We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.
The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.
CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected proxy components and bypass security controls. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data, or full compromise of all data accessible through the affected servers.
The vulnerability affects multiple supported versions, including:
Key aspects of the vulnerability include:
Since this CVE’s release, we’ve seen:
The definitive remediation for CVE-2026-21962 is applying Oracle’s January 2026 Critical Patch Update for all affected versions. Administrators should prioritize this patch given the severity of the issue.
Imperva customers using both CWAF and WAF Gateway are protected out-of-the-box.
CVE-2026-21962 represents a critical perimeter security risk for organizations running Oracle HTTP Server and WebLogic Proxy Plug-in components. Its combination of unauthenticated access, low attack complexity, and maximum CVSS rating makes it a high-priority patching and detection concern.
Imperva customers are protected against exploitation techniques associated with this vulnerability through our web application firewall and advanced HTTP traffic inspection capabilities. For any Oracle HTTP Server and WebLogic Proxy Plug-in users still running legacy proxy deployments, we strongly advise accelerating patch deployment and reviewing exposure based on your internal telemetry.
The post Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic appeared first on Blog.
We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser.
The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42.
We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks.
The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42.
We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA.
The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42.
Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained strength in online shopping. Yet behind this surge in legitimate traffic, retailers also faced a sharp rise in automated abuse, account takeover attempts, and reconnaissance across their digital storefronts.
This post breaks down what we saw across our network during the Black Friday period, including traffic trends, attack behavior, targeted geographies, and insights retailers can apply to strengthen their defenses ahead of the holiday home stretch.
Retail traffic surged 37% above November averages, peaking on Black Friday but continuing into the weekend of November 29–30. Traditionally, traffic dips slightly on Saturday before building again on Cyber Monday, but this year showed a clear shift: shoppers kept buying throughout the weekend. This aligns with broader retail trends showing consumers taking advantage of longer promotional windows rather than concentrating purchases on a single day.
For retailers, this means the “peak” period is expanding- and with it, the window of exposure to cyber threats.
Alongside legitimate traffic, bot attacks on retail sites spiked 50% over the November average. The timing closely tracked promotional activity, suggesting attackers were attempting to exploit increased consumer volume to blend in and avoid detection.
Broadly, these bots targeted:
This behavior reflects typical seasonal abuse campaigns: credential stuffing to hijack accounts, automated scraping to gain pricing or inventory intelligence, and attempts to manipulate promotions or loyalty flows.
Malicious traffic during Black Friday was heavily concentrated in three markets: the US (46%), Australia (12%), and the UK (11%). These regions represent some of the world’s most active e-commerce ecosystems, and attackers mirrored legitimate consumer behavior by focusing on markets with the highest transaction volumes and promotional activity.
The US, in particular, drew nearly half of all observed attacks, consistent with its dominant share of global Black Friday spending. Australia and the UK followed, reflecting strong regional participation in holiday sales events and an attacker strategy aimed at exploiting high-demand markets where automated activity can more easily blend in with legitimate traffic.
For retailers operating in these geographies, the data underscores the importance of region-aware threat monitoring and the need to maintain heightened vigilance throughout the extended holiday weekend.
Based on attacker activity observed over the holiday shopping weekend, several clear patterns emerged, showing a mix of high-volume automation, credential-based attacks, and spam and proxy abuse. Overall, the attack data suggests that adversaries were focused on the following behaviors:
A significant portion of malicious traffic came from known automated frameworks, including headless browsers and scripted tools designed to mimic real users. This type of activity typically supports:
Attackers were industrializing their activity using automation that can rapidly adapt during peak events.
We observed high levels of activity associated with login reconnaissance and credential-testing behavior, indicating attempts to stage or execute ATO. Attackers were:
This aligns with typical seasonal fraud behavior, where attackers target stored payment methods, loyalty balances, and customer identities.
A large volume of traffic originated from anonymous proxies, VPNs, and other anonymization services, combined with indicators of client spoofing meant to disguise automation. Attackers were:
In response, much of this traffic triggered JavaScript challenges or CAPTCHA enforcement, forcing suspicious clients to prove they were human.
