Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.

Cybersecurity firm Quorum Cyber has uncovered two new versions of malicious software known as NodeSnake. This discovery highlights a possible shift in targets for the Interlock ransomware group, which is believed to be behind these attacks.

Quorum Cyber’s Threat Intelligence team has been tracking NodeSnake and strongly believes it is connected to Interlock ransomware. This connection is based on the shared online infrastructure used by the attackers.

The team noticed similar malicious code used in attacks on two universities in the United Kingdom within two months. The same attackers likely placed both NodeSnake RATs at these universities. Furthermore, the two NodeSnake variants are from the same family, with the newer one showing significant improvements.

A screenshot from Interlock ransomware gang’s dark web leak site shows a UK country being listed as a victim (Image credit: Hackread.com)

According to Quorum Cyber’s research, shared with Hackread.com, NodeSnake is a type of Remote Access Trojan (RAT). RATs are dangerous because they allow attackers to take control of infected computers from afar. This means attackers can access files, watch what users are doing, change computer settings, and even steal or delete important information remotely while the RATs stay hidden in the system and even introduce other harmful programs.

Interlock ransomware, first seen in September 2024, has typically focused on large or valuable organizations across North America and Europe. This group is known for double-extortion tactics, where they encrypt data and threaten to release it unless a ransom is paid.

Interlock Ransomware gang’s ransom note (Image credit: Quorum Cyber)

Unlike many other ransomware groups, Interlock doesn’t operate as a service for others and has no known partners. It can attack both Linux and Windows computer systems, giving it a wide range of targets.

However, recent activity suggests Interlock is now also targeting local government bodies and higher education institutions. In April 2025, Hackread.com reported Interlock stole a staggering 20 terabytes (TB) of sensitive patient data from DaVita Healthcare, a major healthcare provider specializing in kidney dialysis treatment.

This shift in targets is concerning. As Paul Caiazzo, Chief Threat Officer at Quorum Cyber, explained, “We have observed threat actors increasingly targeting universities this year to exfiltrate valuable intellectual property, including research data, and possibly to test and hone new tactics, techniques, and procedures before potentially applying them in other sectors.”

Caiazzo added that the theft of research data points to a motivation related to espionage. Quorum Cyber continues to monitor Interlock and NodeSnake to help organizations protect their important information. The company is offering a detailed technical analysis and recommendations to lessen the impact of the malware in its NodeSnake report available here.

Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks

Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records. The post is titled “TikTok 2025 Breach – 428M Unique Lines.”

The seller’s post, which appeared on the forum yesterday (May 29, 2025), promises a dataset containing detailed user information such as:

*   Email addresses
*   Mobile phone numbers
*   Biography, avatar URLs, and profile links
*   TikTok user IDs, usernames, and nicknames
*   Account flags like private\_account, secret, verified, and ttSeller status.
*   Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts.

Screenshot of the Often9’s post (Image credit: Hackread.com)

****Why This Might Be Serious****

The inclusion of non-public fields such as email addresses, mobile phone numbers, and internal account flags is not something that can be casually scraped from TikTok’s public-facing website or mobile app. If these details are verified by TikTok to be accurate and recent, it suggests access to either internal TikTok systems or an exposed **third-party database**.

Adding to the weight of the claim, the threat actor is willing to work through a middleman, a common approach on criminal forums when large-scale data sales require third-party verification to build buyer trust.

Sample data screenshot (Image credit: Hackread.com)

****But Here’s Why Skepticism Is Warranted****

Despite the attention-grabbing sales pitch from the threat actor, several red flags cast doubt on the validity of the claim. Importantly, a significant number of sample entries show empty or generic fields for emails and phone numbers, raising the possibility that this dataset was put together from **scraped public profiles** and organised using old breach data or guesswork.

The threat actor is a new account on the forum, having joined only days ago, with no reputation, neither positive nor negative. In the cybercrime world, reputation is currency; major breach sellers typically have years of verified history or past successful sales.

