Reading view
Privileged File System Vulnerability Present in a SCADA System
We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.
The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.

How China’s “Walled Garden” is Redefining the Cyber Threat Landscape
Blog
How China’s “Walled Garden” is Redefining the Cyber Threat Landscape
In our latest webinar, Flashpoint unpacks the architecture of the Chinese threat actor cyber ecosystem—a parallel offensive stack fueled by government mandates and commercialized hacker-for-hire industry.

For years, the global cybersecurity community has operated under the assumption that technical information was a matter of public record. Security research has always been openly discussed and shared through a culture of global transparency. Today, that reality has fundamentally shifted. Flashpoint is witnessing a growing opacity—a “Walled Garden”—around Chinese data. As a result, the competence of Chinese threat actors and APTs has reached an industrialized scale.
In Flashpoint’s recent on-demand webinar, “Mapping the Adversary: Inside the Chinese Pentesting Ecosystem,” our analysts explain how China’s state policies surrounding zero-day vulnerability research have effectively shut out the cyber communities that once provided a window into Chinese tradecraft. However, they haven’t disappeared. Rather, they have been absorbed by the state to develop a mature, self-sustaining offensive stack capable of targeting global infrastructure.
Understanding the Walled Garden: The Shift from Disclosure to Nationalization
The “Walled Garden” is a direct result of a Chinese regulatory turning point in 2021: the Regulations on the Management of Security Vulnerabilities (RMSV). While the gradual walling off of China’s data is the cumulative result of years of implementing regulatory and policy strategies, the 2021 RMSV marks a critical turning point that effectively nationalized China’s vulnerability research capabilities. Under the RMSV, any individual or organization in China that discovers a new flaw must report it to the Ministry of Industry and Information Technology (MIIT) within 48 hours. Crucially, researchers are prohibited from sharing technical details with third parties—especially foreign entities—or selling them before a patch is issued.
It is important to note that this mandate is not limited to Chinese-based software or hardware; it applies to any vulnerability discovered, as long as the discoverer is a Chinese-based organization or national. This effectively treats software vulnerabilities as a national strategic resource for China. By centralizing this data, the Chinese government ensures it has an early window into zero-day exploits before the global defensive community.
For defenders, this means that by the time a vulnerability is public, there is a high probability it has already been analyzed and potentially weaponized within China’s state-aligned apparatus.
The Indigenous Kill Chain: Reconnaissance Beyond Shodan
Flashpoint analysts have observed that within this Walled Garden, traditional Western reconnaissance tools are losing their effectiveness. Chinese threat actors are utilizing an indigenous suite of cyberspace search engines that create a dangerous information asymmetry, allowing them to peer at defender infrastructure while shielding their own domestic base from Western scrutiny.
While Shodan remains the go-to resource for security teams, Flashpoint has seen Chinese threat actors favor three IoT search engines that offer them a massive home-field advantage:
- FOFA: Specializes in deep fingerprinting for middleware and Chinese-specific signatures, often indexing dorks for new vulnerabilities weeks before they appear in the West.
- Zoomai: Built for high-speed automation, offering APIs that integrate with AI systems to move from discovery to verified target in minutes.
- 360 Quake: Provides granular, real-time mapping through a CLI with an AI engine for complex asset portraits.
In the full session, we demonstrate exactly how Chinese operators use these tools to fuse reconnaissance and exploitation into a single, automated step—a capability most Western EDRs aren’t yet tuned to detect.
Building a State-Aligned Offensive Stack
Leveraging their knowledge of vulnerabilities and zero-day exploits, the illicit Chinese ecosystem is building tools designed to dismantle the specific technologies that power global corporate data centers and business hubs.
In the webinar, our analysts explain purpose-built cyber weapons designed to hunt VMware vCenter servers that support one-click shell uploads via vulnerabilities like Log4Shell. Beyond the initial exploit, Flashpoint highlights the rising use of Behinder (Ice Scorpion)—a sophisticated web shell management tool. Behinder has become a staple for Chinese operators because it encrypts command-and-control (C2) traffic, allowing attackers to evade conventional inspection and deep packet analytics.
Strengthen Your Defenses Against the Chinese Offensive Stack with Flashpoint
By understanding this “Walled Garden” architecture, defenders can move beyond generic signatures and begin to hunt for the specific TTPs—such as high-entropy C2 traffic and proprietary Chinese scanning patterns—that define the modern Chinese threat actor.
How can Flashpoint help? Flashpoint’s cyber threat intelligence platform cuts through the generic feed overload and delivers unrivaled primary-source data, AI-powered analysis, and expert human context.
Watch the on-demand webinar to learn more, or request a demo today.
Request a demo today.
The post How China’s “Walled Garden” is Redefining the Cyber Threat Landscape appeared first on Flashpoint.
Explore scaling options for AWS Directory Service for Microsoft Active Directory
You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as a resource forest. In this configuration, AWS Managed Microsoft AD serves supported AWS services while users’ identities remain under exclusive control of your organization on a self-managed Active Directory. As your organization grows and scales, so will your AWS Managed Microsoft AD deployments.
In this post, you’ll learn how to use Amazon CloudWatch dashboards to monitor key performance metrics of your AWS Managed Microsoft AD deployment to track and analyze a directory’s performance over time. You can then use that information to determine when and how best to scale directory services for optimal performance.
Scaling your Active Directory
When you deploy AWS Managed Microsoft AD, the service initially creates two domain controller instances in two separate subnets of the same virtual private cloud (VPC). This architecture economically provides resiliency and high availability with a minimal set of resources. This initial configuration enables every feature that AWS Managed Microsoft AD offers. As your organization grows, its workflows will become larger and more complex, requiring that you scale your directories accordingly. AWS Managed Microsoft AD simplifies and makes the scaling process secure with minimal administrative effort. When it’s time to scale a directory, AWS Managed Microsoft AD offers two options: scale-up or scale-out.