We also observed activity consistent with comment spam, referrer manipulation, and other low-effort abuse aimed at exploiting retail sites as platforms for unwanted advertising or redirection. This typically includes:
While not as immediately damaging as ATO, these campaigns can harm site performance, customer trust, and brand analytics.
Black Friday 2025 reinforced several themes:
This year’s Black Friday illustrated both consumer resilience and the evolving sophistication of attackers. Retailers saw new sales records, and attackers took advantage of the same moment to blend in, scale operations, and probe for weaknesses.
As the holiday season continues, retailers should ensure that defenses are calibrated for:
By understanding the patterns we saw during Black Friday, retailers can prepare for the continued wave of holiday traffic and ensure a safer, smoother experience for their customers through the end of the year.
The post Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season appeared first on Blog.
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks.
We identified a new way external Jupyter notebooks could be exploited by threat actors to lure unsuspecting users and compromise their workstation.
Companies are recommended to use a centralized Jupyter server, stay up to date and strictly restrict external files susceptible to processing with Jupyter software.
Jupyter notebook is quite an institution in the development of AI projects. Back in 2015, around 200,000 notebooks were publicly available on GitHub—by early 2021 that number had surged to nearly 10 million. Used by more than 80 % of data scientists and AI engineers worldwide, Jupyter is deeply embedded in every stage of AI workflows, from exploratory analysis and visualization to model prototyping and collaboration.
When investigating this ecosystem, our approach was to try to imagine where a threat actor could find his way through, and leverage functionalities to exploit victims’ environments. The first direction came surprisingly easily: the configuration files.
Configuration files are often considered innocuous. However, they may include obscure parameters that most users aren’t aware of. Ignoring them would be a critical mistake.
Config files have led to vulnerabilities in many other instances. For example, in VSCode’s IDE, the .vscode/settings.json config file was also a key component in multiple high severity vulnerabilities discovered (CVE‑2021‑34529 , CVE‑2025‑53773 or CVE-2025-54130).
One specificity of the Jupyter ecosystem that makes this attack vector even more interesting is the fact that configuration files are also perfectly valid Python executables- making them easier to exploit.
The most common configuration file is jupyter_notebook_config.py, typically found in the user-specific configuration directory (~/.jupyter/). It’s responsible for defining core Notebook server settings such as network bindings, authentication options, file system paths, and various security-related parameters. However, other config files may also be used depending on the component, such as jupyter_nbconvert_config.py for export settings, or jupyter_server_config.py for Jupyter Server.
Configuration files can actually exist in any directory, allowing for layered overrides. Available options cover a wide range of functionality, from UI behavior and authentication to kernel management, export formats, logging, and more. This approach gives users fine-grained control over the entire Jupyter ecosystem.
For example:
c = get_config() c.NotebookApp.port = 8888 c.FileContentsManager.save_script = True
However, acknowledging a high severity impact, Jupyter decided in October 2022 to remove CWD from the config paths, reducing the risk presented significantly.
This was the starting point of our research. We started searching for a similar or stronger way to exploit the same idea: having a file whose name is not constrained adjacent to a jupyter notebook, assuming an unsuspecting user would trigger an innocuous operation on a perfectly legit Jupyter notebook on the official Jupyter software and inadvertently allow full system compromise.
And this is exactly what we found by investigating the official export tool of Jupyter, nbconvert.
The vulnerability we discovered allows arbitrary code execution on Windows machines when exporting a notebook to PDF. By placing a properly named, malicious script in the notebook folder location, an attacker could hijack the conversion process and execute code with the privileges of the user.
When a Jupyter notebook containing SVG output is exported via nbconvert, the svg2pdf.py preprocessor is triggered to convert SVG images via the Inkscape tool. During this process, the path to Inkscape executable is resolved using Python’s shutil.which() via the following expression:
Logininkscape_path = which("inkscape")
without including inkscape anywhere as a mandatory nbconvert dependency. This opened the door to unintended code execution as the following figure shows:
Fig. 1: High level flow of exploitation of the security issue
shutil.which behavior is controlled internally by the Windows API function NeedCurrentDirectoryForExePathW, which returns TRUE (include CWD) when the NoDefaultCurrentDirectoryInExePath environment variable is not set, which is the default configuration on standard Windows installations.
