OpenAI, Trend Micro, HPE, and Microsoft Patch Critical Zero-Click and RCE Vulnerabilities Amid Surge in Telecom and Cloud Exploits

TL;DR

• OpenAI patches ZombieAgent and ShadowLeak vulnerabilities in ChatGPT connectors, enabling zero-click exfiltration of Gmail, GitHub, and Outlook data via memory and file upload exploits
• Trend Micro releases Critical Patch Build 7190 to remediate CVE-2025-69258 allowing unauthenticated remote code execution in Apex Central via DLL injection into MsgReceiver.exe on TCP port 20001
• UAT-7290 threat actor expands operations across South Asia and Southeastern Europe, deploying RushDrop, SilentRaid, and DriveSwitch malware to compromise telecom infrastructure using SSH brute force and one-day exploits since 2022
• European Space Agency (ESA) suffers 500GB data breach via unpatched public vulnerability, with attackers lateralizing through internal data-sharing platforms and exfiltrating proprietary mission data since September 2025
• CISA adds HPE OneView CVE-2025-37164 to Known Exploited Vulnerabilities catalog, enabling unauthenticated RCE in enterprise infrastructure control plane with public Metasploit module available since December 2025
• Attackers exploit ConsentFix technique to steal Microsoft Entra OAuth 2.0 authorization codes via phishing redirects, redeeming stolen codes for access tokens without triggering traditional MFA or session controls

OpenAI Patches Zero-Click Exploits in ChatGPT Connectors That Exposed Gmail, GitHub, and Outlook Data

OpenAI patched two critical vulnerabilities in ChatGPT connectors: ShadowLeak and ZombieAgent. Both enabled zero-click exfiltration of data via malicious file uploads. ShadowLeak allowed memory readouts to extract OAuth tokens; ZombieAgent executed server-side commands through prompt injection in the upload pipeline.

What data was at risk?

Compromised connectors could automatically harvest Gmail messages, Outlook mailboxes and contacts, GitHub repositories, SSH keys, and OAuth refresh tokens. These credentials permitted persistent access to user accounts without further interaction.

How were the exploits triggered?

Both vulnerabilities were initiated through malformed archive files uploaded via connector interfaces. No user interaction beyond file receipt was required, making them zero-click exploits.

What changes did the patch implement?

The December 2025 patch rewrote the connector sandbox, enforced strict MIME-type validation, disabled unsafe memcpy and memmove operations, and separated privilege contexts between file handling and LLM tool execution.

What are the immediate risks?

Organizations must rotate all OAuth tokens linked to OpenAI Connectors. Unpatched systems remain vulnerable to credential theft and lateral movement across Gmail, Outlook, and GitHub. The OpenAI Compliance API can be abused to enumerate secrets, extending the attack surface.

What compliance risks exist?

Exposure of protected health information (HIPAA) or EU-resident personal data (GDPR) triggers mandatory breach notifications. Regulatory penalties may apply if organizations failed to implement timely access controls or audit logging.

What actions should organizations take?

• Revoke and reissue all OAuth tokens for connected services
• Enforce egress filtering to block unauthorized outbound connections from connector runtimes
• Activate OpenAI Compliance API audit logs and alert on bulk upload events
• Deploy the December 2025 patch within 48 hours
• Implement Zero-Trust policies: require admin approval for new connectors and restrict scopes to least-privilege levels
• Conduct GDPR/HIPAA impact assessments and prepare breach-notification protocols

What is the future outlook?

In the next 30 days, threat actors are expected to target public GitHub repositories containing connector configuration files. By mid-2026, OpenAI will likely release a hardened Connector-SDK with signed uploads and runtime attestation. By 2027, CISA may add these CVEs to its Known Exploited Vulnerabilities catalog, mandating remediation for federal contractors.

What does this reveal about connector architecture?

The year-long delay in patching ZombieAgent, compared to the rapid fix for ShadowLeak, indicates deep coupling between connector apps and LLM tool execution. The underlying architecture remains a high-value target; ongoing hardening is necessary to prevent future zero-click exploits.

Trend Micro Patches Critical RCE Vulnerability in Apex Central with 15-Day Response Time

Trend Micro released Build 7190 on January 8, 2026, to remediate CVE-2025-69258, a critical unauthenticated remote code execution (RCE) vulnerability in Apex Central. The flaw allowed attackers to inject arbitrary DLLs into MsgReceiver.exe via TCP port 20001, enabling SYSTEM-level code execution. The patch blocks this specific vector and also resolves three ancillary vulnerabilities: CVE-2024-69259, CVE-2020-69260, and two denial-of-service issues.

How does the patch timeline compare to industry standards?

