCs:

Conclusion

The React2Shell vulnerability has quickly evolved from disclosure to widespread exploitation, with over 127 million attack attempts targeting more than 87,000 sites across 128 countries observed on the Imperva network alone within the first week. The campaigns documented here, from state-sponsored RATs to cryptojacking operations demonstrate how rapidly threat actors weaponize critical vulnerabilities. Imperva Cloud WAF and On-Premises WAF customers remain fully protected against these exploitation attempts.

The post Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability appeared first on Blog.

The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more.

And this is where organizations face a painful, often invisible problem:

To protect APIs, many organizations end up exposing the very data they are trying to secure.

Most API security tools still rely on raw-payload logging, traffic replay, or shipping full request bodies into external analytics systems. That means sensitive customer data:

• Leaves controlled environments
• Gets stored in multiple systems
• Crosses borders without intention
• Lands in tools not designed to hold PII
• Multiplies breach risk and regulatory pressure

This creates a direct conflict between security, privacy, and compliance, and businesses are caught in the middle.

The Real-World Impact: When Privacy Becomes a Security Liability

Across industries – financial services, retail, healthcare, travel, public sector, the story repeats:

1. Breach blast radius expands

The more systems that hold raw API payloads, the bigger the impact when any one of them is compromised.

2. Compliance becomes harder, not easier

GDPR, CCPA, HIPAA, PCI, and emerging data-sovereignty regulations penalize:

• unnecessary data retention
• cross-border data transfers
• third-party exposure
• lack of data-minimization controls

Most API security tools inadvertently violate all four.

3. Data residency rules block API security deployments

Organizations operating in multiple regions can’t centralize raw API data in a single cloud service, but many tools require doing exactly that.

4. Dev and QA environments become privacy risks

When security tests are based on production payload replays, sensitive data leaks into non-production systems.

5. Security teams lose visibility if they avoid raw logging

Many leaders try to “lock down” data flows, but that often leaves API blind spots, making it harder to detect business logic abuse, scraping, or session-based attacks.

This is the API privacy paradox:
You either weaken privacy to strengthen security or weaken security to preserve privacy.

The Industry Approach Is Broken

The traditional API security model makes three flawed assumptions:

1. You must log or store raw payloads to get visibility.
2. You must centralize traffic for analytics.
3. You must replay production data to test API security.

These assumptions create privacy exposure, compliance failure, and operational friction.

Imperva Solves This by Rethinking the Architecture

Imperva’s privacy-first, local-first platform was built around a core belief:

API security should not require exposing sensitive data, ever.

The architecture flips the traditional model:

1. Inspect at the PoP (where traffic lives)

Traffic is parsed in-memory at the Point-of-Presence closest to the application, SaaS PoP or on-prem.

Raw values never leave the PoP.

2. Convert sensitive values into privacy-safe artifacts

Classification + hashing replaces raw payloads with:

• label
• schema fragments
• one-way irreversible hashes
  This is the only data that ever moves upstream.

3. Detect and respond using metadata only

Anomaly detection uses metadata such as:

• data labels
• schema context
• session identifiers
• hashed tokens

No raw content is needed or exposed.

4. Enforce using hashes, not identities

Hash-based enforcement enables:

• per-session blocking
• token-level mitigation
• behavior-based decisions
  without seeing or sharing the sensitive value behind the hash.

5. Same privacy guarantees across all deployments

Cloud, on-prem, hybrid – the mechanics never change.

What This Means for the Business

This is where Imperva’s architecture translates directly into measurable, enterprise-wide value:

Smaller blast radius = lower breach liability

Fewer systems hold PII, drastically reducing what attackers can steal and what you must disclose.

Faster compliance alignment

Local data processing and zero raw persistence align with GDPR, HIPAA minimum-necessary, and sovereignty rules.

Real-time protection with zero added exposure

Inline, in-PoP inspection gives detection teams full visibility without raw payload retention.

Safer automation in Dev/QA

Privacy-aware test artifacts eliminate the risk of production PII leaking into pipelines.

Reduced third-party risk

Vendors never receive raw payloads, only metadata and hashes.

A future-proof privacy posture

As regulatory pressure increases, architectures like this become mandatory, not optional.

Why This Whitepaper Matters

This whitepaper breaks down exactly how Imperva delivers production-grade API protection while preserving privacy, with clear explanations and practical examples.

You’ll learn:

• How to get deep visibility without storing raw payloads
• Why in-PoP processing reduces exposure and simplifies compliance
• How hash-based enforcement protects identities while enabling precise blocking
• How to design a privacy-first architecture that works across hybrid/multi-cloud

In other words:
If you need to secure APIs and meet privacy, residency, or compliance requirements – this is essential reading.

Ready to See How Privacy-First API Security Really Works?

Download the whitepaper and learn how Imperva protects APIs without exposing sensitive data.

The post The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at Risk appeared first on Blog.

Overview

On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions.

The React2Shell vulnerability stems from improper validation of client-supplied data within certain server-side React features. An unauthenticated attacker could exploit this flaw by sending specially crafted requests, leading to unexpected server-side behavior. Successful exploitation could result in unauthenticated remote code execution.