In Python versions earlier than 3.12, `shutil.which()` ignores the `NoDefaultCurrentDirectoryInExePath` environment variable entirely, making it impossible to prevent this unsafe search behavior through configuration.
Python 3.12 and later versions properly respect this environment variable when set, but the variable remains unset by default on Windows systems, leaving many vulnerable.
Since nbconvert officially supports Python versions starting from 3.9, it includes versions that are affected by this issue both ways.
This unsafe lookup behavior aligns with CWE-427: Uncontrolled Search Path Element. Therefore, we recommended disabling the searching of inkscape software from CWD and relying on fixed safe search places.
Upon receiving our report, the Jupyter team reproduced the issue, acknowledged the associated risk, and requested a CVE (see below). A discussion was then initiated regarding how to fix the issue. However, the Jupyter team eventually stopped responding to our messages and has not addressed the issue to date.
CVE-2025-53000 has been assigned to this vulnerability. At the time of publication, the Github advisory has not yet been released by the maintainers.
Because export functionality is commonly used and generally trusted, it presents an attractive target for attackers, and especially in environments where notebooks are frequently shared—such as academic research groups, data science teams, or educational institutions—the potential for exploitation increases substantially.
Eventually, following our 90-day policy, we decided to publish this advisory to help protect the community.
The following demonstration video was recorded on a Windows 10 Enterprise x64 machine with default settings, using miniconda3 and Python 3.13.9, using the latest available Jupyter software versions, including:
Jupyter Core 5.9.1, nbconvert 7.16.6, and Notebook 7.5.0
Once successfully triggered, this vulnerability gives the attacker arbitrary code-execution in the context of the user. This immediately impacts confidentiality, integrity, and availability, as the attacker can access, modify, or disrupt the user’s data and workflows. On typical Windows data-science workstations, victim accounts almost always have:
This potentially amplifies the radius of compromise, allowing its effects to spread beyond the initial workstation.
Companies are recommended to rely on a centralized Jupyter server, ensure that all Jupyter-related software remains up to date, and enforce strict restrictions on external files that may be processed through Jupyter tools.
It is also recommended to enable the NoDefaultCurrentDirectoryInExePath environment variable to reduce the risk of unintentionally executing files from untrusted locations.
This vulnerability shows how the invisible glue of our workflows can become points of failure when not properly scrutinized.
We expect more vulnerabilities to surface in this fast-growing AI ecosystem as workflows become more automated, composable, and cloud-integrated, and we hope this report encourages teams to take a closer look at the quiet dependencies holding their environments together.
The post Code Execution in Jupyter Notebook Exports appeared first on Blog.
Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components (RSC). That post focused on the essentials: a critical flaw arising from unsafe server-side deserialization of client-controlled RSC payloads, its potential to enable unauthenticated remote code execution, and what we do to protect against it.
In this follow-up, we expand on that foundation by examining what makes this vulnerability so dangerous. We explore the real-world footprint of this vulnerability, look at how it has appeared in the wild across different countries and sites, examine recorded exploit attempts that use this vulnerability as an entry point in opportunistic malware campaigns, and assess how the flood of AI-generated PoCs is complicating real-world defenses.
Before diving into the technical details, let’s begin with a macro-view of its real-world impact across the globe.
Over the past week, Imperva sensors recorded over 127 million requests related to React2Shell (CVE‑2025‑55182) probing and exploitation attempts, highlighting the scale and automation targeting this vulnerability. These attempts spanned across more than 87 thousand distinct sites, showing that opportunistic scanning far outweighs targeted, single-tenant attacks.
Activity was observed across 128 countries, with the United States and Singapore emerging as the most heavily targeted regions, underscoring the global reach of this CVE.
The industry reach is widespread, although Education and Financial Services sites collectively account for almost half of all attacks.