Understanding scale-up and scale-out
Scale-up—also called upgrading your AWS Managed Microsoft AD—means changing the edition of an AWS Managed Microsoft AD from Standard to Enterprise. Enterprise Edition delivers larger domain controller instances, with higher compute capacity and larger storage for Active Directory objects. When a directory scales up, it retains the same number of domain controller instances that it previously had with larger quotas. Instances are replaced one at a time to minimize disruptions to production workflows.
A few features offered by the service are a better fit for the size and compute power of Enterprise Edition AWS Managed Microsoft AD and so are only available in Enterprise Edition. Consider scaling-up your directory if you encounter any of the following scenarios:
- You plan to replicate your directory across multiple AWS Regions. Multi-Region replication is only available in Enterprise Edition.
- The number of Active Directory objects in the directory will exceed the recommended threshold of 30,000 objects for Standard Edition. Enterprise Edition can accommodate up to 500,000 directory objects.
- You plan to share your directory with more than 25 other AWS accounts. The default directory sharing quota is 25 accounts for Standard Edition and 500 for Enterprise Edition.
Important: Scaling up a directory from Standard to Enterprise is a one-way operation that cannot be reverted and operates at a higher hourly price.
Scale-out means deploying additional domain controllers for your AWS Managed Microsoft AD. You can scale out both Standard or Enterprise directories and can scale out different Regions independently. You don’t need to scale every Region to the same number of domain controller instances. When scale-out takes place, additional domain controller instances with the same compute resources and storage capacity as existing ones are launched in the same subnets.
Because some operations cannot be reverted, it’s important to understand the impact of each scaling operation. It’s preferable to scale out the number of domain controllers first, because you can revert that change if necessary. Consider scaling up first only if you need a feature that’s only available in Enterprise Edition.
Making an informed decision using CloudWatch
Since December 2021, AWS Managed Microsoft AD helps optimize scaling decisions with directory metrics in Amazon CloudWatch. Amazon CloudWatch metrics are a time-ordered set of data-points about performance indicators of a system that you can use to monitor and analyze performance over time. Metrics are stored as a time-series set and each data point has an associated timestamp. By using CloudWatch, you can create alarms based on metrics and visualize and analyze metrics to derive new insights.
To understand the performance of a directory over time, define the key performance metrics based on your workload when you create the directory. Record the initial values of those metrics to create a performance baseline. Periodically revisit and compare data points for the same metrics to understand trends and use of resources over time. Based on the information provided by the performance baseline and periodic follow-ups, you can decide when to scale your directory and what scaling method to use. This process is depicted in Figure 1.
Figure 1: Decision-making process for scaling an Active Directory implementation
Depending on the characteristics of your workload, you might face different resource constraints in your directory system. From an infrastructure perspective, the more commonly demanded resources are:
- Network Interface: Current Bandwidth
- Processor: % Processor Time
- LogicalDisk: % Free Space
From an Active Directory perspective, consider metrics such as:
- NTDS: LDAP Searches/sec
- NTDS: ATQ Estimated Queue Delay
The following table is an example decision matrix based on which resource is constrained.
| Constrained resource | Recommended action |
| % Processor Time | Scale out |
| I/O Database Reads Average Latency | Scale out |
| Committed Bytes in Use | Scale out |
| % Free Space | Scale up |
For example, you can create a CloudWatch alarm that will trigger when Processor: % Processor Time is over 80% for more than 5 minutes. If this alarm triggers often, it could be a signal that domain controller instances are struggling to service the regular volume of user authentication requests. In such a scenario, you might consider scaling-out an additional domain controller to guarantee the service’s SLA. Conversely, if the LogicalDisk: % Free Space drops below 10% and trends downwards, you might consider scaling-up to Enterprise Edition, because it provides a larger capacity for directory objects.
To facilitate tracking and analyzing performance of AWS Managed Microsoft AD over time, you can use Amazon CloudWatch to create a custom dashboard including relevant metrics.
Prerequisites
Before you get started, make sure that you have the following prerequisites in place:
- An AWS account
- An AWS Identity and Access Management (IAM) user or role with permissions to perform AWS Directory Service operations and CloudWatch operations
- An Amazon Virtual Private Cloud (Amazon VPC) VPC configured in each Region
- At least two private subnets in the VPC
- An AWS Managed Microsoft AD directory
Create a CloudWatch dashboard
With the prerequisites in place, you’re ready to create a CloudWatch dashboard to track directory service metrics. For more information, see Getting started with CloudWatch automatic dashboards.
To create a dashboard:
- Open the AWS Management Console for CloudWatch.
- In the navigation pane, choose Dashboards, and then choose Create dashboard.
- In the Create new dashboard dialog box, enter a name for the dashboard and then choose Create dashboard.
- When the Add widget window appears:
- Under Data sources types, select CloudWatch.
- Under Data type, select Metrics.
- Under Widget type, select Line.
- Choose Next.
- In the Add metric graph window, choose DirectoryService and then select Processor as the Metric category and % Processor Time under Metric name. Select each instance of the metric, represented as the Domain Controller IP, for one Directory ID.
- Choose Create widget.
Note: if there are multiple directories in the same Region, all instances (domain controllers IPs) will be available for selection. To help ensure effective monitoring and alarms, create a separate dashboard for each directory.
- Choose the plus sign (+) at the top of the window to add more widgets. Repeat steps 1–6 to add additional widgets for other relevant metrics. In this example the metric categories and names added are:
- Processor: % Processor Time
- LogicalDisk: % Free Space
- Memory: Committed Bytes in Use
- Database: I/O Database Reads Average Latency
- Network Interface: Current Bandwidth
- DNS: Recursive Queries/Sec
- After adding the desired metrics, choose Save.
