Google Calendar Exploits, Fake AI Packages, Malware Arrests, and a Newly Proposed Exploit Metric
Notable security news for the week of May 25 –June 1. Your editor this week is Chris from the F5 Security Incident Response Team. This week I will highlight Google Calendar exploits by an Advanced Persistent Threat (APT), malware installers disguised as popular AI tools, the arrest of 21 people in Pakistan operating a malware service, and a new exploit equation aimed at aiding KEV and EPSS. Google Calendar Exploits The Chinese state-sponsored threat actor APT41 has been using a malware called TOUGHPROGRESS to leverage Google Calendar for command-and-control (C2) operations. Google discovered this activity in late October of 2024. The malware was hosted on a compromised government website targeting multiple other government entities. The malware consists of three distinct components: PLUSDROP: A DLL used to decrypt and execute the next-stage payload in memory. PLUSINJECT: Performs process hollowing on a legitimate "svchost.exe" process to inject the final payload. TOUGHPROGRESS: The primary malware that uses Google Calendar for C2. The malware reads and writes events with an attacker-controlled Google Calendar, storing harvested data in event descriptions and executing encrypted commands. Google has taken down the malicious Google Calendar and terminated the associated Workspace projects, neutralizing the campaign. https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html Fake AI Tool Packages Since mid-October 2024, cybercriminals have been using fake installers for popular AI tools like OpenAI ChatGPT and InVideo AI to spread different types of malware. These include CyberLock ransomware, Lucky_Gh0$t ransomware, and a new malware called Numero. Developed using PowerShell, CyberLock encrypts specific files on the victim's system and demands a $50,000 ransom in Monero, claiming the funds will support humanitarian causes. A variant of the Yashma ransomware, Lucky_Gh0$t targets files smaller than 1.2GB for encryption and deletes backups, demanding ransom payments via the Session messaging app. This destructive malware manipulates the graphical user interface components of Windows, rendering the machines unusable. It continuously runs on the victim's machine through an infinite loop. The fake AI tool websites use SEO poisoning techniques to boost their rankings and lure victims into downloading malware-loaded installers. The campaign targets individuals and organizations in the B2B sales and marketing sectors, using the popularity of AI tools to spread malware. There are multiple ways you can reduce the risk of malware threats: Use Security Software: Install reputable antivirus and anti-malware software. Ensure it is regularly updated to protect against the latest threats. Be Cautious with Emails: Avoid clicking on links or opening attachments from unknown or suspicious emails. Phishing emails are a common way to spread malware. Download from Trusted Sources: Only download software from official websites or reputable sources. Avoid third-party platforms that might disguise malware as legitimate software. Keep Software Updated: Regularly update your operating system and all installed software to patch vulnerabilities that could be exploited by malware. Use Strong Passwords: Implement strong, unique passwords for all your accounts and consider using a password manager to keep them secure. Enable Two-Factor Authentication: Add an extra layer of security to your accounts by enabling two-factor authentication wherever possible. These are all good practices to use at any time. It is always a good idea to stay diligent when it comes to security. https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html Heartsender Malware Service Arrests Pakistani authorities have arrested 21 individuals accused of operating "Heartsender," a spam and malware dissemination service active for over a decade. The alleged ringleader, Rameez Shahzad, and other core developers were publicly identified in 2021 after making several operational security mistakes, such as inadvertently infecting their own computers with malware, which exposed their identities and operations. Heartsender's tools were linked to over $50 million in losses in the U.S., with European authorities investigating 63 additional cases. Heartsender provided spam and malware dissemination tools, primarily targeting users of various Internet services like Microsoft 365, Yahoo, AOL, Intuit, iCloud, and ID.me. The main clients were organized crime groups that used these tools for business email compromise (BEC) schemes. These schemes tricked companies into making payments to third parties by impersonating legitimate business contacts. The service was marketed under multiple brands, including Heartsender, Fudpage, and Fudtools. "Fud" stands for "Fully Un-Detectable," indicating that the tools were designed to evade detection by security software. The FBI and Dutch Police seized the technical infrastructure for Heartsender in