This vulnerability requires no authentication and affects a wide range of modern React/Next.js deployments.

• Primary CVE: CVE-2025-55182 (React Core)
• Downstream tracking: CVE-2025-66478 (Next.js)

What Causes the Vulnerability

The affected functionality involves the mechanism React uses to receive and interpret data for server-side features. Certain malformed or intentionally crafted inputs may trigger unsafe processing paths on the server.

The React and Next.js teams have released security updates that strengthen these validation steps and prevent unintended behavior.

Impact

The vulnerability allows unauthenticated remote code execution (RCE) on servers running React Server Components.

Applications using React Server Components are vulnerable even if they do not explicitly define Server Function endpoints.

In effect, a malicious actor can send specially crafted requests to a vulnerable server and, due to insecure deserialization of serialized payloads, trigger unintended server behavior including arbitrary code execution.

As of this advisory, there is no evidence of active exploitation in the wild. However, numerous unauthorized or fake proof-of-concept (POC) exploits have been circulated publicly, which may cause confusion or unintended harm if tested without proper validation.

Affected Versions:

• React: 19.0.0, 19.1.0–19.1.1, 19.2.0
• js (App Router): 15.x ≤ 15.5.6, 16.x ≤ 16.0.6

Patched versions:

• React: 19.0.1, 19.1.2, 19.2.1
• js: 15.5.7+, 16.0.7+, 16.1+

Imperva Proactive Response

Imperva’s Threat Research team initiated an immediate investigation to assess the potential impact on customer environments.

Within hours, we:

• Analyzed the vulnerability and mapped out the most plausible exploitation paths
• Developed and validated virtual patching rules designed to detect and block malicious request patterns associated with the issue
• Rolled out these protections automatically across the entire Imperva Cloud WAF customer base

All cloud protections are already active, require no change from customers, and continue to be monitored and refined as new information becomes available. On-prem customers should review the Community Guide to manually deploy this policy.

Conclusion

This is a significant framework-level security issue affecting widely used technologies. Imperva customers are already protected through our rapid response and proactive security controls. We will continue to track this vulnerability closely and update protections as new information becomes available.

While Imperva protections mitigate known attack vectors, customers should:

1. Update React and Next.js to the vendor-provided patched versions
2. Review any server-side features that accept data directly from clients
3. Continue monitoring vendor advisories for future updates

For further assistance, please contact Imperva Support or your Customer Success representative.

The post Imperva Customers Protected Against React Server Components (RSC) Vulnerability appeared first on Blog.

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover (ATO) attacks spike sharply in November and December, targeting shoppers’ saved payment details, loyalty points, wish-lists, and personal data.

Most retailers focus on keeping sites fast and campaigns running smoothly, but this seasonal pressure creates blind spots in authentication, login flows, and Application Programming Interface API endpoints. Attackers know this and use automated tools and AI-driven bots to slip into accounts with little resistance.

During peak season, it doesn’t take long for an unnoticed credential-stuffing surge, or a burst of suspicious login attempts to translate into real financial loss and customer frustration. For many retailers, the challenge isn’t a dramatic breach, it’s the quiet, persistent account abuse that goes undetected until the damage is already done.

The Escalation of Account Takeover Attacks

According to the 2025 Imperva Bad Bot Report, Account Takeover attacks increased by 40 percent in 2024 and by more than 50 percent since 2022. The rise reflects the expanding attack surface of modern digital businesses and the increasing availability of stolen credentials.

ATO attacks are rarely brute force assaults in the traditional sense. Most rely on automation and intelligence. Attackers use:

• Credential stuffing to test stolen username and password pairs obtained from prior data breaches
• Credential cracking to predict likely passwords using AI or dictionary-based guessing techniques
• Brute force attacks to systematically attempt all possible combinations where no prior credential data exists

Each of these techniques is enhanced by bot networks capable of emulating legitimate traffic and distributing attacks across thousands of IP addresses to avoid detection.

Once an account is compromised, attackers can alter stored payment details, redeem loyalty points, exfiltrate personal data, or pivot into connected systems through single sign on integrations. The damage can be widespread and difficult to undo, making remediation costly, complex, and often too late to fully protect the victim.

The Cost of Compromise

A successful Account Takeover is not just a security failure; it is a business crisis. The consequences cascade across financial, regulatory, and reputational dimensions.

• Financial loss from fraud, chargebacks, and stolen assets
• Operational disruption as security and customer support teams manage lockouts and resets
• Regulatory exposure under privacy and data protection laws such as GDPR, CCPA, and PCI DSS
• Legal costs and compensation claims from affected customers or partners
• Reputational damage leading to customer attrition and reduced trust

Regulators increasingly view inadequate protection of user credentials as a preventable failure. In industries such as financial services, retail, and telecom, where digital identity underpins customer engagement, the stakes are exceptionally high.

The AI Advantage for Attackers

Artificial intelligence is amplifying both the scale and sophistication of ATO campaigns. Where brute force once relied purely on volume, AI brings adaptive learning and behavioural mimicry.