Figure 2: CloudWatch dashboard showing directory services metrics
(Optional) Create an alarm in CloudWatch
Now that you have a dashboard where you can view metrics, consider setting up CloudWatch alarms to alert you when a metric reaches or goes beyond a specified threshold. For more information, see Create a CloudWatch alarm based on a static threshold and Adding an alarm to a CloudWatch dashboard.
The following are recommended thresholds to monitor when determining the need to scale an AWS Managed Microsoft AD. These are general recommendations based on standard use cases. You might have to adjust these thresholds to make the best scaling decisions for your organization.
- Processor: % Processor Time: Monitor CPU utilization to understand computational demands on your domain controllers. Set CloudWatch alarms at 80% for a period of 5 minutes. Sustained high values indicate potential sizing issues that might require scaling out your directory.
- LogicalDisk: % Free Space: Maintain at least 25% free space on volumes containing Active Directory data for optimal performance. Set CloudWatch alarms to trigger when free space drops below 20%. Low disk space can severely impact directory operations and require implementing cleanup procedures or scaling up the directory.
- Network Interface: Current Bandwidth: Average network utilization should be kept below 50% of available bandwidth during peak operations for optimal directory responsiveness. Set CloudWatch alarms at 70% utilization to allow room for spikes in activity. Consistently high values suggest network constraints that might require scaling out your directory.
- Memory: Committed Bytes in Use: Monitor memory commitment levels to help ensure that your domain controllers have sufficient memory resources for Active Directory operations. This metric tracks the amount of virtual memory that has been committed, indicating the total memory load on your domain controllers. Set CloudWatch alarms at 80% of the commit limit. Sustained high values can lead to excessive paging, significantly degrading directory performance and potentially causing authentication delays.
- Database: I/O Database Reads Average Latency: Maintain average read latencies below 25 milliseconds. Set CloudWatch alarms at a threshold of 50 milliseconds. If read latencies are consistently elevated, consider scaling-out your directory.
- DNS: Recursive Queries/sec: Given the tight integration of Active Directory with DNS, monitor this metric for stability and predictable patterns. Use CloudWatch anomaly detection rather than fixed thresholds to identify unexpected behaviors that could indicate DNS configuration issues or potential security concerns.
Post-scaling considerations
Different resources across your architecture might contain references to the IP addresses of the AWS Managed Microsoft AD. After a scale-out operation that deploys additional domain controller instances on a directory, update existing references to maintain full functionality of workloads. References for the directory’s IP addresses can be found (but might not be limited to) the following services:
- Firewall rules
- Amazon Virtual Private Cloud (Amazon VPC) security groups
- Amazon Route 53 Resolver endpoint rules
- DNS conditional forwards
- CloudWatch dashboards
To maintain the full functionality of your workloads after a directory scaling operation, update the following:
- Firewall rules that allow traffic to and from the IP addresses of domain controller instances
- Route53 Resolver endpoint rules and DNS conditional forwarders that forward queries to the directory instances
- CloudWatch dashboards that display metric data about the directory to include dimensions for the new IP addresses
Clean up resources
In this post, you created components that generate costs. Clean up these resources when no longer required to avoid additional charges.
- Remove added domain controller’s IP addresses from firewall rules, resolver endpoint rules and DNS conditional forwarders.
- Delete the custom CloudWatch dashboards you don’t plan to keep.
- Scale back existing directories to the previous number of domain controller instances.
Conclusion
In this post, you learned how to monitor directory performance metrics using Amazon CloudWatch. By combining performance baselines, monitoring, and planning, you can make informed decisions about when and how to scale a directory safely and efficiently. By scaling directories in a timely manner, you can optimize efficiency and reduce the risk of outages by having a right-sized directory service to support your organization’s workloads.
Scale out your directory when your Active Directory-aware workflows have grown over time and the solution requires additional domain controller instances to maintain the service SLA. Scale up your directory when you require a feature that’s only available in Enterprise Edition AWS Managed Microsoft AD, such as multi-Region replication or additional storage to accommodate Active Directory objects. By using the flexible scaling capabilities and independent Regional expansion, you can optimize costs while maintaining appropriate service levels.
To learn more about AWS Managed Microsoft AD optimization and monitoring with Amazon CloudWatch, see:
Case study: Securing AI application supply chains
The rapid adoption of AI applications, including agents, orchestrators, and autonomous workflows, represents a significant shift in how software systems are built and operated. Unlike traditional applications, these systems are active participants in execution. They make decisions, invoke tools, and interact with other systems on behalf of users. While this evolution enables new capabilities, it also introduces an expanded and less familiar attack surface.
Security discussions often focus on prompt-level protections, and that focus is justified. However, prompt security addresses only one layer of risk. Equally important is securing the AI application supply chain, including the frameworks, SDKs, and orchestration layers used to build and operate these systems. Vulnerabilities in these components can allow attackers to influence AI behavior, access sensitive resources, or compromise the broader application environment.
The recent disclosure of CVE-2025-68664, known as LangGrinch, in LangChain Core highlights the importance of securing the AI supply chain. This blog uses that real-world vulnerability to illustrate how Microsoft Defender posture management capabilities can help organizations identify and mitigate AI supply chain risks.
Case example: Serialization injection in LangChain (CVE-2025-68664)
A recently disclosed vulnerability in LangChain Core highlights how AI frameworks can become conduits for exploitation when workloads are not properly secured. Tracked as CVE-2025-68664 and commonly referred to as LangGrinch, this flaw exposes risks associated with insecure deserialization in agentic ecosystems that rely heavily on structured metadata exchange.