January 2025. https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/ Likely Exploited Vulnerabilities (LEV) Researchers from CISA and NIST have proposed a new cybersecurity metric called Likely Exploited Vulnerabilities (LEV). This metric will help us figure out how likely a vulnerability has been used in the wild. LEV aims to enhance existing tools like Known Exploited Vulnerabilities (KEV) lists and the Exploit Prediction Scoring System (EPSS) by providing more accurate prioritization for vulnerability remediation. KEV (Known Exploited Vulnerabilities) Lists: Purpose: Catalog vulnerabilities that have been confirmed to be exploited in the wild. Usage: Helps organizations prioritize patching and remediation efforts by focusing on vulnerabilities that attackers are actively using. EPSS (Exploit Prediction Scoring System): Purpose: Provides a 30-day probability that a vulnerability will be exploited. Usage: Assists in predicting which vulnerabilities are likely to be targeted, helping organizations prioritize their security efforts. Both tools are essential for effective vulnerability management, with KEV lists focusing on known exploits and EPSS providing predictive insights. LEV uses equations that consider variables such as the first date an EPSS score is available, the date of the most recent KEV list update, inclusion in KEV, and the EPSS score measured across multiple days. LEV probabilities can help measure the expected number and proportion of vulnerabilities exploited by threat actors and estimate the comprehensiveness of KEV lists. NIST is seeking industry partners with relevant datasets to empirically measure the performance of LEV probabilities. In vulnerability management, LEV can be used for enhancement in several ways: Prioritization: LEV helps organizations prioritize vulnerabilities that are most likely to be exploited, ensuring that critical patches are applied first. LEV is more accurate because it uses data from KEV lists and EPSS scores. This means it can find vulnerabilities that are not being exploited as often. Resource Allocation: LEV enables better allocation of resources by focusing efforts on vulnerabilities with the highest exploitation probability, optimizing security operations. Risk Management: LEV probabilities help measure the expected number and proportion of vulnerabilities exploited by threat actors, aiding in comprehensive risk management. Collaboration: LEV encourages collaboration between industry partners and researchers to empirically measure and improve vulnerability management practices. The hope is that by integrating LEV into existing tools and processes, organizations can improve their ability to identify, prioritize, and mitigate vulnerabilities effectively. https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall
Notable security news for the week of May 18th-24th May 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about ‘Signal messenger, which has blocked Windows Recall to protect its user privacy. Massive 6.3Tbps of DDoS attack on KrebsOnsecurity, CrowdStrike and DOJ collaborated to Dismantle DanaBot Malware Network and user messages from Discord’s app are dumped online by the researchersF5 May 2025 QSN, Big dollar cough up, buggy-spy chat apps
On May 5th, F5 disclosed 12 issues, 11 Highs, and 1 Medium Severity CVEs for the F5 May 2025 Quarterly Security Notifications. Most of the issues disclosed were classic DoS on BIG-IP products and the BIG-IP NEXT products and are fixed in the latest BIG-IP 17.5, 16.1.6, and most in15.1.10.7 versions and the latest BIG-IP NEXT versions.The Future Soon
It's the first May, first of May, outdoor... Oh, hi, didn't see you there. Welcome back, once again, to This Week In Security the weekly (mostly weekly) newsletter where we take the random security news of the week and run it down. I'm your host this week, , and these are the items that happened to catch my eye as I once again drank from the firehose of doom, or security news, same thing.Policy Puppetry, Jumping the Line, and Camels
Notable news for the week of April 20th - April 27th, 2025. This week, your editor is Jordan_Zebor from F5 Security Incident Response Team. This week, I’m diving into some big updates around Generative AI security. Every time a new tech wave hits—whether it was social media, crypto, IoT, or now AI—you can bet attackers and security teams are right there, too. The latest threats, like Policy Puppetry and Line Jumping show just how fast things are moving. On the flip side, defenses like CaMeL are helping us stay one step ahead. If we want AI systems that people can trust, security engineers have to stay sharp and keep building smarter defenses. Policy Puppetry: A Universal Prompt Injection Technique It seems like weekly, new ways to perform prompt injection are being discovered. Recent research by HiddenLayer has uncovered "Policy Puppetry," a novel prompt injection technique that exploits the way LLMs interpret structured data formats such as XML and JSON. This works because the