DAEMON Tools trojanized in supply chain breach, patched version released
Disc Soft confirms malware was inserted into its popular disc imaging software; users urged to update immediately to clean build.
Disc Soft Limited has confirmed that DAEMON Tools Lite, a widely used disc imaging utility, was compromised in a supply chain attack. The company released a malware-free version following discovery that attackers had trojanized the software.
The breach represents a classic supply chain compromise: adversaries inserted malicious code into legitimate software distributed through official channels. Users who downloaded affected versions unknowingly installed both the intended application and attacker-controlled malware. Disc Soft has not disclosed the attack timeline, the number of affected downloads, or the malware's capabilities.
DAEMON Tools has been installed on hundreds of millions of systems globally over two decades, making it a high-value target for supply chain operators. The software's legitimate function—mounting virtual drives and managing disc images—grants it elevated system access, a feature attackers can exploit for persistence and lateral movement.
- 01DAEMON Tools users face potential compromise; immediate update required to remove malware.
- 02IT teams must audit systems for indicators of compromise from trojanized versions.
- 03Software vendors under renewed pressure to harden build pipelines and signing infrastructure.
- 04Incident underscores persistent risk of supply chain attacks on widely deployed utilities.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.