Cybercriminals are finding new ways to poison the AI supply chain. Researchers uncovered two malicious ML models on Hugging Face, where attackers used corrupted pickle files to smuggle Python malware. This novel technique, dubbed nullifAI, aimed to bypass security scans and establish a backdoor.

In another case of SEO manipulation, threat actors hijacked IIS servers in Asia, injecting BadIIS malware to manipulate search results and drive unsuspecting users to illegal gambling sites. Government and university servers in Asian countries were among those exploited. Researchers linked the campaign to DragonRank, a Chinese-speaking group.

Patching delays could turn into a disaster. CISA warned that a vulnerability in Trimble Cityworks GIS software is being actively exploited for remote code execution. Even though patches were released, attackers continued taking advantage of unpatched systems, prompting its urgent addition to the KEV catalog.

Top Malware Reported in the Last 24 Hours

Malicious ML models leverage broken Pickle

Cybersecurity researchers found two malicious ML models on Hugging Face, which used unusual "broken" pickle files to avoid detection. These files contained malicious Python content at the start, creating a reverse shell connection to a specific IP address. This method, called nullifAI, tries to bypass security measures against malicious models. The models are believed to be proof-of-concept rather than part of an active attack. The detected models are in PyTorch format, compressed with 7z, avoiding detection by security tools.

Hackers abuse SimpleHelp bugs to drop Sliver

A sophisticated cyberattack abused vulnerabilities in SimpleHelp RMM software. Attackers exploited these bugs to access target networks and deploy the Sliver backdoor. The attack involved fast execution of various tactics, such as discovering the network and creating administrator accounts. It started with a threat actor breaching a SimpleHelp RMM client called JWrapper-Remote Access from an IP address in Estonia, which avoided detection by standard security measures. 

DragonRank deploys BadIIS malware

Threat actors are targeting IIS servers in Asia to manipulate SEO and install BadIIS malware. This campaign seems financially motivated, redirecting users to illegal gambling sites for profit. The IIS servers affected are in countries like India, Thailand, and Japan, linked to governments, universities, and tech companies. The compromised servers serve altered content, including links to malware and credential harvesting pages. Researchers believe a Chinese-speaking group known as DragonRank is behind the attacks, similar to a group called Group 11. BadIIS can change HTTP response headers and redirect users to illegal gambling sites based on specific search terms. 

Top Vulnerabilities Reported in the Last 24 Hours

Critical flaw in Zimbra Collaboration

Zimbra Collaboration has two critical security vulnerabilities: CVE-2025-25064 and CVE-2025-25065. CVE-2025-25064 is a critical SQL injection issue affecting certain versions, allowing attackers to access sensitive data. CVE-2025-25065 is a moderate Server-Side Request Forgery vulnerability that can redirect to internal resources. Zimbra has released patches for these vulnerabilities. 

Exploits target Trimble Cityworks bug, warns CISA

The CISA warned about a security flaw in Trimble Cityworks GIS asset management software, which is being actively exploited. The vulnerability, CVE-2025-0994, could allow an attacker to execute code remotely. It affects Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23. 0. Although patches were released on January 29, the flaw is still being used in real attacks. The CISA also added this vulnerability to its KEV catalog.