The forum itself has a recent history of inflated or false breach claims. Notably, the same platform was used last week to promote a so-called “1.2 billion Facebook user” data sale, which was later exposed as fake in an **exclusive Hackread.com investigation**, leading to the seller’s ban.

A closer look at the sample data reveals that many fields, user IDs, usernames, profile links, and follower metrics, are publicly accessible and could be obtained through large-scale scraping operations. While scraping at scale can still pose risks (like phishing or spam campaigns), it does not equate to a breach of internal systems.

****Cross-Checking Email Addresses with HaveIBeenPwned****

Hackread.com also cross-checked the email addresses in the sample data against records on HaveIBeenPwned, and most were found in fewer than two previous data breaches. This is alarming and adds some legitimacy to the uniqueness of the data. However, a 1,200-line sample from a supposedly 428 million record breach is not enough to establish legitimacy.

For now, this claim should be treated with caution. As tempting as the sales numbers may be, reputationless sellers on cybercrime forums often exaggerate or fabricate to make a quick profit or attract attention.

****Not The First Time****

This is not the first time a threat actor has claimed to breach TikTok’s data. In September 2022, a hacker claimed to have **acquired 2 billion TikTok records**, including internal statistics, source code, 790 GB of user data, and more, a claim that was later denied by the company.

Nevertheless, Hackread.com has reached out to TikTok for comment. This article will be updated accordingly.

Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale

Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…

Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the latest on the lingerie giant’s efforts to restore operations and what customers need to know.

Lingerie giant Victoria’s Secret shut down its US website and some in-store services for three days due to an unspecified security incident. Customers attempting to access the Victoria’s Secret website were met with a message explaining the service disruption.

“Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in-store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process.”

****Impact and Timeline****

The company announced the measure on Thursday, May 29, 2025, stating it was a precaution and that their team is “working around the clock to fully restore operations.”

While the company has not provided a specific timeline for when services will be fully restored, a FAQ page suggests the issue may have begun on or after Monday, May 26.

Some customers on online forums like Reddit reported experiencing problems as early as Sunday night. The company also confirmed that it is working to fulfil orders placed before Monday. Although online operations are affected, physical Victoria’s Secret and PINK brand stores remain open.

However, some in-store services, like processing online returns, were unavailable, as were online customer care services. A note to employees from Victoria’s Secret CEO Hillary Super reveals that “recovery is going to take a while.” This suggests a complex cleanup process is underway.

The company has engaged third-party experts to help resolve the issue. Following this incident, shares of Victoria’s Secret & Co., reportedly, saw a decline of around 10%. The company’s lack of clear communication about the incident, including no updates on social media, has heightened uncertainty, likely led to this decline.

****Another Retailor Hit by Cyber Attack?****

This incident at Victoria’s Secret comes amidst a recent rise in cyberattacks targeting major retailers. As Hackread.com earlier reported, companies such as Marks and Spencer, Harrods, and Co-op have faced similar security challenges this year.

Two weeks ago, Dior reported a cybersecurity incident where unknown attackers accessed data on some of its Fashion and Accessories customers. Last week, the German shoe and clothing giant, Adidas, also reported an unauthorized external party obtaining consumer data, primarily contact information, through a third-party customer service provider.

The methods behind these attacks often involve social engineering, where cybercriminals trick individuals associated with a company into providing access to sensitive systems.

A notorious cybercrime group, Scattered Spider, has been identified as responsible for the VS incident as it has been targeting major retail brands in the UK and the US. These attacks can lead to significant disruptions, as seen with Marks & Spencer halting online orders for weeks due to a cyber incident. Experts advise consumers to be cautious after such incidents, as fraudsters may try to exploit the situation with fake promotions or by using compromised personal data.

At the time of writing, the Victoria’s Secret website for the US was restored and available for customers.

Ben Hutchison, Associate Principal Consultant at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the incident, stating, “Once attackers succeed in a sector, others often follow, making similar targets ‘victims of the moment.’ With rising attacks on retail, these businesses should treat this as a wake-up call to strengthen cybersecurity and digital resilience.”

