Threatsday Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits,...

It's getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they're blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut "hacker stories" now looks more like a mirror of the systems we all use.

This week's findings show a pattern: precision, patience, and persuasion. The newest campaigns don't shout for attention — they whisper through familiar interfaces, fake updates, and polished code. The danger isn't just in what's being exploited, but in how ordinary it all looks.

ThreatsDay pulls these threads together — from corporate networks to consumer tech — revealing how quiet manipulation and automation are reshaping the threat landscape. It's a reminder that the future of cybersecurity won't hinge on bigger walls, but on sharper awareness.

Bad actors are leveraging an open-source monitoring tool named Nezha to gain remote access to compromised hosts. Its ability to allow administrators to view system health, execute commands, transfer files, and open interactive terminal sessions also makes it an attractive choice for threat actors. In one incident investigated by Ontinue, the tool was deployed as a post-exploitation remote access tool by means of a bash script, while pointing to a remote dashboard hosted on Alibaba Cloud infrastructure located in Japan. "The weaponization of Nezha reflects an emerging modern attack strategy where threat actors systematically abuse legitimate software to achieve persistence and lateral movement while evading signature-based defenses," said Mayuresh Dani, security research manager at Qualys. The abuse of Nezha is part of broader efforts where attackers leverage legitimate tools to evade signature detection, blend with normal activity, and reduce development effort.

South Korea will begin requiring people to submit to facial recognition when signing up for a new mobile phone number in a bid to tackle scams and identity theft, according to the Ministry of Science and ICT. "By comparing the photo on an identification card with the holder's actual face on a real-time basis, we can fully prevent the activation of phones registered under a false name using stolen or fabricated IDs," the ministry said. The new policy, which applies to SK Telecom, Korea Telecom, and LG Uplus, and other mobile virtual network operators, takes effect on March 23 after a pilot following a trial that began this week. The science min

Source: The Hacker News