Shortly after the public disclosure of React2Shell (CVE-2025-55182), a flood of what claimed to be “proof-of-concept” exploits began circulating. As the original disclosure site warns, many of these PoCs were invalidly crafted under incorrect assumptions, such as requiring explicit exposure of dangerous server-side functionality such as child_process.exec, vm.runInThisContext, or fs.writeFile rather than exploiting the actual flaw in the RSC Flight deserialization logic.
This surge of AI-generated PoC samples has a harmful side effect: it has muddied the waters for defenders. Instead of concentrating on the real vulnerability, security teams must sift through a sea of false or irrelevant exploit attempts. Attackers and bots are now producing a vast number of convincing-looking payloads, making it much harder for defenders to tell legitimate exploits from background noise.
An example of AI POC:
In the immediate aftermath of the React2Shell disclosure, Imperva Threat research observed a large volume of malicious campaigns leveraging the vulnerability as an entry point. The following is a summary of just a few of the campaigns we observed along with the relevant IoCs:
Description:
A widespread campaign, where attackers leveraged the React Server Components vulnerability to download a malicious RAT executable. Once installed, the malware contacts a C2 server and retrieves JSON-based task instructions, such as running system commands, opening a reverse shell, and uploading or downloading files.
Top Targeted Countries: United States, Indonesia Thailand, Brazil, United Kingdom
Top Targeted Industries: Telecom and ISPs, Business, Financial Services, Gambling
Malicious command:
IoCs:
Description:
A highly targeted campaign, affecting only financial services sites in Hong Kong, utilizing the React2Shell vulnerability to deploy the Xnote Remote Access Trojan Linux malware. The Xnote malware was exposed by Russian anti-virus company Doctor Web, who believe that there is “good reason to believe that some members of the Chinese hacker group called ChinaZ took part in the development of this Trojan.”
Targeted Country: Hong Kong
Targeted Industry: Financial Services
Malicious command:
IoCs:
A campaign focused on deploying the SnowLight dropper through the React2Shell vulnerability. SnowLight serves as both an initial access vector and a persistence mechanism, executing malicious scripts that retrieve and install additional, more advanced payloads, most notably the VShell Remote Access Trojan (RAT).
SnowLight is associated with Chinese state-sponsored threat actors tracked as UNC5174, a group known for targeting research and education institutions, businesses, charities, NGOs, and government organizations across Southeast Asia, the United States, and the United Kingdom.
Targeted Countries: Indonesia, Australia, United States, Kuwait
Targeted Industry: Financial Services, Telecom and ISPs, Retail
Malicious command:
IoCs:
Description:
A campaign utilizing the React2Shell vulnerability to spread both Mirai and XMRig cryptojacking malware samples using shared server architecture. The attackers used the vulnerability to execute a one-liner command aimed at downloading and installing both Mirai botnet and XMRig cryptojacking malware.
Cryptojacker configuration showing wallet addresses
Top Targeted Countries: United States, Australia, United Kingdom, Argentina, Columbia
Top Targeted Industries: Healthcare, Business, Financial Services, Computing & IT
Malicious commands:
IoCs:
Description:
A cryptojacking campaign, with indicators of Chinese origin. The attackers utilized the React2Shell vulnerability to execute a dropper bash script, which downloads several second stage files including bash scripts and gzip compressed data. These components form the code and configuration of the cryptojacking operation. From an investigation of the wallet addresses used in the campaign we can see that (at the time of investigation) the threat actors were making around 170 USD per day, or around 62,050 USD per year.
Screenshot downloader script showing Chinese characters
Crypto wallet address:
Campaign Monero Wallet Statistics
Top Targeted Countries: United States, Brazil, United Kingdom, Colombia, Canada
Top Targeted Industries: Business, Financial Services, Lifestyle, Healthcare
Malicious commands:
IoCs:
The React2Shell vulnerability has quickly evolved from disclosure to widespread exploitation, with over 127 million attack attempts targeting more than 87,000 sites across 128 countries observed on the Imperva network alone within the first week. The campaigns documented here, from state-sponsored RATs to cryptojacking operations demonstrate how rapidly threat actors weaponize critical vulnerabilities. Imperva Cloud WAF and On-Premises WAF customers remain fully protected against these exploitation attempts.
The post Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability appeared first on Blog.
On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions.