Vulnerability summary
CVE-2025-68664 is a serialization injection vulnerability affecting the langchain-core Python package. The issue stems from improper handling of internal metadata fields during the serialization and deserialization process. If exploited, an attacker could:
- Extract secrets such as environment variables without authorization
- Instantiate unintended classes during object reconstruction
- Trigger side effects through malicious object initialization
The vulnerability carries a CVSS score of 9.3, highlighting the risks that arise when AI orchestration systems do not adequately separate control signals from user-supplied data.
Understanding the root cause: The lc marker
LangChain utilizes a custom serialization format to maintain state across different components of an AI chain. To distinguish between standard data and serialized LangChain objects, the framework uses a reserved key called lc. During deserialization, when the framework encounters a dictionary containing this key, it interprets the content as a trusted object rather than plain user data.
The vulnerability originates in the dumps() and dumpd() functions in affected versions of the langchain-core package. These functions did not properly escape or neutralize the lc key when processing user-controlled dictionaries. As a result, if an attacker is able to inject a dictionary containing the lc key into a data stream that is later serialized and deserialized, the framework may reconstruct a malicious object.
This is a classic example of an injection flaw where data and control signals are not properly separated, allowing untrusted input to influence the execution flow.
Mitigation and protection guidance
Microsoft recommends that all organizations using LangChain review their deployments and apply the following mitigations immediately.
1. Update LangChain Core
The most effective defense is to upgrade to a patched version of the langchain-core package.
- For 0.3.x users: Update to version 0.3.81 or later.
- For 1.x users: Update to version 1.2.5 or later.
2. Query the security explorer to identify any instances of LangChain in your environment
To identify instances of LangChain package in the assets protected by Defender for Cloud, customers can use the Cloud Security Explorer:

*Identification in cloud compute resources requires Defender CSPM / Defender for Containers / Defender for Servers plan.
*Identification in code environment requires connecting your code environment to Defender for Cloud Learn how to set up connectors
3. Remediate based on Defender for Cloud recommendations across the software development cycle: Code, Ship, Runtime
*Identification in cloud compute resources requires Defender CSPM / Defender for Containers / Defender for Servers plan.
*Identification in code environment requires connecting your code environment to Defender for Cloud Learn how to set up connectors
4. Create GitHub issues with runtime context directly from Defender for Cloud, track progress, and use Copilot coding agent for AI-powered automated fix

Learn more about Defender for Cloud seamless workflows with GitHub to shorten remediation times for security issues.
Microsoft Defender XDR detections
Microsoft security products provide several layers of defense to help organizations identify and block exploitation attempts related to AI vulnerable software.
Microsoft Defender provides visibility into vulnerable AI workloads through its Cloud Security Posture Management (Defender CSPM).
Vulnerability Assessment: Defender for Cloud scanners have been updated to identify containers and virtual machines running vulnerable versions of langchain-core. Microsoft Defender is actively working to expand coverage to additional platforms and this blog will be updated when more information is available.

Hunting queries
Microsoft Defender XDR
Security teams can use the advanced hunting capabilities in Microsoft Defender XDR to proactively look for indicators of exploitation. A common sign of exploitation is a Python process associated with LangChain attempting to access sensitive environment variables or making unexpected network connections immediately following an LLM interaction.
The following Kusto Query Language (KQL) query can be used to identify devices that are using the vulnerable software:
DeviceTvmSoftwareInventory
| where SoftwareName has "langchain"
and (
// Lower version ranges
SoftwareVersion startswith "0."
and toint(split(SoftwareVersion, ".")[1]) References
- NVD - CVE-2025-68664
- All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) - Cyata | The Control Plane for Agentic Identity
- fix(core): serialization patch by mdrxy · Pull Request #34458 · langchain-ai/langchain · GitHub
- fix(core): serialization patch by ccurme · Pull Request #34455 · langchain-ai/langchain · GitHub
- What is Cloud Security Posture Management (CSPM) - Microsoft Defender for Cloud | Microsoft Learn
- Build queries with cloud security explorer - Microsoft Defender for Cloud | Microsoft Learn
This research is provided by Microsoft Defender Security Research with contributions from Tamer Salman, Astar Lev, Yossi Weizman, Hagai Ran Kestenberg, and Shai Yannai.
Learn more
Review our documentation to learn more about our real-time protection capabilities and see how to enable them within your organization.
Learn more about securing Copilot Studio agents with Microsoft Defender
Learn more about Protect your agents in real-time during runtime (Preview) – Microsoft Defender for Cloud Apps | Microsoft Learn
Explore how to build and customize agents with Copilot Studio Agent Builder
The post Case study: Securing AI application supply chains appeared first on Microsoft Security Blog.
Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
The ShinyHunters ransomware group has claimed the theft of data containing 10 million records belonging to the Match Group and 14 million records from bakery-café chain Panera Bread.

The Match Group, that runs multiple popular online dating services like Tinder, Match.com, Meetic, OkCupid, and Hinge has confirmed a cyber incident and is investigating the data breach.
Panera Bread also confirmed that an incident occurred and has alerted authorities. “The data involved is contact information,” it said in an emailed statement to Reuters.
ShinyHunters seems to be gaining access through Single-Sign-On (SSO) platforms and using voice-cloning techniques, which has resulted in a growing number of breaches across different companies. However, not all of these breaches have the same impact.
The impact
For the Match Group, ShinyHunters claims:
“Over 10 million records of Hinge, Match, and OkCupid usage data from Appsflyer and hundreds of internal documents.”
Match says there is no evidence that logins, financial data, or private chats were stolen, but Personally Identifiable Information (PII) and tracking data for some users are in scope. A notification process has been set in motion.
For Panera Bread, ShinyHunters claims to have compromised 14 million records containing PII.
