Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices

In other news: Password spray attack targets M365 and bypasses MFA; AI agent caught deploying ransomware in live hacks; webinar platform sues security firms over bad IOCs.

Share
Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices

This newsletter is brought to you by Corelight. You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed. You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here.

The developers of a lot of industrial gear and smart devices will have their work cut out for them over the coming months and years to deploy protections against a set of newly discovered and unpatched bugs in the FatFs filesystem driver.

The seven bugs, discovered by security firm runZero, can allow an attacker to use a crafted filesystem image to cause a memory corruption that runs malicious code to jailbreak a targeted device.

Devices that use FatFs for their filesystem are all impacted.

Exploiting the bug requires physical access to plug in a removable media with the corrupted FatFs image, but the bugs can also be exploited in some OTA-related scenarios where the firmware update channel mounts the malicious image automatically.

The list of impacted vendors and devices is too huge to list. Every device that uses FatFs is vulnerable. FatFs is widely used as the standard filesystem on many embeddable devices due to its compatibility with the Windows FAT filesystem and because it's royalty free and open-source. If it's a device that uses a RTOS (real-time operating system), then it's probably also using FatFs.

According to runZero, all FatFs filesystem drivers ever released are vulnerable and no patches are available. The project is one of those typical small-time open-source projects maintained by a handful of unpaid volunteers.

If patches happen, runZero says these will have to be incorporated by downstream vendors who used the driver, if any of the seven CVEs are a realistic attack scenario for them. And we know how vendors like to downplay things, don't we!!!

"FatFs has no CVE history, no security mailing list, and no patch notification mechanism. Every downstream project that vendors must discover, triage, and patch these vulnerabilities independently, usually without knowing they are affected. That means the window between public disclosure and widespread remediation will be measured in years, not days. The practical attack surface is therefore not one software application or service, but tens of millions of devices across dozens of independent codebases, many of which will never receive a patch."

Risky Business Podcasts

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, Adam, and James at the helm!


Breaches, hacks, and security incidents

Pi Mobile data breach: One of Taiwan's largest mobile operators is being extorted by a ransomware group. Pi Mobile was hacked last month by a newly-launched ransomware operation named Settra. The telco says the hack didn't impact its widely used mobile payments platform. Taiwan's Ministry of Digital Affairs has launched an investigation into the hack to confirm that personal data wasn't stolen and that Pi Mobile was using proper security practices. [Pi Mobile // Taiwan News]

Avans University leak: The Avans University of Applied Sciences in the Netherlands patched a bug that allowed threat actors to access every student's data through its official AMIGO app. [Avans]

Kubota hack: The North American division of agriculture equipment maker Kubota has disclosed a security breach. The incident took place between March and April and exposed employee information. No ransomware group has taken credit for the hack so far. [Kubota]

40% of crypto heists linked to private keys incidents: The cryptocurrency industry has lost $16.69 billion to hacks over its lifetime and about 40% of that amount was stolen using authentic private keys. This includes private keys exposed by accident, brute-forced by attackers, but also hacked using exploits or phishing attacks. In almost half of all private key hacks, the source of the compromise is still unknown. [CoinDesk]

General tech and privacy

EU court confirms Google mega-fine: The EU's highest court has upheld a €4.125 billion fine against Google. The EU fined the American tech giant in 2018 for abusing Android's market dominance to force phone makers to pre-install its Search and Chrome apps on customer devices. It was one of the three fines Google was trying to have repealed in the EU. The company was also fined €2.95 billion for its abuses on the advertising market and another €2.4 billion for favoring its own shopping service in search results. [DW]

Vint Cerf retires: Vint Cerf, the co-developer of the TCP/IP standard, is stepping down from his role of chief internet evangelist at Google and retiring at the age of 83. [TechCrunch]

PlayStation to go discless: Sony will stop releasing new games on physical discs in 2028, meaning all future PlayStation consoles will go discless and load games from the PSN cloud only. [PlayStation]

Just a reminder that Playstation is the same company that, less than a week ago, removed 551 movie titles from people's accounts even if they were "purchased" and gave no refunds. They've already signaled they are not to be trusted with digital only products. blog.playstation.com/2026/07/01/p...

