Based on reporting by The Hacker News →
Introduction
Cyber attacks used to be noisy; now they are polished. This week’s threat landscape reveals a disturbing plateau: a supply-chain attack kit openly hosted in a public repository, a $5,000-a-month Remote Access Trojan capable of cloning browser sessions, and research confirming that AI agents can be manipulated into leaking real credentials—all underpinned by mule networks that are run with the operational efficiency of a software-as-a-service business.
The problem
According to reporting by The Hacker News (source: thehackernews.com, headline: *"ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories"*), the security community has observed a wave of evolution rather than revolution. Specifically, the bulletin highlights three distinct developments: (1) a supply-chain attack toolkit has been discovered in a public repository, lowering the barrier for copycat attackers; (2) a Remote Access Trojan priced at $5,000 per month is now capable of cloning entire browser sessions, including cookies and stored credentials; and (3) research demonstrates that AI agents can be prompted—phished, essentially—into divulging real, sensitive credentials. Furthermore, the bulletin notes that mule networks, traditionally reliant on low-sophistication money mules, are now being orchestrated with the structure, reliability, and customer service of a legitimate SaaS company.
Consequences
The immediate stakes are threefold. First, the public availability of a supply-chain attack kit means that organizations of any size—including small businesses using shared hosting or open-source dependencies—are now in the crosshairs of attackers who previously lacked the resources to build such a kit from scratch. Second, the professionalization of credential-harvesting RATs (the $5,000/month tool) signals that a new tier of targeted, high-value credential theft is accessible to mid-tier criminal groups, not just nation-state actors. Third, the credential-leak vulnerability in AI agents introduces an entirely new surface area: if a company deploys a large-language-model agent to assist with customer support, code review, or internal research, that agent can be socially engineered into leaking secrets, effectively bypassing human security training. Combined with the mule network “SaaS-ification,” the entire cybercrime supply chain is becoming harder to attribute, faster to scale, and easier to repeat.