The React2Shell vulnerability stems from improper validation of client-supplied data within certain server-side React features. An unauthenticated attacker could exploit this flaw by sending specially crafted requests, leading to unexpected server-side behavior. Successful exploitation could result in unauthenticated remote code execution.
This vulnerability requires no authentication and affects a wide range of modern React/Next.js deployments.
The affected functionality involves the mechanism React uses to receive and interpret data for server-side features. Certain malformed or intentionally crafted inputs may trigger unsafe processing paths on the server.
The React and Next.js teams have released security updates that strengthen these validation steps and prevent unintended behavior.
The vulnerability allows unauthenticated remote code execution (RCE) on servers running React Server Components.
Applications using React Server Components are vulnerable even if they do not explicitly define Server Function endpoints.
In effect, a malicious actor can send specially crafted requests to a vulnerable server and, due to insecure deserialization of serialized payloads, trigger unintended server behavior including arbitrary code execution.
As of this advisory, there is no evidence of active exploitation in the wild. However, numerous unauthorized or fake proof-of-concept (POC) exploits have been circulated publicly, which may cause confusion or unintended harm if tested without proper validation.
Affected Versions:
Patched versions:
Imperva’s Threat Research team initiated an immediate investigation to assess the potential impact on customer environments.
Within hours, we:
All cloud protections are already active, require no change from customers, and continue to be monitored and refined as new information becomes available. On-prem customers should review the Community Guide to manually deploy this policy.
This is a significant framework-level security issue affecting widely used technologies. Imperva customers are already protected through our rapid response and proactive security controls. We will continue to track this vulnerability closely and update protections as new information becomes available.
While Imperva protections mitigate known attack vectors, customers should:
For further assistance, please contact Imperva Support or your Customer Success representative.
The post Imperva Customers Protected Against React Server Components (RSC) Vulnerability appeared first on Blog.
At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware (versions 12.2.1.4.0 and 14.1.2.1.0). Multiple threat actors are already exploiting the vulnerability in the wild, and it was added to CISA’s Known Exploited Vulnerabilities catalog on November 21, 2025.
Oracle Identity Manager is widely deployed across large enterprises, particularly in finance, government, healthcare, and other sectors that rely heavily on Oracle infrastructure. Because it remains a core identity platform for many organizations, this vulnerability significantly elevates risk, making CVE-2025-61757 especially critical.
Recent disclosures indicate that, unlike previous Oracle CVEs, this vulnerability is straightforward and highly susceptible to exploitation by threat actors. The vulnerability originates from an authentication bypass in Oracle Identity Manager’s REST APIs, where attackers can trick the security filter into treating protected endpoints as public by appending parameters such as ?WSDL or ;.wadl to the URL path. This exposes sensitive endpoints like:
After gaining unauthenticated access, attackers can interact with a Groovy script compilation endpoint. Although this endpoint is not intended to execute scripts, it can be exploited to run malicious code during the compilation process by abusing Groovy’s annotation-processing feature.
This flaw chain allowed researchers to achieve pre-authentication remote code execution on vulnerable Oracle Identity Manager instances.
Over the past week, more than 300,000 attack attempts have been detected targeting this vulnerability. These attacks are occurring globally across over 18 countries, with the majority focused on the US and France.
Computing, healthcare, and business sites are hit the hardest by attack attempts.
CVE-2025-61757 is a critical authentication bypass vulnerability with a high operational impact, potentially allowing attackers to achieve remote code execution.
The Imperva Threat Research group tracked and identified the exploitation chain of this vulnerability, ensuring that Imperva customers with Elastic WAF, Cloud WAF, or On-Prem WAF are now protected out of the box.
The post CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution appeared first on Blog.
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy.
The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42.
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.
The post From Linear to Complex: An Upgrade in RansomHouse Encryption appeared first on Unit 42.
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.
The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42.
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs.
The post The Dual-Use Dilemma of AI: Malicious LLMs appeared first on Unit 42.
Two campaigns delivering Gh0st RAT to Chinese speakers show a deep understanding of the target population's virtual environment and online behavior.
The post Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT appeared first on Unit 42.