The vulnerability was publicly disclosed with a proof-of-concept in Q4 2025. Trend Micro released the patch approximately 15 days after public disclosure. This aligns with the industry average of 12 days for critical RCE vulnerabilities in Q4 2025–Q1 2026, as observed across HPE OneView, GitLab, and Linux kernel updates. The response time is significantly faster than the 30-day baseline cited in the 2024 Verizon DBIR.

What deployment and validation steps are recommended?

• Deploy Build 7190 across all on-premises Apex Central instances using automated tools such as WSUS or SCCM.
• Verify patch status using the command apexctl version.
• Block inbound TCP 20001 at perimeter firewalls until patch deployment is confirmed.
• Run the Tenable-provided DLL-injection test script to validate remediation efficacy.
• Audit legacy plugins or third-party extensions that invoke MsgReceiver.exe and retire or sandbox them.

What follow-up threats should be monitored?

In the 30- to 90-day window following patch deployment, threat actors are likely to target alternative management interfaces or fallback ports previously unused. Security teams should monitor CISA, Tenable, and Trend Micro advisories for new indicators of compromise. Public validation scripts, consistent with GitLab and Linux kernel post-patch practices, are expected to be released on GitHub within 90 to 180 days.

What long-term architectural changes are anticipated?

Trend Micro’s historical roadmap indicates intent to replace monolithic components like MsgReceiver.exe with sandboxed microservices. This transition, likely to occur beyond 180 days, would eliminate the root cause of DLL injection vulnerabilities.

Are other vendors following similar patching patterns?

Yes. HPE OneView and GitLab have adopted comparable practices: bundling multiple CVE fixes into single updates and releasing patches within two weeks of public disclosure. Trend Micro’s approach reflects a broader industry shift toward rapid, holistic remediation of critical vulnerabilities.

UAT-7290 Expands Malware Operations Across Telecom Infrastructure in South Asia and Southeastern Europe

UAT-7290 has transitioned from isolated SSH brute-force attacks on edge routers in South Asia to a multi-regional campaign deploying a three-stage malware chain: RushDrop, SilentRaid, and DriveSwitch. By 2025, the group established 141 Operational Relay Box (ORB) nodes in China-Hong Kong, using the Bulbature TLS certificate for command-and-control (C2) communication. In late 2025, operations expanded into Balkan states, Romania, and Bulgaria, with Windows-based implants RedLeaves and ShadowPad introduced via the same SSH vector.

What techniques enable persistent access?

Initial access is achieved through SSH password spraying and exploitation of publicly disclosed one-day vulnerabilities. Post-compromise, malware drops payloads into hidden .pkgdb directories, employs UPX packing to evade detection, and establishes persistence via iptables rules and SSH reverse tunnels. ORB nodes act as encrypted relays, rerouting C2 traffic through Google Public DNS (8.8.8.8) to blend with legitimate traffic. The Bulbature TLS certificate, reused across SuperShell, GobRAT, and Cobalt Strike, confirms a unified operational backbone.

What infrastructure supports this campaign?

• ORB Nodes: 141 confirmed hosts in China-Hong Kong; additional undisclosed nodes in Southeastern Europe.
• C2 Domains: 23 active domains (.com, .net, .org) resolving via Google DNS.
• Certificate: Bulbature TLS fingerprint (SHA-256) shared across 30+ implants.
• Payloads: UPX-packed binaries averaging 1.2 MB; latency under 200 ms from compromised devices.

What impact does this have on telecom networks?

• Remote shells enable pivoting into VoIP and SS7 signaling layers, risking service disruption.
• Credential harvesting from /etc/passwd and TLS private keys facilitates lateral movement across ISP backbones.
• ORB relays remain functional after host cleanup, providing long-term footholds.
• Routing tables and configuration files (≈30 KB per host) are exfiltrated for future targeting.

What mitigations are effective?

• Enforce key-based SSH authentication and disable password logins; implement fail2ban and IP reputation blocking to reduce initial access success from 22% to below 5%.
• Prioritize patching of public one-day exploits using CISA KEV feeds; deploy within 48 hours of disclosure.
• Segment telecom management systems (OSS/BSS) from internet-facing interfaces and monitor outbound DNS to public resolvers.
• Deploy certificate transparency monitors to detect and block the Bulbature TLS fingerprint.
• Use EDR/NGAV solutions to detect anti-VM checks, UPX packing, and .pkgdb directory activity.
• Correlate inbound IPs and TLS hashes with known ORB infrastructure to automate threat intel updates.

The group’s reliance on low-skill attack vectors and shared infrastructure makes it a high-impact, low-cost threat to telecom operators. Immediate implementation of hardened SSH practices and TLS certificate monitoring is critical to containment.