[image or embed]

— Council of Geeks (@councilofgeeks.bsky.social) 2 July 2026 at 04:35

Chrome 150: Google has released version 150 of its Chrome browser. See here for security patches and webdev-related changes. The biggest change in this release is the addition of post-quantum cryptography (support for ML-DSA in TLS connections), support for the FIDO Alliance Credential Exchange standard in Chrome on Android, a new "Always use secure connections" mode, and new UI elements for the "AI era" of Chrome, such as new icons, context menus, and settings.

Opera rolls out paste protection: The Opera browser has rolled out a new feature designed to block ClickFix attacks. The new Paste Protect feature scans a user's clipboard for malicious commands and can show warnings about possible attacks. The feature is enabled by default and requires no configuration. [Opera]

Government, politics, and policy

US lifts Anthropic export controls: The US government has lifted export restrictions on Anthropic's Fable 5 and Mythos 5 AI models. The company withdrew the models from public access on June 12 after the US Commerce Department ordered it to block foreign nationals from accessing the tools. The Trump administration has been under near-universal pressure to reverse the decision since then. [Anthropic // Axios]

Glad we’re not we’re not benching our best AI models, but it’s not a victory yet. I warned that “fixing jailbreaks” only slows defenders. Fable 5 will fall back to Opus 4.8 for coding & debugging & other models will start to throttle back defensive capabilities too www.anthropic.com/news/redeplo...

[image or embed]

— Katie Moussouris (she/her/she-hulk/she-ra)🌻 (@k8em0.bsky.social) July 1, 2026 at 9:45 PM

US tries to pressure South Korea: A report from the US House Judiciary Committee concluded that South Korean authorities have "discriminated" against Coupang, a US-owned retailer in South Korea because they had the balls to investigate it for a catastrophic breach. The report is utter garbage. Coupang had a breach as clear as day and its US owners are trying to get the US government to pressure Seoul on their behalf into dropping the investigation and the $400 million mega-fine it got. Apparently, in the US it's illegal to carry out "early morning raids, multi-day interrogations, and even the threat of criminal charges" against US corporations. [US House Judiciary Committee]

Belgian police set up phishing squad: Belgium's national police have set up a special division to counter phishing campaigns. The new unit will aggregate data on phishing attacks in order to centralize evidence collection and track down perpetrators faster. The new phishing cell will start operating this summer and will be expanded later in the year. Belgium has seen a 30% rise in phishing reports since 2024. [Belgian Police]

Dutch intel services didn't protect data: The watchdog agency that oversees Dutch intelligence services has found that the military and civil intel agencies, MIVD and AIVD, have broken some rules last year when processing bulk intercepted data. For example, some staff had access to personal information found in the bulk data, some data was stored for too long, and the agencies didn't have proper procedures set up for managing this amount of data. [CTIVD]

Spain allegedly quiet-bans Palantir: The Spanish government has quietly banned American tech company Palantir over fears of national security. According to El Confidential, the government has privately instructed public companies to avoid working with the company. Several EU countries have started rethinking ties with Palantir due to its close ties to the Trump administration and its public anti-EU stance. [El Confidential // LBC]

EU schedules next Chat Control vote: The European Parliament has scheduled another vote on its Chat Control legislation for next week. Compared to the last vote, a lot of countries appear to have changed their mind and are now on board with the idea. [Heise]

Russian cyberattacks in Ukraine top 16k: According to Ukraine's intelligence service, since Russia's invasion in February 2022, authorities have blocked more than 16,000 Russian cyberattacks targeting the country. [SBU]

India tells WhatsApp to pause username rollout: The Indian government has told social media giant Meta to pause the rollout of WhatsApp usernames on its market. The government claimed the new feature would lead to an increase in online fraud, ​phishing, and impersonation attacks by allowing scammers to hide behind generic usernames and not reveal their real phone number. Delhi officials gave Meta three days to respond, by Saturday, July 4. India is WhatsApp's biggest market with over 500 million users. [Reuters]

In this Risky Business sponsor interview, James Wilson chats with Corelight’s VP of Product Vijit Nair defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side, you need modelling of assets and threats. On the reactive side you'll need telemetry so you can act quickly if a threat becomes a reality. 