Victoria’s Secret US Website Restored After Security Incident

A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.

A new report from cybersecurity firm Netcraft reveals a rise in a Chinese-language Phishing-as-a-Service (PhaaS) known as Haozi. This service makes it incredibly easy for criminals, even those without technical skills, to launch sophisticated phishing attacks. Rob Duncan, a security researcher at Netcraft, discovered this surge over the past five months.

According to Netcraft’s blog post, shared with Hackread.com, Haozi stands out for its user-friendliness, marketing itself with a cartoon mouse and emphasizing ease of use and strong support. Unlike older methods that require coding knowledge, Haozi provides a simple web panel.

Haozi phishing administration panel screenshot (Source: Netcraft)

Once a criminal buys a server and puts in the details, the phishing kit sets itself up automatically. This plug-and-play approach even surpasses other modern PhaaS tools that still require some command-line actions. Netcraft has found Haozi control panels on thousands of phishing websites, indicating its widespread use.

****An Attractive Business Model for Bad Actors****

Beyond just offering phishing kits, Haozi operates like a full-fledged business. It sells advertising space to connect phishing kit buyers with other services, such as those that send text messages. Haozi also acts as a middleman in these deals. The digital wallet used for these advertisements and intermediary services, which uses Tether (USDT), has taken in over $280,000.

Recently, withdrawals from this wallet have often been in the thousands of dollars. The service also offers dedicated customer support through Telegram channels, providing tutorials, answering questions, and even allowing users to request custom phishing pages.

(Source: Netcraft)

This strong support system, combined with the automated setup, makes Haozi highly attractive to those new to cybercrime. The original Haozi Telegram community had almost 7,000 members before it was shut down, but since April 28, 2025, a new community has quickly gained over 1,700 followers. Haozi charges around $2,000 for a yearly subscription, with options for shorter terms.

****Understanding Phishing-as-a-Service (PhaaS)****

Phishing-as-a-Service (PhaaS) refers to online platforms that provide all the tools and support needed to carry out phishing attacks, often through a subscription model. Phishing itself is a type of cyberattack where criminals try to trick individuals into giving up sensitive information, like passwords or credit card details, by pretending to be a trustworthy entity.

Hackread.com has also highlighted this growing threat of PhaaS networks. In January 2025, we reported on Sneaky 2FA, a PhaaS targeting Microsoft 365 through a Telegram bot. In March 2025 Morphing Meerkat, a sophisticated operation using DNS vulnerabilities for years, was discovered and in April 2025, Netcraft warned about the Darcula-Suite upgrade, which now uses AI to create multilingual scam pages.

The rise of PhaaS like Haozi shows how easy it has become to commit cybercrime. While companies are improving their security, attackers are increasingly using social engineering and phishing because these methods don’t require breaking through protected infrastructure. All it requires is a human error, which shows the urgent need for employee cybersecurity training.

Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits

Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn…

Cisco Talos uncovers CyberLock ransomware, Lucky\_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn how these fake installers exploit businesses in sales, tech, and marketing.

Cybersecurity researchers at Cisco Talos have revealed that the increasing presence of Artificial Intelligence (AI) in the business world has opened new opportunities for cybercriminals. Threat actors are hiding malicious software within fake installers for AI tools, tricking businesses into downloading malware. This new wave includes ransomware like CyberLock and Lucky\_Gh0$t, and destructive malware called Numero.

According to researchers, these fake AI tool installers are distributed via various online channels, through SEO poisoning (manipulating search engine rankings) so that the fake websites appear at the top of search results. Additionally, social media and messaging platforms like Telegram are used to spread their malicious links.

Businesses, especially those in sales, technology, and marketing, are prime targets because they frequently use legitimate AI tools for automation, data analysis, and customer engagement.

As detailed by Cisco Talos’ report shared with Hackread.com ahead of its publishing on Thursday, May 29, when unsuspecting users download seemingly harmless installers, they unknowingly invite malware onto their systems, putting sensitive business data and financial assets at risk, and eroding trust in genuine AI solutions.