Modern credential stuffing bots now simulate human navigation, introduce artificial pauses, and mirror typing patterns to bypass rate limits and behavioural detection systems. Machine learning

models trained on breached data can predict likely password sequences based on language, demographics, and prior password resets.

This capability turns traditional defences into speed bumps rather than barriers. The result is faster, more evasive attacks that require intelligent, context aware countermeasures.

The Expanding API Attack Surface

As organizations modernize applications, APIs have become both essential and exposed. They connect services, mobile clients, and third-party integrations, and they now represent a primary conduit for identity and data access.

According to Imperva telemetry, around 12 percent of all API attacks in 2024 were Account Takeovers. Many of these attacks are low volume and high value, designed to evade detection. Attackers harvest sensitive information in small increments such as user identifiers, loyalty balances, and payment tokens, and use that data later for large scale fraud or identity theft.

During the holiday shopping season, attackers take advantage of the fact that retail systems are under more pressure and handling far more automated traffic than usual. Bots are designed to blend seamlessly into this activity. They mimic real customers using legitimate browsers, realistic headers, and correctly formatted API calls, which makes them difficult to distinguish from genuine shoppers.

Instead of triggering obvious high-volume spikes, attackers quietly test stolen credentials across login APIs, probe authentication flows, and map out which accounts are valid. They reuse tokens, exploit weak session handling, and launch credential stuffing campaigns at a pace that fits naturally within peak season traffic. Because the requests look structurally correct, they often bypass volumetric detection and slip past basic rate limits.

Once inside an account, automated scripts extract loyalty balances, change delivery addresses, modify stored payment methods, or pivot through single sign on to gain access to additional services. For many retailers, these subtle API driven attacks are now the fastest growing source of credential-based compromise, and they reach their highest risk in November and December.

Thales recommends:

1. Improve visibility across login traffic this holiday season

During peak shopping periods, login volumes surge and attackers use the noise to hide. Monitor login attempts, unusual session behaviour, device changes, and repeated failures so you can spot suspicious activity early.

2. Strengthen authentication without slowing real customers

Shoppers expect fast checkout experiences, especially during sales events. Use smarter authentication controls that react to risk signals such as new devices or sudden spikes in login attempts, while keeping the journey seamless for genuine users.

3. Protect high value pages such as login and checkout

These are the most heavily targeted points during the holiday rush. Account Takeover attacks often begin on the login page and escalate at checkout. Ensure these flows have the strongest monitoring and protection in place to detect unusual behaviour before accounts are compromised.

4. Secure all APIs involved in customer accounts and orders

Retailers rely on APIs for login, checkout, loyalty, order history, and account management. These endpoints see huge traffic increases in November and December, making them prime targets for automated abuse. Apply full visibility and security controls across them.

5. Deploy Advanced Bot Protection to stop automated ATO attempts

Bots spike dramatically during holiday promotions. Advanced bot protection identifies and blocks automated credential testing, scripted login attempts, and account probing in real time without adding friction for real shoppers. This is critical for preventing ATO during your busiest weeks.

Visit Imperva.com Account Takeover Protection.

The post ’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season appeared first on Blog.

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware (versions 12.2.1.4.0 and 14.1.2.1.0). Multiple threat actors are already exploiting the vulnerability in the wild, and it was added to CISA’s Known Exploited Vulnerabilities catalog on November 21, 2025. 

Oracle Identity Manager is widely deployed across large enterprises, particularly in finance, government, healthcare, and other sectors that rely heavily on Oracle infrastructure. Because it remains a core identity platform for many organizations, this vulnerability significantly elevates risk, making CVE-2025-61757 especially critical. 

The Vulnerability 

Recent disclosures indicate that, unlike previous Oracle CVEs, this vulnerability is straightforward and highly susceptible to exploitation by threat actors. The vulnerability originates from an authentication bypass in Oracle Identity Manager’s REST APIs, where attackers can trick the security filter into treating protected endpoints as public by appending parameters such as ?WSDL or ;.wadl to the URL path. This exposes sensitive endpoints like:

After gaining unauthenticated access, attackers can interact with a Groovy script compilation endpoint. Although this endpoint is not intended to execute scripts, it can be exploited to run malicious code during the compilation process by abusing Groovy’s annotation-processing feature. 

This flaw chain allowed researchers to achieve pre-authentication remote code execution on vulnerable Oracle Identity Manager instances. 

What We’ve Seen 

Over the past week, more than 300,000 attack attempts have been detected targeting this vulnerability. These attacks are occurring globally across over 18 countries, with the majority focused on the US and France. 

Computing, healthcare, and business sites are hit the hardest by attack attempts. 

Bottom Line 

CVE-2025-61757 is a critical authentication bypass vulnerability with a high operational impact, potentially allowing attackers to achieve remote code execution. 

The Imperva Threat Research group tracked and identified the exploitation chain of this vulnerability, ensuring that Imperva customers with Elastic WAF, Cloud WAF, or On-Prem WAF are now protected out of the box. 

The post CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution appeared first on Blog.