Panera Bread reassures users that there is no indication that the hackers accessed user login credentials, financial information, or private communications.
ShinyHunters also breached Bumblr, Carmax, and Edmunds among others, but I wanted to use Panera Bread and the Match Group as two examples that have very different consequences for users.
When your activity on a dating app is compromised, the impact can be deeply personal. Concerns can range from partners, family members, or employers discovering dating profiles to the risk of doxxing. For many people, stigma around certain apps can lead to fears of being outed, accused of infidelity, or even extorted.
The impact of the Panera Bread breach will be very different. “I just ordered a sandwich and now some criminals have my home address?” Data like this is useful to enrich existing data sets. And the more they know, the easier and better they can target you in phishing attempts.
Protecting yourself after a data breach
If you think you have been affected by a data breach, here are steps you can take to protect yourself:
- Check the company’s advice. Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for impersonators. The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.
- Set up identity monitoring, which alerts you if your personal information is found being traded illegally online and helps you recover after.
You can use Malwarebytes’ free Digital Footprint scan to find out if your private information is exposed online.
We don’t just report on threats—we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.
Incentivizing Cybercrime Disruption: Inside Fortinet’s World Economic Forum Annual Meeting 2026 Panel
Celebrating our 2025 open-source contributions
Last year, our engineers submitted over 375 pull requests that were merged into non–Trail of Bits repositories, touching more than 90 projects from cryptography libraries to the Rust compiler.
This work reflects one of our driving values: “share what others can use.” The measure isn’t whether you share something, but whether it’s actually useful to someone else. This principle is why we publish handbooks, write blog posts, and release tools like Claude skills, Slither, Buttercup, and Anamorpher.
But this value isn’t limited to our own projects; we also share our efforts with the wider open-source community. When we hit limitations in tools we depend on, we fix them upstream. When we find ways to make the software ecosystem more secure, we contribute those improvements.
Most of these contributions came out of client work—we hit a bug we were able to fix or wanted a feature that didn’t exist. The lazy option would have been forking these projects for our needs or patching them locally. Contributing upstream instead takes longer, but it means the next person doesn’t have to solve the same problem. Some of our work is also funded directly by organizations like the OpenSSF and Alpha-Omega, who we collaborate with to make things better for everyone.
Key contributions
- Sigstore rekor-monitor: rekor-monitor verifies and monitors the Rekor transparency log, which records signing events for software artifacts. With funding from OpenSSF, we’ve been getting rekor-monitor ready for production use. We contributed over 40 pull requests to the Rekor project this year, including support for custom certificate authorities and support for the new Rekor v2. We also added identity monitoring for Rekor v2, which lets package maintainers configure monitored certificate subjects and issuers and then receive alerts whenever matching entries appear in the log. If someone compromises your release process and signs a malicious package with your identity, you’ll know.
- Rust compiler and rust-clippy: Clippy is Rust’s official linting tool, offering over 750 lints to catch common mistakes. We contributed over 20 merged pull requests this year. For example, we extended the
implicit_clonelint to handleto_string()calls, which let us deprecate the redundantstring_to_stringlint. We added replacement suggestions todisallowed_methodsso that teams can suggest alternatives when flagging forbidden API usage, and we added path validation fordisallowed_*configurations so that typos don’t silently disable lint rules. We also extended theQueryStabilitylint to handleIntoIteratorimplementations in rustc, which catches nondeterminism bugs in the compiler. The motivation came from a real issue we spotted: iteration order over hash maps was leaking into rustdoc’s JSON output. - pyca/cryptography: pyca/cryptography is Python’s most widely used cryptography library, providing both high-level recipes and low-level interfaces to common algorithms. With funding from Alpha-Omega, we landed 28 pull requests this year. Our work was aimed at adding a new ASN.1 API, which lets developers define ASN.1 structures using Python decorators and type annotations instead of wrestling with raw bytes or external schema files. Read more in our blog post “Sneak peek: A new ASN.1 API for Python.”
- hevm: hevm is a Haskell implementation of the Ethereum Virtual Machine. It powers both the symbolic and concrete execution in Echidna, our smart contract fuzzer. We contributed 14 pull requests this year, mostly focused on performance: we added cost centers to individual opcodes to ease profiling, optimized memory operations, and made stack and program counter operations strict, which got us double-digit percentage improvements on concrete execution benchmarks. We also implemented cheatcodes like
toStringto improve hevm’s compatibility with Foundry. - PyPI Warehouse: Warehouse powers the Python Package Index (PyPI), which serves over a billion package downloads per day. We continued our long-running collaboration with PyPI and Alpha-Omega, shipping project archival support so that maintainers can signal when packages are no longer actively maintained. We also cut the test suite runtime by 81%, from 163 to 30 seconds, even as test coverage grew to over 4,700 tests.
- pwndbg: pwndbg is a GDB and LLDB plugin that makes debugging and exploit development less painful. Last year, we packaged LLDB support for distributions and improved decompiler integration. We also contributed pull requests to other tools in the space, including pwntools, angr, and Binary Ninja’s API.
A merged pull request is the easy part. The hard part is everything maintainers do before and after: writing extensive documentation, keeping CI green, fielding bug reports, explaining the same thing to the fifth person who asks. We get to submit a fix and move on. They’re still there a year later, making sure it all holds together.
Thanks to everyone who shaped these contributions with us, from first draft to merge. See you next year.