****Cisco Talos Exposes Several Threats********CyberLock Ransomware****

This ransomware, observed as early as February 2025, poses as a lead monetization AI platform called NovaLeadsAI. Its operators have created a fake website, ‘novaleadsaicom,’ to mimic the real ‘novaleads.app.’ They even offered deceptive “free access” for the first year to lure victims.

Fake Website Offering the AI Tool (Source: Cisco Talos)

Once downloaded, a file named ‘NovaLeadsAI.exe’ deploys the CyberLock ransomware. This ransomware, written in PowerShell and embedded with CSharp code, encrypts various file types, including documents, spreadsheets, images, and videos, and demands a $50,000 ransom in Monero (XMR) cryptocurrency.

As a manipulative tactic, cybercriminals falsely claim the ransom will support humanitarian aid in regions like Palestine, Ukraine, Africa, and Asia. CyberLock also attempts to wipe free space on the hard drive via a built-in Windows tool ‘cipher.exe’., making it harder to recover deleted files.

****Lucky\_Gh0$t Ransomware****

This Yashma ransomware variant (part of the Chaos ransomware series) is distributed through fake ChatGPT installers, usually as ‘ChatGPT 4.0 full version – Premium.exe’. This malicious installer includes a file called ‘dwn.exe’ which is the ransomware, along with legitimate Microsoft AI tools, likely to avoid detection.

Lucky\_Gh0$t encrypts files smaller than 1.2GB and also has destructive behaviour for larger files, overwriting them with a single character. Victims are given a personal ID and instructed to use a secure messenger platform for communication.

****Numero Malware****

This newly discovered destructive malware imitates the installer for InVideo AI, a popular online video creation tool. Compiled in January 2025, it is a window manipulator malware that continuously runs on a victim’s machine, making Windows systems unusable by interfering with their graphical interface. It avoids being detected by checking for common malware analysis tools like IDA, x64 debugger, and OllyDbg.

Fake Installer Running Numero Payload (Source: Cisco Talos)

Given these evolving threats, organizations and individuals must be extremely careful. Always verify the source of AI tools and only download software from trusted vendors.

Fake ChatGPT and InVideo AI Downloads Deliver Ransomware

PALO ALTO, California, 29th May 2025, CyberNewsWire

**PALO ALTO, California, May 29th, 2025, CyberNewsWire**

Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps. BitM attacks work by using a remote browser to trick victims into interacting with an attacker-controlled browser via a pop-up window in the victim’s browser. A common BitM attack involves displaying the legitimate login page of an enterprise SaaS app, deceiving victims into divulging credentials and other sensitive information thinking that they are conducting work on a regular browser window.

Despite this, one flaw that BitM attacks always had was the fact that the parent window would still display the malicious URL, making the attack less convincing to a security-aware user. However, as part of the Year of Browser Bugs (YOBB) project, SquareX’s research team highlights a major Safari-specific implementation flaw using the Fullscreen API. When combined with BitM, this vulnerability can be exploited to create an extremely convincing Fullscreen BitM attack, where the BitM window opens up in fullscreen mode such that no suspicious URLs from the parent window is seen. Safari users are especially vulnerable to this attack as there is no clear visual indicator of users entering fullscreen. We have disclosed this vulnerability to Safari and were regrettably informed that there is no plan to address the issue.

The current Fullscreen API specifies that “the user has to interact with the page or a UI element in order for this feature to work.” However, what the API does not specify is what kind of interaction is required to trigger fullscreen mode. Consequently, attackers can easily embed any button – such as a fake login button – in the pop-up that calls the Fullscreen API when clicked. This triggers a fullscreen BitM window that perfectly mimics a legitimate login page, including the URL displayed on the address bar.

> “The Fullscreen BitM attack highlights architectural and design flaws in browser APIs, specifically the Fullscreen API,” says the researchers at SquareX, “Users can unknowingly click on a fake button and trigger a fullscreen BitM window, especially in Safari where there is no notification when the user enters fullscreen mode. Users that typically rely on URLs to verify the legitimacy of a site will have zero visual cues that they are on an attacker-controlled site. With how advanced BitM is becoming, it is critical for enterprises to have browser-native security measures to stop attacks that can no longer be visually identified by even the most security aware individuals.”