Arrests, cybercrime, and threat intel

Scattered Spider member extradited to US: US authorities have successfully extradited a member of the Scattered Spider hacking group. Peter Stokes, 19, was arrested in April in Finland when attempting to board a flight to Japan. He went online under his hacker name of Bouquet and has been linked to more than 100 network intrusions. [DOJ]

NetNut proxy service takedown: The FBI, Google, and Lumen have disrupted the server infrastructure of residential proxy service provider NetNut. The takedown comes two weeks after security firms linked the proxy network as the backend for Popa, a malicious botnet involved in brute-force attacks, ad fraud, and large-scale web scraping operations. The reports also linked NetNut to Alarum Technologies, an Israeli company listed on NASDAQ. [KrebsOnSecurity // Google] [Original reports: Synthient // Nokia // Qurium]

323 ransomware victims in the UK: According to the UK's Action Fraud, 323 UK organisations reported a ransomware attack between April 2025 and March 2026. [City of London Police]

LLM backend mass-recon: Threat actors are mass-scanning the internet for misconfigured LLM backend servers. Mass-reconnaissance campaigns have been spotted targeting Ollama, LiteLLM, Langserv, and OpenClaw infrastructure. According to Zenity Labs, exploitation has been spotted against Ollama and LiteLLM already. [Zenity // Zenity // Zenity]

"The activity observed reflects large-scale reconnaissance and discovery of AI deployments, characterized by liveness checks, model-identity fingerprinting, capability probing, and API schema enumeration. While these techniques are often also associated with benign security researchers and bug bounty hunters, the absence of verified intent and the sheer volume of requests suggest a broader malicious campaign."

Password spray attack targets M365: A wave of credential spraying attacks has targeted Microsoft 365 accounts over the past several weeks. The attacks have targeted the old OAuth ROPC (Resource Owner Password Credentials) authentication scheme. A successful authentication using stolen or guessed credentials would allow attackers to generate a token that can bypass MFA-protected accounts. [Huntress]

AI agent caught deploying ransomware: A threat actor has deployed an AI agent to hack Langflow servers, steal credentials, expand access, and then deploy ransomware on production databases. The attacks represent the first known cybercriminal campaign to be fully automated using an AI agent from start to finish. According to security firm Sysdig, the ransomware was undecryptable because the AI agent didn't store the encryption key anywhere. The company tracks the campaign as JADEPUFFER. [Sysdig]

CountLoader campaign returns: McAfee has spotted new malicious browser extensions that deploy a cryptocurrency clipper to intercept cryptocurrency and steal assets. [McAfee]

TeamPCP flash alert: Months after TeamPCP supply chain attacks have ravaged the dev ecosystem, the FBI has published an industry alert about the attacks and the group. [FBI, PDF]

AI-generated browser ransomware: Check Point researchers claim they used an AI agent to develop a browser-based ransomware for Android devices. [Check Point]

Malware technical reports

TONResolver RAT: A new RAT has been spotted in the wild using TON smart contracts to store data on the current C&C server domain. The RAT, called TONResolver, has been seen in attacks targeting Japan's hospitality sector. [Trend Micro]

BeepRAT: Researchers have spotted a new RAT named BeepRAT that was built on top of the DcRAT open-source RAT. Researchers believe this may be a Chinese APT tool. [Rubrik Zero Labs]

