Malware Activity
Spyware Innovations and AI Browser Vulnerabilities
Recent reports reveal alarming advancements in cybersecurity threats. The spyware company Intellexa has created a highly covert infection method called “Aladdin.” The spyware infects devices when a user simply views a malicious ad, no clicking required. This technique uses fake advertising networks across multiple countries, which makes it hard to detect or block, and exploits complex webs of companies and platforms. Additionally, Intellexa employs other tactics, like exploiting vulnerabilities in Samsung Exynos phones and even radio signals, to secretly compromise devices. Meanwhile, cybersecurity experts have identified critical flaws in AI-powered browsers such as Perplexity’s Comet, which can be manipulated to delete important files or execute harmful commands through seemingly innocent prompts or embedded URL fragments. While some companies have released patches, others have downplayed these risks, exposing ongoing challenges in securing AI tools. CTIX analysts will continue to report on the latest malware strains and attack methodologies.
- BleepingComputer: Predator Spyware Uses New Infection Vector for Zero-Click Attacks article
- TheHackerNews: Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails article
Threat Actor Activity
UK Intelligence Warn of the Persistent Risks Prompt Injection Pose to AI Security
British intelligence experts have warned that large language models (LLMs) may never be fully protected from "prompt injection," a cyber threat where nefarious actors manipulate AI systems into ignoring original instructions. The U.K.'s National Cyber Security Centre (NCSC) explained that prompt injections exploit the way LLMs process text as sequences of tokens, making them vulnerable to interpreting user content as commands. Real-world examples include attackers uncovering hidden instructions in Microsoft's New Bing search engine and stealing secrets through GitHub's Copilot. NCSC’s technical director for platforms research cautioned that embedding generative AI into global digital systems could lead to widespread security breaches. He emphasized the difference between prompt injection and SQL injection, noting that many security professionals mistakenly equate the two (2). While SQL injection involves sending malicious instructions to a database, prompt injection involves embedding hidden commands in text, such as modifying AI evaluations of job resumes to include prompts that could trick the AI into approving a resume for a follow-up interview. Efforts to mitigate prompt injection involve detecting prompts or training models to differentiate instructions from data, but these approaches struggle with the inherent nature of LLMs. Prompt injection should be viewed as a "Confused Deputy" vulnerability, requiring risk management through careful design and operation. Unlike SQL injection, prompt injection cannot be fully mitigated with parameterized queries, highlighting the need for proactive security measures. As AI becomes more integrated into applications, failing to account for prompt injection risks could lead to similar widespread breaches as seen with SQL injection in the past.
Vulnerabilities
Rapid, Global Exploitation of React2Shell Drives Critical Patch Mandates as State-Linked Intrusions Surge
Across multiple threat-intel sources, exploitation of the critical React2Shell vulnerability (an unauthenticated remote code (RCE) execution flaw in React Server Components caused by insecure deserialization in its Flight protocol) has escalated rapidly, prompting The U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog and mandate federal patching by December 26, 2025. The flaw, tracked as CVE-2025-55182, affects all frameworks implementing React Server Components, including Next.js, enabling attackers to run arbitrary commands through a single crafted HTTP request; public proof-of-concept exploits released by Maple3142 and others accelerated mass scanning and widespread attacks. Initially, Shadowserver identified 77,664 vulnerable IPs (later dropping to ~29,000), while Censys reported 2.15 million potentially exposed services across ecosystems like React Router, Waku, Parcel, Vite, and RedwoodSDK. Active compromises (over 30 confirmed organizations) show attackers using PowerShell “cheap math” tests, in-memory downloaders, and deployment of Cobalt Strike, SNOWLIGHT, and Vshell. These tactics indicate possible attribution pointing to groups such as Earth Lamia, Jackpot Panda, and UNC5174/CL-STA-1015, attributed to China by threat intelligence entities like Palo Alto's Unit 42, Amazon Web Services (AWS), Trend Micro/Trend Research, as well as independent researchers. Threat actors have also attempted credential theft, AWS file exfiltration, and crypto-miner installation. Emergency mitigations (including Cloudflare’s WAF rules) briefly led to outages, reinforcing the urgency for organizations worldwide to update to patched React library versions, rebuild and redeploy applications, and review logs for exploitation indicators. CTIX analysts urge any administrators to follow the React patch guidance immediately to prevent or remediate exploitation.
- Bleeping computer: React2Shell Vulnerability Article
- The Hacker News: React2Shell Vulnerability Article
- Cisa: React2Shell Vulnerability Advisory
📧 Never Miss a Briefing
Stay informed and secure. Subscribe to Ankura's Cyber Flash Update, a bi-weekly briefing curated by our top cybersecurity experts. Receive timely insights on emerging threats, vulnerabilities and malicious actors to keep your systems secure.
Join the Cyber Flash Update community today.
© Copyright 2025. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