full context—trusted system instructions and user input alike—is flattened and presented to the LLM without inherent separation (something I will touch on later). By presenting malicious prompts that mimic policy files, attackers can override pre-existing instructions and even extract sensitive information, compromising the integrity of systems powered by LLMs like GPT-4, Claude, and Gemini. For security engineers, this discovery underscores a systemic vulnerability tied to LLMs' training data and context interpretation. Existing defenses, such as system prompts, are insufficient on their own to prevent this level of exploitation. The emergence of Policy Puppetry adds to the ongoing discussion about prompt injection as the most significant Generative AI threat vector, highlighting the urgent need for comprehensive safeguards in AI system design and deployment. MCP Servers and the "Line Jumping" Vulnerability Trail of Bits uncovered a critical vulnerability in the Model Context Protocol (MCP), a framework used by AI systems to connect with external servers and retrieve tool descriptions. Dubbed "line jumping," this exploit allows malicious MCP servers to embed harmful prompts directly into tool descriptions, which are processed by the AI before any tool is explicitly invoked. By bypassing the protocol’s safeguards, attackers can manipulate system behavior and execute unintended actions, creating a cascading effect that compromises downstream systems and workflows. This vulnerability undermines MCP's promises of Tool Safety and Connection Isolation. The protocol is designed to ensure that tools can only cause harm when explicitly invoked with user consent and to limit the impact of any compromised server through isolated connections. However, malicious servers bypass these protections by instructing the model to act as a message relay or proxy, effectively bridging communication between supposedly isolated components. This creates an architectural flaw akin to a security system that activates prevention mechanisms only after intruders have already breached it. Google's CaMeL: A Defense Against Prompt Injection In response to prompt injection threats, Google DeepMind has introduced CaMeL (Capability-based Model Execution Layer), a groundbreaking mechanism designed to enforce control and data flow integrity in AI systems. By associating “capabilities”—metadata that dictate operational limits—with every value processed by the model, CaMeL ensures untrusted inputs cannot exceed their designated influence. Instead of sprinkling more AI magic fairy dust on the problem, this approach leans on solid, well-established security principles concepts into the AI domain. By implementing a protective layer around the LLM, developers can reduce risks such as unauthorized operations and unexpected data exfiltration, even if the underlying model remains vulnerable to prompt injection. While CaMeL has not yet been tested broadly, its potential represents a significant advancement toward secure-by-design AI systems, establishing a new architectural standard for mitigating prompt injection vulnerabilities. That’s it for this week — hope you enjoyed!VulnCon 2025, EU CRA, CVE funding, Smishing Kit
Notable security news for the week of April 13th through April 20th. Your editor this week is Chris from the F5 Security Incident Response Team. A bit of a different format this week as I was in Raleigh for VulnCon 2025 the previous week. I will discuss highlights from that as well as notable events from the past week. VulnCon 2025 The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”), which was sponsored by FIRST and the CVE Program, was held from April 7th through April 10th this year. The aim of this conference is to promote collaboration between various vulnerability management and cybersecurity professionals to better help the whole cybersecurity ecosystem. Key topics that were highlighted this year were the EU's Cyber Resilience Act (CRA), Vulnerability Exploitability eXchange (VEX), Cybersecurity Assurance Framework (CSAF), and publishing more complete CVE records or Vulnrichment. I will discuss the CRA in the next paragraph. VEX facilitates the exchange of vulnerability information, fostering collaboration to swiftly address emerging threats. Concurrently, CSAF ensures a standardized approach to cybersecurity practices. One of the pushes that was discussed was to get security scanners to start ingesting VEX to help decrease the amount of false positives and focus more on vulnerabilities that are exploitable. As for Vulnrichment, it is alarming that a large number of CVEs that are disclosed every year do not include Common Weakness Enumerations (CWE) or Common Vulnerability Scoring System (CVSS) scores. I agree that adding this information at a minimum would be very beneficial to both the consumers as well as the vendor. The vendor is in the best position to assign these in a more accurate manner since they are most familiar with the products. https://www.first.org/conference/vulncon2025/ https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/ EU Cyber Resilience Act (CRA) The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle. The main goals of this act are to ensure that products with digital elements placed on the EU market have fewer vulnerabilities that Manufacturers remain responsible for cybersecurity throughout a product’s life cycle, improve transparency on security of hardware and software products and bring benefits to business users and consumers from better protection. Products will bear the CE marking as is common with many other products sold, which means they have been assessed to meet high safety, health, and environmental protection requirements. The three main roles that are laid out are: Manufacturers: If you develop or manufacture products with "digital elements" for sale in the EU. Open-Source Software (OSS) Stewards: Entity other than a manufacturer that provides support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products. Examples of this would be the Linux Foundation, Apache Foundation, etc.... OSS Developers: Upstream maintainer or developer of open-source software that is used by the manufacturer. The key point to note in this distinction of these three roles is that if there is a vulnerability exploited in open-source software, the manufacturer is the one held liable. The OSS Steward and the OSS Developers are not being held liable. This makes it a good idea to develop working relationships with the OSS upstream developers for when emergencies do arise. Now to focus on the manufacturer requirements. I will not touch all of them as the CRA is a large document but will point out some of the key topics. Secure-By-Default and Secure-By-Design principles will now be a requirement and not just a pledge. Products with digital elements shall be delivered without any known exploitable vulnerabilities. Manufacturers will need to provide evidence that the product was checked before release. A risk assessment will need to be provided with the product and the contents of that assessment are laid out in Annex I of the document. Manufactures must be able to provide SBOMS in either SPDX or CycloneDX format at the request of authorities. Manufacturers must , address and remediate vulnerabilities without delay, which includes providing security updates. Manufacturers must provide support for a minimum of 5 years, including security updates and that each security update remains available after it has been issued for a minimum of 10 years or for the remainder of the support period, whichever is longer. There are also reporting requirements. Highlight a couple of them; they pertain to actively exploited vulnerabilities and severe incidents having an impact on the security of the product. An early warning notification of an actively exploited vulnerability or severe incident, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it. Then "an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be". That was taken from the document and you can see how thorough they are being when detailing what to report. The final report will need to be submitted by 14 days for active exploits and one month for severe incidents. Then to explain where to report: "The notification shall be submitted using the electronic notification end-point of the CSIRT designated as coordinator of the Member State where the manufacturers have their main establishment in the Union and shall be simultaneously accessible to ENISA". This means that the manufacturer will need to choose one of the European country's CSIRT teams to be the point of contact. As for the consequences of non-compliance, the EU is not playing around with that either: Non-compliance with the essential cybersecurity requirements set out in Annex I and the obligations set out in Articles 13 and 14 shall be subject to administrative fines of up to EUR 15,000,000 or, if the offender is an undertaking, up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Non-compliance with the obligations set out in Articles 18 to 23, Article 28, Article 30(1) to (4), Article 31(1) to (4), Article 32(1), (2) and (3), Article 33(5), and Articles 39, 41, 47, 49 and 53 shall be subject to administrative fines of up to EUR 10,000,000 or, if the offender is an undertaking, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. The supply of incorrect, incomplete or misleading information to notified bodies and market surveillance authorities in reply to a request shall be subject to administrative fines of up to EUR 5,000,000 or, if the offender is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher. To explain those bullet points more simply, everything I mentioned above about manufacturer requirements and reporting all fall under Annex I or Articles 13 and 14 so would be subject to the most severe penalties per incident. As for the timelines of this act, the CRA was officially adopted on October 10, 2024, and entered into force on December 10, 2024. However, the CRA's main obligations will