ValleyRAT: Even if several of its members have been arrested last month in China, the SilverFox group is still spreading its ValleyRAT malware in new campaigns targeting Japan. [LevelBlue]

ChocoPoC: Security researchers have spotted a cluster of boobytrapped proof-of-concept exploits uploaded on GitHub that try to infect users with a remote access trojan—tracked under the name of ChocoPoC. [Sekoia // YesWeHack]

Ousaban turns to Europe: Ousaban, a banking trojan that's been active in Brazil for several years, has been spotted targeting the users of Spanish and Portuguese banks. [Fortinet]

The Gentlemen ransomware abuses a zero-day to disable EDRs: The Gentlemen ransomware group has been spotted abusing a zero-day in the Kontron API driver (ktapi.sys) to disable EDR products on the networks they're attacking. [Expel]

Sneaky 2FA returns: There are new versions of the Sneaky 2FA phishing kit in the wild being used in campaigns targeting M365 accounts. [ZeroBEC]

ARToken: A new PhaaS platform has been spotted in the wild with "operational patterns" to EvilTokens, the platform specializing in M365 device-code phishing. [Cisco Talos]

James Pope, Corelight's Director of Technical Marketing Engineering, demonstrates the company's Open NDR Platform and how it combines network detections with a whole host of other data sources. 

APTs, cyber-espionage, and info-ops

PolinRider campaign: A North Korean hacking operation targeting developers has spread from npm to Packagist, Go modules, and Chrome extensions. [Socket Security] There's also some new DPRK-linked npm packages in the wild, but these ones spotted by JFrog. [JFrog]

Iran targets its citizens: An Iranian hacking group tracked as TAG-182 is targeting Iranians living inside and outside the country. The group is using free download tools and fake VPN applications to infect targets with MarkiRAT. The infected tools have been promoted on social media networks since April and are likely part of an effort to identify and arrest dissidents. [Recorded Future]

APT-C-20 (FancyBear): Chinese security firm Qihoo 360 has published a report on recent espionage campaigns that have targeted Ukraine. [Qihoo 360]

Philippines info-ops: Researchers have spotted two influence operations, one from China and one operated from within the Philippines, that targeted the country's political scene. The one from China, aka Spamouflage, targeted the current government, while the locally-run one targeted local activists and their recruitment efforts. [DFRLab]

Roska Bridge info-op: A Russian influence operation is targeting audiences on decentralized social networks with aggressive anti-Western and anti-Ukrainian propaganda. The campaign has been active since last September on both BlueSky and Mastodon. Accounts were easy to spot due to their use of a "bridging" service to post on both networks at the same time. They posted images of dead Ukrainians, videos of killer drones, and articles from Russian state media and their vast propaganda network. Researchers spotted hundreds of accounts, with many being short-lived or hosted on unmoderated Mastodon instances. [CheckFirst]

Vulnerabilities, security research, and bug bounty

Security updates: Chrome, Cisco, Citrix, Elastic, Firefox, FreeBSD, Oracle, WinRAR, wolfSSL.

Apple Hide My Email bug exposes email addresses: A vulnerability in Apple's "Hide My Email" tool can allow a remote party to discover a user's real email address. According to 404 Media, Apple has failed to fix the issue for more than a year. Apple rolled some patches in March but the bug can still be exploited to reveal a user's real email. [404 Media]

AirDrop and Quick Share vulnerabilities: Attackers can run malicious code on Android and Apple devices using newly discovered vulnerabilities in the AirDrop and Quick Share protocols. Attackers need to be within 10 to 30 meters of a target to exploit the bugs. No pairing, authentication, or user interaction is needed. The bugs take advantage of the protocols' design, with the protocols automatically running whenever a new device is close by. Some of the bugs have been patched, while work continues on the others. [ArXiV // CISPA // Help Net Security]

New SharePoint RCE enters exploitation phase: Hackers are exploiting a Microsoft SharePoint vulnerability to take over servers. Attacks are targeting a bug patched in May. [CISA // Microsoft CVE-2026-45659]