While BitM attacks have primarily been used to steal credentials, session tokens and SaaS application data, the fullscreen variant has the potential to lead to even more damage by making the attack imperceptible for most ordinary enterprise users. For instance, the landing site may have a button that claims to link to a government resource and opens up to a fake government advisory page to spread misinformation and even gather sensitive company and personally identifiable information (PII). The victim can even subsequently open additional tabs in the attacker-controlled window, allowing adversaries to fully monitor the victim’s browsing activity.

Fullscreen BitM window displaying legitimate Figma login page and URL in the address bar (Disclaimer: Figma is used as an illustrative example)

**Are other browsers vulnerable to Fullscreen BitM attacks too?**

Unlike Safari, Firefox, Chrome, Edge and other Chromium-based browsers display a user message whenever the full-screen mode is toggled. However, this notification is extremely subtle and momentary in nature – most employees may not notice or register this as a suspicious sign. Additionally, the attacker can also use dark modes and colors to make the notification even less noticeable. By contrast, Safari does not have a messaging requirement – the only visual sign of entering fullscreen mode is a “swipe” animation. Thus, while the attack shows no clear visual cues in Safari browsers, other browsers are also exposed to the same Fullscreen API vulnerability that makes the Fullscreen BitM attack possible.

**Existing security solutions fail to detect Fullscreen BitM attacks**

Unfortunately, EDRs have zero visibility into the browser and are proven to be obsolete when it comes to detecting any BitM attack, much less its more advanced fullscreen variant. Additionally, orchestrating the attack with technologies such as remote browser and pixel pushing will also allow it to bypass SASE/SSE detection by eliminating any suspicious local traffic. As a result, without access to rich browser metrics, it is impossible for security tools to detect and mitigate Fullscreen BitM attacks. Thus, as phishing attacks become more sophisticated to exploit architectural limitations of browser APIs that are either unfixable or will take significant time to fix by browser providers, it is critical for enterprises to rethink their defense strategy to include advanced attacks like Fullscreen BitM in the browser.

To learn more about this security research, users can visit https://sqrx.com/fullscreen-bitm.

SquareX’s research team is also holding a webinar on June 5th, 10am PT/1pm ET to dive deeper into the full attack chain. To register, users can click here.

**About SquareX**

SquareX is a pioneering Browser Detection and Response (BDR) that empowers organizations to proactively detect, mitigate, and effectively threat-hunt client-side web attacks. SquareX provides critical protection against a wide range of browser security threats, including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI DLP, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser. Users can find out more on www.sqrx.com.

The Fullscreen BitM Attack disclosure is part of the Year of Browser Bugs project. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking, Polymorphic Extensions and Browser-Native Ransomware.

To learn more about SquareX’s BDR, users can contact SquareX at \[email protected\]. For press enquiries on this disclosure or the Year of Browser Bugs, users can email at \[email protected\]. 

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.

The FortiGuard Incident Response Team has released a detailed investigation into a newly discovered malware that managed to quietly operate on a compromised Windows machine for several weeks. What makes this malware different from others is its deliberate corruption of its own DOS and PE headers, a method designed to obstruct forensic analysis and reconstruction efforts by security researchers.

Despite this challenge, Fortinet’s team successfully obtained a memory dump of the live malware process, housed in a dllhost.exe process (PID 8200), along with a complete 33GB memory dump of the compromised system.

By carefully replicating the compromised environment, Fortinet’s researchers were able to bring the dumped malware back to life in a controlled setting, allowing them to observe its operations and communication patterns.

****Bringing Corrupted Malware Back Online****

Without its DOS and PE headers, the malware could not be simply loaded and executed like a normal Windows binary. The research team had to manually identify the malware’s entry point, allocate memory, and resolve API addresses that differed between the compromised system and the test environment. Through repeated debugging, address relocation, and parameter adjustments, they were finally able to emulate the malware’s behaviour in a lab setting.