HPE OneView CVE-2025-37164 Enables Unauthenticated RCE; CISA Mandates Patching by Jan 28, 2026

CVE-2025-37164 is a critical unauthenticated remote code execution vulnerability in HPE OneView versions prior to v11.0. It allows attackers to execute arbitrary commands on the management daemon via a malformed HTTP POST to /rest/v1/management/. The flaw stems from missing input validation and unsafe use of the system() function. CVSS score: 10.0.

When was it exploited and disclosed?

• Dec 16, 2025: HPE released hot-fix v5.20-10.20 to patch the vulnerability.
• Dec 19, 2025: Rapid7 published a public Metasploit module enabling low-skill exploitation.
• Jan 8, 2026: CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
• Jan 28, 2026: Federal Civilian Executive Branch agencies must comply with BOD 22-01 patching deadline.

What systems are at risk?

All HPE OneView instances running versions below v11.0. The control plane manages compute, storage, and networking infrastructure; compromise grants full administrative access to all linked hardware.

What are the operational impacts?

• Attack surface expansion: Single compromised appliance can enable lateral movement across enterprise infrastructure.
• Compliance risk: Non-compliance with BOD 22-01 may result in audit failures and loss of federal funding.
• Time-to-impact reduction: Public exploit code reduces weaponization time from weeks to minutes.

How should organizations respond?

1. Inventory: Use asset discovery tools (e.g., Qualys, Tenable) to identify unpatched OneView instances.
2. Patch: Apply HPE’s Dec 16, 2025 hot-fix; verify version via CLI (show version) or UI.
3. Segment: Restrict management-plane access to trusted subnets; block internet access to the REST endpoint.
4. Monitor: Deploy IDS/IPS rules to detect malformed requests targeting /rest/v1/management/.
5. Document: Maintain records of patch dates and network controls for BOD 22-01 audit compliance.

What’s next?

Threat actors are expected to scan for vulnerable instances and integrate the exploit into ransomware and supply-chain attack toolkits. CISA may accelerate KEV listing criteria to reflect public exploit availability, reducing the window between weaponization and formal advisory.

ConsentFix Attack Bypasses MFA by Stealing OAuth Codes via Legitimate Microsoft Redirects

ConsentFix exploits Microsoft Entra OAuth 2.0 authorization code flows by redirecting victims to legitimate Azure redirect URIs—such as Azure CLI or Azure Resource Manager—after credential phishing. Upon successful sign-in, the authorization code is returned in the query string of an attacker-controlled error page. A client-side script captures the code and forwards it to the attacker’s server, which redeems it for an access token. Because this is a standard OAuth flow, MFA prompts, Conditional Access policies, and session controls are not triggered.

What technical indicators identify ConsentFix attacks?

• Dual-event sign-in pattern: Credential entry from victim IP followed by token redemption from attacker IP within ≤10 minutes.
• Matching SessionID, UserPrincipalName, and ApplicationID across both events with divergent ClientIP.
• Authorization code redemption within ≈30 seconds to avoid expiration (default TTL: 10 minutes).
• Abuse of trusted redirect URIs from Azure CLI (AzureCLI) and Azure Resource Manager (https://management.azure.com/).
• Absence of Proof Key for Code Exchange (PKCE) in public clients, enabling code replay.

What privileges do attackers gain?

Attackers obtain access tokens with scopes equivalent to the Azure CLI client, often granting Owner or Contributor roles. This enables full control over Azure subscriptions, virtual machines, storage accounts, and managed identities. Tokens are short-lived but can be refreshed while the user session remains active, enabling persistence.

Why are traditional security controls ineffective?

MFA is enforced only on interactive sign-ins, not OAuth code flows. Conditional Access policies that target user sign-ins do not apply to client-initiated token exchanges. Log alerts for failed MFA attempts remain silent because no MFA challenge occurs.

What mitigations are effective?

• Enforce PKCE for all public clients via Conditional Access policies.
• Implement tenant-level whitelist of approved OAuth redirect URIs.
• Reduce authorization code lifetime to ≤5 minutes.
• Deploy SIEM rules to correlate matching SessionID/UserPrincipalName with divergent ClientIP within 10 minutes.
• Enable preview feature: "Require MFA for OAuth token request" in Entra ID.
• Train users to verify exact URLs of authentication pages and avoid unsolicited credential links.
• Revoke refresh tokens for high-privilege service principals after suspected compromise.

What future changes are anticipated?

Microsoft is expected to require PKCE for all public clients within 12 months. Enterprises will adopt stricter redirect URI controls, and SIEM platforms will integrate native detection for consent-based token theft patterns. Authorization code validity may be further reduced to enhance detection probability.