AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Image
Episode 9  •  Mar 31, 2026  •  30 Min

Malvertising, Trusted Tools, Real-Time Attacks & Shrinking Windows

This week’s conversation focuses on a shift in how initial access is actually happening: attackers aren’t just breaking in, they’re being gaining access through tools, workflows, and actions that already look legitimate.

Across this week’s headlines, that shows up in a few ways. Fake AI developer tools delivering infostealers through install commands. Malicious NPM packages turning normal dependency use into a supply chain risk. Real-time phishing through fake Zoom calls that lead directly to remote access.

At the same time, the window between exposure and exploitation is collapsing from days to mere hours with the advancements in AI, i.e., a firewall 0-day moves straight into ransomware activity. Industrial systems designed to stay isolated are now reachable and, in some cases, already being disrupted.

Trust and speed remain the throughline, but they’re showing up in more places and moving faster than most teams are prepared for. Attackers are operating inside normal activity, and by the time it looks suspicious, access is already established.

Key Takeaways:

Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools, TechRadar

https://www.techradar.com/pro/security/infostealers-are-being-disguised-as-claude-code-openclaw-and-other-ai-developer-tools

  • What Matters: Attackers are placing fake AI developer tools directly in front of users who are actively looking for them, then relying on copy-and-paste install behavior to execute malicious code locally. That creates immediate access to source code, credentials, and environment data from the developer workstation. This is supply chain risk at the endpoint. Most organizations don’t have strong controls over what developers can download, run, or stage locally, which means these tools become part of the attack surface the moment they’re executed. The gap isn’t awareness. It’s control.
  • What’s Overhyped: The AI angle makes this feel new, but the underlying tactic is familiar. Impersonation and malvertising have been working for years. What’s changed is how quickly attackers can align those tactics with whatever developers are already trying to use.

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials, The Hacker News

https://thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html

  • What Matters: Malicious NPM packages were able to sit in a trusted ecosystem, get pulled into normal workflows, and then request elevated access to deploy malware. No exploit required. Just trust in the package and the process. This is the compromised workbench playing out in real time. Developers install dependencies, pipelines run as expected, and credentials, wallets, and cloud configs get exposed in the background. Managing dependencies is no longer a hygiene issue. It’s an initial access vector.
  • What’s Overhyped: This isn’t specific to NPM. The same risk exists anywhere teams rely on third-party code they don’t fully understand. The real issue is how much implicit trust exists in dependencies, not the ecosystem itself.

Fake interactive Zoom call leads to malicious ScreenConnect download, SC Media

https://www.scworld.com/news/fake-interactive-zoom-call-leads-to-malicious-screenconnect-download

  • What Matters: This attack compresses phishing into a real-time interaction. The user joins what looks like a legitimate Zoom call, is prompted to update, and installs remote access software on the spot. There’s no delay between engagement and compromise. The key detail is the simulated environment. It removes hesitation and keeps the user moving forward. Once the software is installed, the attacker has full access under the user’s context.
  • What’s Overhyped: It’s easy to frame this as a user awareness problem. In practice, timing and context matter more than training. If users can install unsigned or unapproved software, the system is depending on them to make the right call every time, under time pressure.

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks, SecurityWeek

https://www.securityweek.com/cisco-firewall-vulnerability-exploited-as-zero-day-in-interlock-ransomware-attacks/

  • What Matters: A firewall management flaw was exploited as a zero-day to achieve unauthenticated remote code execution and quickly pivot into ransomware activity. The entry point wasn’t obscure. It was exposed management infrastructure. This highlights how little time exists between disclosure and exploitation. Traditional patch cycles assume a buffer that no longer exists. Once a vulnerability is understood, attackers are already working to turn it into access.
  • What’s Overhyped: Focusing only on patch speed misses the larger issue. Systems that centralize access, like firewalls, will continue to be targeted first. Even fast patching doesn’t remove the exposure window.

Threat groups target cyber-physical systems to disrupt critical infrastructure providers, Cybersecurity Dive

https://www.cybersecuritydive.com/news/threat-groups-target-cyber-physical-systems-to-disrupt-critical-infrastruct/815074/

  • What Matters: Attackers are gaining access to industrial control systems by abusing exposed interfaces and default credentials, often without needing exploits. In some cases, that access is already translating into operational disruption. These systems weren’t built for internet exposure, but operational demands keep pushing them into accessible environments. Once connected, they inherit the same risks as IT systems without the same level of defensive control.
  • What’s Overhyped: The focus often lands on advanced attackers and nation-state capability. In reality, many of these environments are accessible through basic weaknesses. Exposure and default access are still doing most of the work for attackers.
Sean McMillan Headshot

Sean McMillan

Community Manager

Sean McMillan is Community Manager at Bishop Fox, focused on making complex security topics easier to understand and more interesting to follow. He holds a bachelor’s degree in Mass Communication and Media Studies from Arizona State University and brings over a decade of experience in podcasting, live hosting, and audience engagement. As host of Initial Access, he works with practitioners to explore how real-world attacks actually happen.

More by Sean McMillan
Derek Rush BF Headshot

Derek Rush

Managing Senior Consultant

Derek Rush, a Managing Senior Consultant, brings vast proficiency in application penetration testing and network penetration testing, both static and dynamic, to the table. With a wealth of experience, Derek has successfully performed dynamic testing for a range of high-profile clients in the healthcare, government, and logistics sectors.

His expertise is backed by a list of impressive certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Practical Web Application Penetration Testing (PWAPT), eLearnSecurity Web Application Penetration Tester (eWPT), and eLearnSecurity Certified Professional Penetration Tester (eCPPT).

More by Derek Rush
Richard Brown headshot

Richard Brown

Senior Managing Operator II

Richard Brown is a Senior Managing Operator II at Bishop Fox, where he leads a team focused on tracking and notifying customers of Emerging Threats, and identifying and helping expand what the operators do; which includes tool development, automation, and working with other business units in Bishop Fox.

Before joining Bishop Fox, Richard served in various security and consulting roles, including positions at MasterCard, Mercy, and Focal Point Data Risk. He also spent several years in law enforcement with the St. Louis Metropolitan Police Department, where he served as a detective in the Intelligence Division. This experience informs his ability to think like an attacker—and uncover what others miss.

Richard holds a Bachelor’s degree in Information Technology from Lindenwood University and an Associate’s degree in Electrical System Design from Ranken Technical College. He has held several certifications, including Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), as well as others from Cisco, Splunk, NW3C, and FEMA.

More by Richard Brown

Subscribe to our PODCAST

Real talk on the threats, trends, and tactics shaping security today

Listen Anywhere

Spotify iHeartRadio YouTube Apple Podcasts Amazon Music

Recommened Resources

You might be interested in these related Resources.

Datasheets

AI-Powered Application Penetration Testing Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Download Datasheet
Guides

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Read Guide
Reports

2026 GigaOm Radar for Attack Surface Management

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Read Report

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.