The image shows the DOS and PE headers have been corrupted, which makes it challenging to fully reconstruct the executable from memory (Credit: FortiGuard)

According to Fortinet’s blog post shared with Hackread.com ahead of its publishing on Thursday, once operational, the malware revealed its communication with a command-and-control (C2) server at rushpaperscom over port 443, using TLS encryption.

Fortinet analysts traced the malware’s use of Windows API functions like SealMessage() and DecryptMessage() to handle encrypted traffic. They also identified an additional layer of custom encryption that wrapped specific data packets before applying TLS, further complicating traffic inspection.

****What the Malware Can Do****

Fortinet’s analysis confirms that the malware operates as a Remote Access Trojan (RAT), providing the attacker with several powerful features:

*   **Screen capture**: The malware takes periodic screenshots, compresses them as JPEGs, and sends them to the C2 server along with the titles of active windows.

*   **Remote server functionality**: The malware sets up a listening TCP port, allowing attackers to connect directly and issue commands or deploy additional attacks.

*   **System service control**: By interfacing with the Windows Service Control Manager, the malware can enumerate, manipulate, and potentially disrupt critical system services on the infected machine.

****How the Attack Works****

The initial infection relied on batch scripts and PowerShell to launch the malware, embedding it into a Windows process. Once running, the malware fetched the C2 server’s domain information from encrypted memory, established a secure connection, and began exfiltrating system details.

Full memory dump of the compromised machine. The image shows detailed file information for the “fullout” dump, used to recreate a local test environment for malware analysis. (Credit: FortiGuard)

During traffic analysis, Fortinet captured decrypted WebSocket requests and responses, uncovering how the malware collects and reports system information, including OS version and architecture.

Interestingly, the malware’s encryption scheme uses a randomly generated key for XOR-based scrambling of packet data before it is handed off for TLS encryption. This extra layer adds protection against simple network-based detection, forcing researchers to rely on endpoint inspection or memory-level analysis to catch malicious activity.

New Malware Spotted Corrupts Its Own Headers to Block Analysis

A recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…

A recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive File Picker handles permissions, opening the door for hundreds of popular web applications, including ChatGPT, Slack, Trello, and ClickUp, to access far more user data than most people realize.

According to the report, the problem comes from how the OneDrive File Picker requests OAuth permissions. Instead of limiting access to just the files a user selects for upload or download, the system grants connected applications broad read or write permissions across the user’s entire OneDrive. This means that when you click to upload a single file, the app may be able to see or modify everything in your cloud storage and maintain that access for extended periods.

****A Hidden Access Problem****

OAuth is the widely used industry standard that allows apps to request access to user data on another platform, with user consent. But as Oasis explains in their blog post shared with Hackread.com ahead of its publication on Wednesday, the OneDrive File Picker lacks “fine-grained” OAuth scopes that could better restrict what connected apps can see or do.

Microsoft’s current setup presents the user with a consent screen that suggests only the selected files will be accessed, but in reality, the application gains sweeping permissions over the entire drive.

This works quite differently compared to how services like Google Drive and Dropbox handle similar integrations. Both offer more precise permission models, allowing apps to interact only with specific files or folders without handing over the keys to the whole storage account.

Adding to the concern, older versions of the OneDrive File Picker (versions 6.0 through 7.2) used outdated authentication flows that exposed sensitive access tokens in insecure places, like browser localStorage or URL fragments. Even the latest version (8.0), while more modern, still stores these tokens in browser session storage in plain text, leaving them vulnerable if an attacker gains local access.

****Millions of Users at Risk****

Oasis Security estimates that hundreds of apps use the OneDrive File Picker to facilitate file uploads, putting millions of users at risk. For example, ChatGPT users can upload files directly from OneDrive, and with over 400 million users reported each month, the scale of possible over-permissioning is massive.

