ZeroDay Field Notes - Chains That Bind

Friday mornings in this gig: screens lit, Coke Zero cracked, and a fresh batch of reminders that "trusted" is just yesterday's oversight.

This edition? We're threading through supply chains gone feral, malware that's starting to think for itself, and exploits that turn everyday apps into open doors. No grand theories today, just the gritty updates and new angles that keep operators one step ahead.

Let's cut through the noise.

Cascading Compromises: When One Hack Begets Many

Remember that Trivy mess from last week? TeamPCP didn't stop at Aqua's vulnerability scanner. They've pivoted hard, using stolen CI/CD creds to backdoor Checkmarx GitHub Actions and spread into npm via a worm they call CanisterWorm.

What's new here isn't just the scale, it's the cascade. Compromised Trivy tags (v0.69.4 through v0.69.6) harvested secrets, which then unlocked Checkmarx KICS and AST actions, looping in more repos. CanisterWorm adds worm-like propagation: it installs as a systemd service, pulls Python payloads from ICP blockchain canisters for C2, and hunts for more npm tokens to infect upstream. Over 29 packages hit, including @emilgroup/* and @teale.io/eslint-config. Exfil goes to typosquatted domains like scan[.]aquasecurtiy.org and checkmarx[.]zone.

Red takeaway: This is credential pivot porn. Steal once, own the ecosystem. If you're simulating, pin actions to SHA hashes, not tags, and rotate like your opsec depends on it. On the detection side, Sysdig's Falco rules flagged IMDS credential theft and curl-based exfiltration from compromised CI runners, so that's your hunting surface. Audit your Actions logs for tpcp.tar.gz or unexpected POSTs; block C2s like 45.148.10.212. Sysdig on TeamPCP expansion Wiz on Trivy

Sticking with chain reactions, five malicious npm packages are typosquatting Solana and Ethereum libs to swipe private keys. They mimic legit crypto tools, but hook Node.js's child_process to exfil via Telegram bots. Targets devs handling sensitive keys; no vulns needed, just a bad install. If you're purple-teaming supply chains, this pairs nicely with CanisterWorm for realism. Socket.dev breakdown

And Glassworm's still wriggling: backdoored React Native packages (react-native-country-select@0.3.91, react-native-international-phone-number@0.11.8) drop Windows stealers via preinstall hooks, using Solana blockchain for C2 dead-drops and Google Calendar for indirection. 134k monthly downloads mean blast radius. Persistence via scheduled tasks and registry runs; hunt for RTCPeerConnection abuse if you're auditing CI. Aikido analysis

Malware Evolves: Blockchain C2 and Debugger Tricks

EtherRAT's my pick for clever this week. DPRK-linked, but the tech's what shines. It's a Node.js backdoor using Ethereum smart contracts for takedown-proof C2 (EtherHiding), plus CDN-like beacons for C2 polling. Drops via ClickFix/IT support scams, persists with HKCU Run keys chaining through conhost.exe (undocumented --headless flag) to node.exe, and fingerprints deeply (SYS_INFO module grabs everything from processes to sandbox checks). Exfils crypto wallets and cloud creds.

C2 intel for emulation: The EtherHiding resolver uses on-chain smart contracts for C2 address lookup, making traditional domain blacklists useless. Pair the blockchain resolver with headless conhost proxy execution for a tidy evasion chain.

Offensive gold: Active in Retail, Finance. Test it against your own evasion suites. eSentire TRU deep-dive

Vidar Stealer 2.0's another rewind with upgrades: full C rewrite, polymorphic, distributed via fake game cheats on GitHub/Reddit. Multithreaded, reflective DLL injection into browsers via debug ports, steals browser profiles, Telegram sessions, and crypto wallets. Uses Telegram and Steam as C2 dead-drop resolvers. Lures gamers to disable AV, classic social engineering amp. If you're crafting droppers, note the PS2EXE loaders and AutoIt assembly. Acronis TRU report

VoidStealer's the one to watch for browser theft. It bypasses Chrome's ABE (Application Bound Encryption) by setting hardware breakpoints to extract master keys, with no injection traces. First infostealer seen doing this in the wild. If you're building credential harvesters, study the technique; if you're hunting, look for anomalous debugger attaches to browser processes. Gen's writeup has the detection logic worth stealing for your blue team handoffs. Gen analysis

PureLogs RAT's reversed here too: .NET, plugin-based for fileless offense (zero VT hits on stager at time of recovery), or monolithic for crypto theft. C2 via protobuf over TCP with AES. Anti-analysis throughout: sandbox checks, ConfuserEx obfuscation. Derp.ca RE

Exploit Freshness: RCEs and Privescs in the Wild

Langflow's unauth code injection (CVE-2026-33017) went from disclosure to weaponized in 20 hours. Automated scans hit the /api/v1/build_public_tmp endpoint for Python RCE, stealing creds and pivoting to supply chains. CISA added it to KEV with an April 8 federal deadline; Sysdig saw custom scripts harvesting AWS/GCP keys. Chain it with API abuse for AI pipeline owns. Sysdig on rapid exploit CISA KEV

Heads up for fed teams: CISA KEV deadline for CVE-2026-33017 is April 8, 2026. If you're running Langflow in any AI/ML pipeline, remediation clock is ticking.

IDrive Windows client privesc (CVE-2026-1995) via weak folder perms on C:\ProgramData\IDrive. Authenticated attackers manipulate files read by id_service.exe (running as SYSTEM) to execute arbitrary code with SYSTEM privileges. Patch pending; monitor IDrive service spawns. Cyber Security News

Cisco IOS XE Lobby Ambassador vuln (CVE-2026-20114) lets auth'd users create priv level 1 accounts; escalate from there. And Secure Boot bypass (CVE-2026-20104) on Catalyst/IE switches needs physical access but breaks trust chains. Cisco advisory

DarkSword iOS chain (multiple CVEs) is proliferating. UNC6353 and others using it for gov/healthcare hits. Drive-by RCE via WebKit flaws. Google TI

WebRTC skimmer on Magento is a neat trick: it bypasses CSP entirely with DTLS-encrypted UDP for card theft. Entry point is an unpatched PolyShell vulnerability (patched in 2.4.9-beta1, not yet in stable). If you're testing e-commerce targets, this is a fresh exfil channel worth replicating. Blue side: block UDP to 202.181.177.177:3479. Sansec research

Toolkit Expansions: From Botnets to AI Red Teams

Beast Ransomware's full kit leaked: 47 tools from Mimikatz/Kerberoasting to ESXi encryptors. Maps the RaaS lifecycle; study for your own chains. Team Cymru intel

Katana (Mirai variant) compiles rootkits on Android TV boxes. 30k bots, 150Gbps DDoS. AI-assisted code? Novel for IoT. Nokia Deepfield ERT

Novee brings autonomous AI red-teaming to LLM apps. Simulate attacks in CI/CD. Offensive potential: weaponize for real ops. Security Boulevard

Wrapping this: In a world where chains link faster than we can break them, offense wins by borrowing trust, defense by questioning it.

Stay frosty out there.

~ UncleSp1d3r