Trail of Bits’ 2025 open-source contributions
AI/ML
- Repo: majiayu000/litellm-rs
- Repo: mlflow/mlflow
- Repo: simonw/llm
- Repo: sst/opencode
Cryptography
- Repo: C2SP/x509-limbo
- By woodruffw
- #381: deps: pin oscrypto to a git ref
- #382: dependabot: use groups
- #385: add webpki::nc::nc-permits-dns-san-pattern
- #386: chore: switch to uv
- #387: chore: clean up the site a bit
- #414: chore: fixup rustls-webpki API usage
- #418: add openssl-3.5 harness
- #419: perf: remove PEM bundles from site render
- #420: pyca: harness: fix max_chain_depth condition
- #434: chore(ci): arm64 runners, pinact
- #435: mkdocs: disable search
- #437: chore: bump limbo
- #445: feat: add CRL builder API
- #446: fix: avoid a redundant condition + bogus type ignore
- By woodruffw
- Repo: certbot/josepy
- Repo: pyca/cryptography
- By facutuesca
- #12807: Update license metadata in
pyproject.tomlaccording to PEP 639 - #13325: Initial implementation of ASN.1 API
- #13449: Add decoding support to ASN.1 API
- #13476: Unify ASN.1 encoding and decoding tests
- #13482: asn1: Add support for bytes, str and bool
- #13496: asn1: Add support for
PrintableString - #13514: x509: rewrite datetime conversion functions
- #13513: asn1: Add support for
UtcTimeandGeneralizedTime - #13542: asn1: Add support for
OPTIONAL - #13570: Fix coverage for declarative_asn1/decode.rs
- #13571: Fix some coverage for declarative_asn1/types.rs
- #13573: Fix coverage for
type_to_tag - #13576: Fix more coverage for declarative_asn1/types.rs
- #13580: Fix coverage for pyo3::DowncastIntoError conversion
- #13579: Fix coverage for declarative_asn1::Type variants
- #13562: asn1: Add support for
DEFAULT - #13735: asn1: Add support for
IMPLICITandEXPLICIT - #13894: asn1: Add support for
SEQUENCE OF - #13899: asn1: Add support for
SIZEtoSEQUENCE OF - #13908: asn1: Add support for
BIT STRING - #13985: asn1: Add support for
IA5String - #13986: asn1: Add TODO comment for uses of
PyStringMethods::to_cow - #13999: asn1: Add
SIZEsupport toBIT STRING - #14032: asn1: Add
SIZEsupport toOCTET STRING - #14036: asn1: Add
SIZEsupport toUTF8String - #14037: asn1: Add
SIZEsupport toPrintableString - #14038: asn1: Add
SIZEsupport toIA5String
- #12807: Update license metadata in
- By woodruffw
- By facutuesca
- Repo: tamarin-prover/tamarin-prover
Languages and compilers
- Repo: airbus-cert/tree-sitter-powershell
- Repo: cdisselkoen/llvm-ir
- Repo: hyperledger-solang/solang
- By smoelius
- #1680: Fixes two
elided_named_lifetimeswarnings - #1788: Fix typo in codegen/dispatch/polkadot.rs
- #1778: Check command statuses in build.rs
- #1779: Fix two infinite loops in codegen
- #1791: Fix typos in tests/polkadot.rs
- #1793: Fix a small typo affecting
Expression::GetRef - #1802: Rename
binarytobin - #1801: Handle
abi.encode()with empty args - #1800: Store
Namespacereference inBinary - #1837: Silence
mismatched_lifetime_syntaxeslint
- #1680: Fixes two
- By smoelius
- Repo: llvm/clangir
- By wizardengineer
- #1859: [CIR] Fix parsing of #cir.unwind and cir.resume for catch regions
- #1861: [CIR] Added support for
__builtin_ia32_pshufd - #1874: [CIR] Add CIRGenFunction::getTypeSizeInBits and use it for size computation
- #1883: [CIR] Added support for
__builtin_ia32_pslldqi_byteshift - #1964: [CIR] [NFC] Using types explicitly for
pslldqiconstruct - #1886: [CIR] Add support for
__builtin_ia32_psrldqi_byteshift - #2055: [CIR] Backport FileScopeAsm support from upstream
- By wizardengineer
- Repo: rust-lang/rust
Libraries
- Repo: alex/rust-asn1
- Repo: bytecodealliance/wasi-rs
- Repo: cargo-public-api/cargo-public-api
- Repo: di/id
- Repo: di/pip-api
- Repo: fardream/go-bcs
- Repo: frewsxcv/rust-crates-index
- Repo: luser/strip-ansi-escapes
- Repo: psf/cachecontrol
- Repo: tafia/quick-xml
Tech infrastructure
- Repo: Homebrew/homebrew-core
- Repo: NixOS/nixpkgs
- Repo: google/oss-fuzz
- Repo: microsoft/vcpkg
- Repo: microsoft/vcpkg-tool
Software testing tools
- Repo: AFLplusplus/AFLplusplus
- Repo: advanced-security/monorepo-code-scanning-action
- Repo: github/codeql
- Repo: oli-obk/ui_test
- Repo: pypa/abi3audit
- Repo: rust-fuzz/cargo-fuzz
- Repo: rust-lang/cargo
- Repo: rust-lang/rust-clippy
- By smoelius
- #13894: Move
format_push_stringandformat_collectto pedantic - #13669: Two improvements to
disallowed_* - #13893: Add
unnecessary_debug_formattinglint - #13931: Add
ignore_without_reasonlint - #14280: Rename
inconsistent_struct_constructorconfiguration; don’t suggest deprecated configurations - #14376: Make
visit_maphappy path more evident - #14397: Validate paths in
disallowed_*configurations - #14529: Fix a typo in derive.rs comment
- #14733: Don’t warn about unloaded crates
- #14360: Add internal lint
derive_deserialize_allowing_unknown - #15090: Fix typo in tests/ui/missing_const_for_fn/const_trait.rs
- #15357: Fix typo non_std_lazy_statics.rs
- #14177: Extend
implicit_cloneto handleto_stringcalls - #15440: Correct
needless_borrow_for_generic_argsdoc comment - #15592: Commas to semicolons in clippy.toml reasons
- #15862: Allow
explicit_writein tests - #16114: Allow multiline suggestions in
map-unwrap-or
- #13894: Move
- By smoelius
- Repo: rust-lang/rustup
- Repo: zizmorcore/zizmor
Blockchain software
- Repo: anza-xyz/agave
- Repo: argotorg/hevm
- By elopez
- #612: Cleanups in preparation of GHC 9.8
- #663: tests: run
evmon its own directory - #707: Optimize memory representation and operations
- #729: Optimize