apply starting from December 11, 2027. Some earlier obligations will apply, such as the reporting of vulnerabilities and severe incidents, starting from September 11, 2026. Additionally, the rules on conformity assessment bodies will be applicable from June 11, 2026. https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act https://github.com/SecurityCRob/presentations/blob/main/CRA%20PSIRT%20TL_DR.pdf CVE Program Funding The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE, was facing funding expiration on April 16, 2025. The program is essential for identifying and tracking security vulnerabilities in software and hardware. Without funding, the CVE program would stop adding new vulnerabilities, which could lead to significant impacts on national vulnerability databases, cybersecurity tools, incident response operations, and critical infrastructure. MITRE's Vice President Yosry Barsoum expressed hope that the government is making efforts to continue supporting the program. Luckily, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was able to secure funding at the last moment, to fund the program for 11 more months. This is despite ongoing budget and staffing cuts to CISA by the current administration. The cybersecurity community has expressed concern over the potential loss of the CVE program, emphasizing its importance in standardizing vulnerability information and aiding in the timely patching of security flaws. On April 16, MITRE announced the creation of a non-profit entity called "The CVE Foundation" to continue the program's work under a new funding mechanism. https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ The CVE Foundation The CVE Foundation was launched to secure the future of the CVE Program. The CVE Foundation was formally established on April 16, 2025, to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. The CVE Program has been a U.S. government-funded initiative for 25 years, raising concerns about sustainability and neutrality due to its reliance on a single government sponsor. MITRE notified the CVE Board on April 15, 2025, that the U.S. government would not renew its contract for managing the program. In response, a coalition of CVE Board members developed a strategy to transition CVE to a dedicated, non-profit foundation to continue delivering high-quality vulnerability identification. CVE identifiers and data are crucial for cybersecurity professionals worldwide, aiding in security tools, advisories, threat intelligence, and response. Going forward, the CVE Foundation aims to eliminate a single point of failure in the vulnerability management ecosystem and ensure the CVE Program remains globally trusted and community-driven. https://www.thecvefoundation.org/home Pay Your Tolls!! About 3 and a half years ago, I was driving into Denver on Interstate 70 coming from the East. I had no need to drive through Denver as I was heading north through Wyoming anyway. Well, a few miles before the city there was an offramp for E-470, a toll highway that would bypass Denver and connect to I-25 a few miles north of the city. I had never used a toll highway before since I live in Eastern Washington where they are unheard of. I was picturing a scene out of a movie where you pull up to a booth and pay an attendant. I was surprised as I merged onto the highway and everyone was driving at 60+ MPH. I saw a sign that stated the system used E-ZPass and would scan the license plate. Fast forward a few months and I receive a bill in the mail from E-ZPass, a pretty nice way to bypass driving through the middle of a large city, I thought. Now, unfortunately, a smishing campaign is targeting that same system to trick victims into giving them their payment information. Since mid-October 2024, multiple financially motivated threat actors have been using a smishing kit developed by "Wang Duo Yu" to target toll road users in eight U.S. states. The campaign impersonates U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages about unpaid tolls, urging recipients to click on fake links. Victims are prompted to solve a fake CAPTCHA challenge and enter personal and financial information on fraudulent pages, which is then siphoned off to the threat actors. Wang Duo Yu, a computer science student in China, is alleged to be the creator of the phishing kits used by the Smishing Triad, a Chinese organized cybercrime group. The Smishing Triad has conducted large-scale smishing attacks targeting postal services in 121 countries, using failed package delivery lures to harvest personal and financial information. Services like Oak Tel facilitate smishing on a global scale, allowing cybercriminals to send bulk SMS and manage campaigns efficiently. I have personally received 2 or 3 of these over the past few months. Luckily, I know the one time I drove on a toll road, so it was obvious to me that this was fake. I worry about people that are using these systems more regularly that may fall victim. https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html