New Langflow bugs: Rubrik has published a technical write-up on four bugs in the Langflow AI building framework they found earlier this year. All were patched in May, and two of them have CVSS scores of 9.6 and 9.8. [Rubrik Zero Labs]

New CitrixBleed-like bug exploited in the wild: Hackers have started exploiting a new Citrix vulnerability less than 24 hours after public disclosure. The attacks are exploiting a CitrixBleed-like vulnerability that can allow remote attackers to leak a device's memory and find goodies inside, such as auth or config data. The bug impacts NetScaler ADC and Gateway devices. According to security firm Lupovis, one threat actor appears to be behind the attacks so far. [WatchTowr // Citrix CVE-2026-8451 // Lupovis]

DuneSlide vulnerabilities: Cursor 3.0, released in April, patched two remote code execution bugs. We now have a technical write-up on both. [Cato Networks]

"Both RCE vulnerabilities, which we refer to as “DuneSlide,” achieved a 9.8 CVSS score, and involve breaking out of the IDE’s sandbox environment and were assigned CVE IDs CVE-2026-50548 and CVE-2026-50549."

EPM poisoning: SafeBreach's Ron Ben Yizhak has found new ways to use the Endpoint Mapper (EPM) poisoning technique that he disclosed last year for new Windows LPE attacks. [SafeBreach]

"This research extended the EPM poisoning technique to low integrity processes, demonstrating that even heavily sandboxed applications can be weaponized to escalate privileges if they can trigger an RPC client connecting to an attacker-controlled server. The Data Sharing Service vulnerability, exploited through an XML injection hidden in a toast notification, shows how trust in RPC server identity—when unverified—can cascade into unexpected and impactful security failures."

InkJect attack: Some of today's top-tier AI models are vulnerable to prompt injection attacks using text hidden inside image files. The new InkJect attack has two variations. The first involves using white text on top of a white background, while the second skews and distorts text at different angles. Models instructed to load remote repositories containing the images can read the text and then execute the malicious commands. According to security firm DeepKeep, models Anthropic's Claude and OpenAI's GPT models detected the attacks when images were loaded directly by the user but fell for InkJect attacks when they loaded the images as part of unrelated tasks. [DeepKeep]

Infosec industry

Threat/trend reports: BlackFog, Cobalt, Dr.Web, Endor Labs, Flux, Kaspersky, PeckShield, Pew Research, and Tails have recently published reports and summaries covering various threats and infosec industry trends.

New tool—CredSpy: Spotit's Keanu Nys has released CredSpy, a tool to enumerate Microsoft Entra ID authentication methods for email addresses.

New tool—SpotifyC2: A researcher going by Nirvana has released SpotifyC2, a proof-of-concept tool to use Spotify playlists as a command and control channel.

Webinar platform sues security vendors: Webinar and video conferencing startup MeetingTV has sued two security firms after a threat intelligence report linked the company to a Chinese hacking group. The lawsuit targets Koi Security and Palo Alto Networks, which acquired the former in April. In a report in December, Koi mistakenly labeled the MeetingTV domain as a part of the infrastructure of DarkSpectre, a Chinese group that developed malicious Chrome extensions. Even if Koi corrected the report in February, MeetingTV still sued, claiming its domain is still blocked across multiple security products and services. [Axios] [h/t Ian Campbell]

Update on the Koi report

Risky Business podcasts

In this edition of Seriously Risky Business, Tom Uren and James Wilson talk about Chinese AI labs stealing the special sauce of American AI models in 'distillation attacks'. These attacks are fed by a grey market in which Chinese consumers buy access to American models, where one of the byproducts is logs of user requests and responses. These make wonderful inputs into distillation attacks and the whole market might be subsidised by Chinese AI Labs paying for these logs.

In this episode of Risky Business Features, James Wilson chats with Karsten Nohl about his research into using local LLMs to replace cloud AI in security code reviews.