maybeLit{Byte,Word,Addr}SimpandmaybeConcStoreSimp - #738: Fix Windows CI build
- #744: Add benchmarking with Solidity examples
- #737: Use
Storablevectors for memory - #760: Avoid fixpoint for literals and concrete storage
- #789: Optimized OpSwap
- #803: Add cost centers to opcodes, optimize
- #808: Optimize
word256Bytes,word160Bytes - #838: Implement
toStringcheatcode - #846: Bump dependency upper bounds
- #883: Fix GHC 9.10 warnings
- By elopez
- Repo: hellwolf/solc.nix
- Repo: rappie/fuzzer-gas-metric-benchmark
Reverse engineering tools
- Repo: Gallopsled/pwntools
- Repo: Vector35/binaryninja-api
- Repo: angr/angr
- Repo: angr/angrop
- Repo: frida/frida-gum
- Repo: jonpalmisc/screenshot_ninja
- Repo: pwndbg/pwndbg
- Repo: quarkslab/quokka
Software analysis/transformation tools
- Repo: pygments/pygments
- Repo: quarkslab/bgraph
Packaging ecosystem/supply chain
- Repo: Homebrew/.github
- Repo: Homebrew/actions
- Repo: Homebrew/brew
- Repo: Homebrew/brew-pip-audit
- Repo: Homebrew/brew.sh
- Repo: Homebrew/homebrew-cask
- Repo: Homebrew/homebrew-command-not-found
- Repo: PyO3/maturin
- Repo: conda/schemas
- Repo: ossf/wg-securing-software-repos
- Repo: pypa/gh-action-pip-audit
- Repo: pypa/gh-action-pypi-publish
- Repo: pypa/packaging.python.org
- Repo: pypa/pip-audit
- Repo: pypa/twine
- Repo: pypi/pypi-attestations
- By facutuesca
- #82: Add
pypi-attestations verify pypiCLI subcommand - #83: chore: prep 0.0.21
- #86: cli: Support verifing
*.slsa.attestationattestation files - #87: cli: Support friendlier syntax for
verify pypicommand - #98: Support local files in
verify pypisubcommand - #103: Simplify test assets and include them in package
- #104: Add API and CLI option for offline (no TUF refresh) verification
- #105: Add CLI subcommand to convert Sigstore bundles to attestations
- #119: Add pull request template
- #120: Update license fields in pyproject.toml
- #128: chore: prep v0.0.27
- #145: chore: prep v0.0.28
- #151: Fix lint and remove support for Python 3.9
- #150: Add cooldown to dependabot updates
- #152: Add zizmor to CI
- #153: Remove unneeded permissions from zizmor workflow
- #82: Add
- By woodruffw
- #94: _cli:
make reformat - #99: chore: prep v0.0.22
- #109: bugfix: impl: require at least one of the source ref/sha extensions
- #110: pypi_attestations: bump version to 0.0.23
- #114: feat: add support for Google Cloud-based Trusted Publishers
- #115: chore: prep for release v0.0.24
- #118: chore: release: v0.0.25
- #122: chore(ci): uvx gha-update
- #124: fix: remove ultranormalization of distribution filenames
- #125: chore: prep for release v0.0.26
- #127: bugfix: compare distribution names by parsed forms
- #94: _cli:
- By facutuesca
- Repo: pypi/warehouse
- By DarkaMaul
- By facutuesca
- #17391: docs: add details of how to verify provenance JSON files
- #17438: Add archived badges to project’s settings page
- #17484: Add blog post for archiving projects
- #17532: Simplify archive/unarchive UI buttons
- #17405: Improve error messages when a pending Trusted Publisher’s project name already exists
- #17576: Check for existing Trusted Publishers before constraining existing one
- #18168: Add workaround in dev docs for issue with OpenSearch image
- #18221: chore(deps): bump pypi-attestations from 0.0.26 to 0.0.27
- #18169: oidc: Refactor lookup strategies into single functions
- #18338: oidc: fix bug when matching GitLab environment claims
- #18884: Update URL for
pypi-attestationsrepository - #18888: Update
pypi-attestationstov0.0.28
- By woodruffw
- #17453: history: render project archival enter/exit events
- #17498: integrity: refine Accept header handling
- #17470: metadata: initial PEP 753 bits
- #17514: docs/api: clean up Upload API docs slightly
- #17571: profile: add archived projects section
- #17716: docs: new and shiny storage limit docs
- #17913: requirements: bump pypi-attestations to 0.0.23
- #18113: chore(docs): add social links for Mastodon and Bluesky
- #18163: docs(dev): add meta docs on writing docs
- #18164: docs: link to PyPI user docs more
- Repo: python/peps
- Repo: sigstore/architecture-docs
- Repo: sigstore/community
- Repo: sigstore/cosign
- Repo: sigstore/fulcio
- Repo: sigstore/gh-action-sigstore-python
- Repo: sigstore/protobuf-specs
- Repo: sigstore/rekor
- Repo: sigstore/rekor-monitor
- By facutuesca
- #685: Fix Makefile and README
- #689: Make CLI args for configuration path/string mutually exclusive
- #688: Add support for CT log entries with Precertificates
- #695: Fetch public keys using TUF
- #705: Initial support for Rekor v2
- #729: Handle sharding of Rekor v2 log while monitor runs
- #752: Use
int64for index types - #751: Add identity monitoring for Rekor v2
- #827: Add cooldown to dependabot updates
- #828: Update codeql-action
- By ret2libc
- #717: ci: wrap inputs.config in ct_reusable_monitoring
- #718: doc: correct usage of ct log monitoring workflow
- #724: pkg/rekor: handle signals inside long op GetEntriesByIndexRange
- #723: Deduplicate ct/rekor monitoring reusable workflows
- #725: Refactor IdentitySearch logic between ct and rekor
- #726: Deduplicate ct and rekor monitors
- #727: Fix once behaviour
- #730: cmd/rekor_monitor: accept custom TUF
- #736: pkg/notifications: make Notifications more customazible
- #739: Add a few tests for the main monitor loop
- #742: internal/cmd/common_test: fix TestMonitorLoop_BasicExecution
- #741: Add config validation
- #743: Fix monitor loop behaviour when using once without a prev checkpoint