Oasis contacted both Microsoft and several app vendors ahead of releasing its findings. Microsoft acknowledged the report and indicated it may explore improvements in the future, but as of now, the system works as designed.

****An Expert View on the API Security Challenge****

Eric Schwake, Director of Cybersecurity Strategy at Salt Security, commented on the research, stating, “Oasis Security’s research points to a major privacy risk in how Microsoft OneDrive connects with popular apps like ChatGPT, Slack, and Trello. Because the OAuth scopes in the OneDrive File Picker are too broad, apps can gain access to an entire drive, not just selected files.”

He warned that “Combined with insecure storage of access tokens, this creates a serious API security challenge. As more tools rely on APIs to handle sensitive data, it’s essential to apply strict governance, limit permissions, and secure tokens to avoid exposing user information.”

****What Users and Companies Should Do****

For users, it’s worth checking which third-party apps have access to your Microsoft account. This can be done through the account’s privacy settings, where you can view app permissions and revoke any you no longer trust.

****How to Check Which Third-Party Apps Have Access to Your Microsoft Account****

*   **Go to your Microsoft Account page** – Visit account.microsoft.com and sign in if you aren’t already.

*   **Click on “Privacy”** – In the top or left menu, find and click the **Privacy** section.

*   **Find “Apps and Services”** – Scroll down or look under account settings for Apps **and Services** you’ve given access to.

*   **View app details** – You’ll see a list of apps that have permission to access your Microsoft account. Click Details on each app to see what data or scopes they can access.

*   **Revoke access if needed** – If you no longer trust or use an app, click Remove these permissions or Stop sharing to revoke its access.

For companies, Oasis recommends reviewing enterprise applications in the Entra Admin Center and monitoring service principal permissions to see which apps may have broader access than intended. Using tools like the Azure CLI can help automate parts of this review.

For developers, the best immediate steps include avoiding the use of long-lived refresh tokens, securely storing access tokens, and disposing of them when no longer needed. Until Microsoft offers more precise OAuth scopes for OneDrive integrations, developers are encouraged to explore safer workarounds, like supporting “view-only” shared file links instead of direct picker integrations.

OneDrive File Picker Flaw Gives Apps Full Access to User Drives

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.

Cybersecurity researchers at BeyondTrust are warning about a little-known but dangerous issue within Microsoft’s Entra identity platform. The issue isn’t some hidden bug or overlooked vulnerability; it’s a feature, built into the system by design, that attackers can exploit.

The issue is that guest users invited into an organization’s Azure tenant can create and transfer subscriptions inside that tenant without having any direct admin privileges there. Once they do, they gain “Owner” rights over that subscription, opening up a surprising set of attack opportunities that many Azure administrators might never have considered.

****What’s Happening Behind the Scenes****

Organizations frequently invite external partners or collaborators into their Azure environments as “guest users.” Typically, these guests are assigned limited access to prevent damage if their accounts are compromised. But BeyondTrust’s findings shared with Hackread.com, reveal that under certain conditions, these guests can spin up entire Azure subscriptions inside the host tenant, even without explicit permissions in that environment.

How? It all comes down to Microsoft’s billing permissions. If the guest holds specific billing roles in their home tenant (for example, they created a free trial account), they can use that authority to create subscriptions and then move them into any other tenant they are invited to. By doing so, they effectively become “Owners” of those subscriptions, gaining broad control over resources inside the targeted tenant.

Microsoft has confirmed that this is intended behaviour, pointing out that these subscriptions stay on the guest’s bill and that there are existing (but non-default) controls to prevent such transfers. Still, the security implications are substantial.

****The Privilege You Didn’t See Coming****

Once a guest becomes a subscription Owner inside your Azure tenant, they unlock several advanced capabilities including Identifying who’s really in charge, disabling security monitoring, creating persistent backdoors and abusing device trust

These attack paths exist because billing roles and resource permissions operate on separate tracks, creating an overlap that isn’t covered by typical role-based access control (RBAC) models.

**Real-World Attack Steps**

BeyondTrust researchers demonstrated how an attacker could exploit this issue in practice. An attacker could start by setting up their own Azure tenant using a free trial, which automatically gives them billing authority.