- #738: Report failed entries
- #745: internal/cmd: fix common tests after merging
- #740: Split the consistency check and the checkpoint writing
- #746: cmd: fix WriteCheckpointFn when no previous checkpoint
- #748: Small refactoring
- #749: internal/cmd: Use interface instead of callbacks
- #750: internal/cmd: remove unused MonitorLoopParams struct
- #763: pkg/util/file: write only one checkpoint
- #764: Add trusted CAs for filtering matched identities
- #771: Fix bug with missing entries when regex were used
- #773: pkg/identity: simplify CreateMonitoredIdentities function
- #770: Check Certificate chain in CTLogs
- #777: Refactor IdentitySearch args
- #776: ci: add release workflow
- #778: Parsable output
- #786: Improve README by explaining config file
- By facutuesca
- Repo: sigstore/rekor-tiles
- Repo: sigstore/sigstore
- Repo: sigstore/sigstore-conformance
- Repo: sigstore/sigstore-go
- Repo: sigstore/sigstore-python
- By woodruffw
- Repo: sigstore/sigstore-rekor-types
- Repo: synacktiv/DepFuzzer
- Repo: wolfv/ceps
Others
- Repo: AzureAD/microsoft-authentication-extensions-for-python
- Repo: SchemaStore/schemastore
- Repo: google/gvisor
- Repo: oli-obk/cargo_metadata
- Repo: ossf/alpha-omega
- Repo: rustsec/advisory-db
TikTok’s privacy update mentions immigration status. Here’s why.
In 2026, could any five words be more chilling than “We’re changing our privacy terms?”
The timing could not have been worse for TikTok US when it sent millions of US users a mandatory privacy pop-up on January 22. The message forced users to accept updated terms if they wanted to keep using the app. Buried in that update was language about collecting “citizenship or immigration status.”
Specifically, TikTok said:
“Information You Provide may include sensitive personal information, as defined under applicable state privacy laws, such as information from users under the relevant age threshold, information you disclose in survey responses or in your user content about your racial or ethnic origin, national origin, religious beliefs, mental or physical health diagnosis, sexual life or sexual orientation, status as transgender or nonbinary, citizenship or immigration status, or financial information.”
The internet reacted badly. TikTok users took to social media, with some suggesting that TikTok was building a database of immigration status, and others pledging to delete their accounts. It didn’t help that TikTok’s US operation became a US-owned company on the same day, with Senator Ed Markey (D-Mass.) criticizing what he sees as a lack of transparency around the deal.
A legal requirement
In this case, things are may be less sinister than you’d think. The language is not new—it first appeared around August 2024. And TikTok is not asking users to provide their immigration status directly.
Instead, the disclosure covers sensitive information that users might voluntarily share in videos, surveys, or interactions with AI features.
The change appears to be driven largely by California’s AB-947, signed in October 2023. The law added immigration status to the state’s definition of sensitive personal information, placing it under stricter protections. Companies are required to disclose how they process sensitive personal information, even if they do not actively seek it out.
Other social media companies, including Meta, do not explicitly mention immigration status in their privacy policies. According to TechCrunch, that difference likely reflects how specific their disclosure language is—not a meaningful difference in what data is actually collected.
One meaningful change in TikTok’s updated policy does concern location tracking. Previous versions stated that TikTok did not collect GPS data from US users. The new policy says it may collect precise location data, depending on user settings. Users can reportedly opt out of this tracking.
Read the whole board, not just one square
So, does this mean TikTok—or any social media company—deserves our trust? That’s a harder question.
There are still red flags. In April, TikTok quietly removed a commitment to notify users before sharing data with law enforcement. According to Forbes, the company has also declined to say whether it shares, or would share, user data with agencies such as the Department of Homeland Security (DHS) or Immigration and Customs Enforcement (ICE).
That uncertainty is the real issue. Social media companies are notorious for collecting vast amounts of user data, and for being vague about how it may be used later. Outrage over a particularly explicit disclosure is understandable, but the privacy problem runs much deeper than a single policy update from one company.
People have reason to worry unless platforms explicitly commit to not collecting or inferring sensitive data—and explicitly commit to not sharing it with government agencies. And even then, skepticism is healthy. These companies have a long history of changing policies quietly when it suits them.
We don’t just report on data privacy—we help you remove your personal information
Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.
Understanding the Russian Cyberthreat to the 2026 Winter Olympics
Russia's current isolation from the Olympics may lead to increased cyberthreats targeting the 2026 Winter Games. We discuss the potential threat picture.
The post Understanding the Russian Cyberthreat to the 2026 Winter Olympics appeared first on Unit 42.