Once they are invited as a guest into a target tenant, they can log into the Azure portal and create a new subscription using advanced settings, selecting the target tenant as the destination. Without ever needing admin approval in that tenant, the attacker gains full Owner access over the new subscription, opening the door to privilege abuse techniques.

> _“The feature Microsoft has created here makes sense: some organizations have many tenants, and there are use cases where users with one home directory need to create subscriptions in others they are simply a guest in. The problem lies in the default behavior: if this capability were opt-in, meaning guests were blocked from creating subscriptions by default, the risk would be significantly reduced, and this wouldn’t pose a security concern.”_
> 
> Simon Maxwell-Stewart, Sr Data Engineer – BeyondTrust

****Microsoft’s Position****

Microsoft has stated that this is intended behaviour, meant to support complex multi-tenant setups where guests sometimes need to create resources. They provide subscription policies that can block these transfers, but these controls are off by default.

For cybersecurity teams, this means the risk remains active until they take clear action. BeyondTrust recommends several key steps to reduce exposure including enabling subscription policies that block guest-led transfers, regularly auditing guest accounts and removing any that are unused or unnecessary.

To prevent attackers from using virtual machines or devices for further attacks, closely monitor subscriptions for unusual or unexpected guest-created resources, and carefully review dynamic group rules and device trust policies.

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for fake AI video tools, leading to stolen credentials and credit card information.

Mandiant Threat Defense has uncovered a widespread cybercrime operation preying on the public’s excitement for new AI tools. A group known as UNC6032, believed to be based in Vietnam, is tricking people with fake social media ads that look like they’re promoting popular AI video generators such as Luma AI and Canva Dream Lab.

According to Mandiant’s research, shared with Hackread.com, UNC6032 has been running misleading ads on platforms like Facebook and LinkedIn since mid-2024. These ads direct users to fake websites that appear to offer AI video generation services.

However, these sites secretly download harmful software, including infostealers and backdoors, which steal sensitive information like login details and personal data. The stolen data is likely sold on illegal online markets.

This type of attack is a major concern for everyone, from individuals to large companies. In fact, according to Mandiant’s M-Trends 2025 report, stolen credentials are the second-highest initial way cybercriminals get into systems. Mandiant has found thousands of these ads, reaching millions of users, and believes similar campaigns are active on other social media sites.

For instance, one specific attack that Mandiant investigated started with a Facebook ad for Luma Dream AI Machine. When a user clicked on “Start Free Now,” they were led through a series of steps mimicking a real AI video creation process.

After a loading bar, a Download button appeared, which then installed the malicious software instead of a video. The files used a trick with hidden characters and a fake .mp4 icon to appear harmless, but they were actually dangerous executable files.

Malicious Facebook ads on Facebook and LinkedIn (Image credit: Mandiant)

The malicious software used in these attacks, which Mandiant tracks as STARKVEIL, is a complex program written in Rust. It may display fake error messages to trick users into reopening the program. The software then drops other dangerous tools like XWORM, FROSTRIFT backdoors, and the GRIMPULL downloader.

These tools allow attackers to control the computer, steal more information, record keystrokes, and check for security software. GRIMPULL, for example, can download and run the Tor browser to connect to criminals’ hidden servers. XWORM even sends the stolen information to the attackers via Telegram.

According to Mandiant Threat Defense’s blog post, the company is collaborating with Meta and LinkedIn to fight this campaign. Although Meta has removed many of these ads, new ones are appearing daily. This ongoing threat necessitates constant collaboration across the tech industry to protect users.

Yash Gupta, Senior Manager at Mandiant Threat Defense, warns that “well-crafted websites masquerading as legitimate AI tools can pose a threat to anyone… Users should exercise caution when engaging with seemingly harmless ads.”

It is a fact that AI tools are becoming popular, and cybercriminals will continue to exploit this interest. Users are advised to be cautious when trying out new AI tools and verify the website’s address before interacting.

Source

HackRead