Connect with us

CyberSecurity

A Cybersecurity Startup Promising Millions for Zero-Day Exploits Is Run by Convicted Felons

Published

on

offensive cybersecurity startup

The Pitch: Million-Dollar Bounties for Hacker Talent

An aggressive new player has entered the high-stakes world of zero-day acquisitions. IRIS C2, a self-described cybersecurity firm based in McLean, Virginia, is publicly dangling payouts of up to $7 million for previously unknown software vulnerabilities. Its X/Twitter account, launched in January 2025, has already amassed over 4,000 followers by posting about exploits, AI, and security bugs. The company’s website claims it buys “zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms.”

But the pitch is not what it seems. A deeper look reveals that the people behind IRIS C2 are not your typical security researchers. They are Jack Burkman, 60, and Jacob Wohl, 28 — a duo with a long rap sheet of fraud, felony convictions, and fabricated conspiracy theories.

The Men Behind the Curtain: Burkman and Wohl

Burkman and Wohl have spent years building a reputation for deception. In 2019, they held press conferences falsely accusing then-presidential candidates Elizabeth Warren and Kamala Harris of extramarital affairs. They fabricated sexual assault claims against former FBI Director Robert Mueller and Pete Buttigieg. Their specialty? Creating fake intelligence companies to spread disinformation.

After the 2020 election, the pair orchestrated a massive robocall campaign targeting Black voters in battleground states with false claims about mail-in ballots. They were indicted in Cleveland on 15 felony counts of voter suppression. In late 2025, after exhausting appeals, they were sentenced to probation. Earlier, in 2022, both pleaded guilty to telecommunications fraud in Ohio. In March 2023, a New York civil court ordered them to pay a $1 million settlement for violating federal and state civil rights laws. The FCC followed with a $5.1 million fine — the largest ever under the Telephone Consumer Protection Act.

Wohl’s history of financial crimes goes back even further. At 17, he started multiple investment firms and earned the nickname “Wohl of Wall Street” after appearing on Fox News in 2015. In 2017, the Arizona Corporation Commission charged him with 14 counts of securities fraud. In 2019, he pleaded guilty in California to four felony counts of selling unregistered securities.

How IRIS C2 Connects to the Duo

The IRIS C2 website is registered to Calvexa Group LLC, a Virginia-based federal contractor. The contact page on Calvexa Group’s site redirects visitors to IRIS C2’s domain. Incorporation records list an Arlington, Virginia address — which turns out to be the office of Burkman’s lobbying firm, Burkman & Associates.

When approached by KrebsOnSecurity, Burkman referred questions to Wohl. Wohl admitted that Burkman is not involved in day-to-day operations but confirmed his own role. He claimed IRIS C2 started as a penetration testing company before pivoting to selling phone-hacking services to the government. He said the firm has about 40 employees, though none are allowed to list their jobs on LinkedIn for “operational security reasons.”

A History of Pseudonyms and Shell Companies

This is not the first time Burkman and Wohl have hidden behind fake identities. In September 2024, Politico reported that the pair ran a now-defunct AI lobbying platform called LobbyMatic under the assumed names “Jay Klein” (Wohl) and “Bill Sanders” (Burkman). Two employees quit after learning their bosses’ real identities. Others only found out after leaving the company.

The Oddity of an Open Zero-Day Market

The market for zero-day exploits has always attracted a motley crew: academics, hobbyists, criminals, and legitimate government contractors. But most firms that sell offensive capabilities to the U.S. government operate with discretion. IRIS C2 is an exception. Its public bravado — posting about million-dollar payouts and recruiting “junior engineers with raw talent/extremely high IQ” — is unusual in a field that prizes anonymity.

Wohl, who has no formal training in computer science, told KrebsOnSecurity: “I know more about tech than anyone. My background has always been extremely technical.” He claimed researchers bring him “spectacularly exquisite capabilities that would make your head spin.” But when pressed on federal contracts, he clammed up, citing national security.

What This Means for the Cybersecurity Community

For vulnerability researchers, the warning is clear: not every buyer is who they claim to be. A company offering life-changing money for exploits might be run by convicted felons with a history of fraud. The offensive cybersecurity startup IRIS C2 may have legitimate aspirations, but its founders’ track record raises serious red flags.

Researchers considering selling their work should vet buyers thoroughly. Check incorporation records. Search for legal judgments. Ask for references. The zero-day market is lucrative, but it’s also a playground for fraudsters. Burkman and Wohl have proven they can reinvent themselves — but their past keeps catching up.

As one conference attendee told KrebsOnSecurity, Wohl and Calvexa Group were aggressively soliciting vulnerability researchers at a recent cybersecurity event. The message was simple: they wanted to buy exploits. The subtext, now clear, is that the sellers should have asked more questions.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

CyberSecurity

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

Published

on

RedWing Android malware

RedWing Android malware: A new Telegram rental for bank fraud

A fresh Android malware operation, dubbed RedWing, is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts.

Security researchers at Zimperium‘s zLabs unit, which discovered the operation, say it appears to be a new variant of Oblivion — a $300-a-month rent-a-malware tool that’s been circulating in underground forums since late 2023.

The rise of Malware-as-a-Service (MaaS) on messaging platforms like Telegram is lowering the barrier to entry for cybercrime. RedWing is the latest example, packaging sophisticated Android bank fraud into a subscription model anyone can buy.

How RedWing works: Remote access and OTP theft

RedWing is a Remote Access Trojan (RAT) specifically designed for Android devices. Once installed — often through malicious apps sideloaded from third-party stores or phishing links — it can:

  • Take over the victim’s screen in real time, allowing the attacker to see everything the user does.
  • Steal banking credentials by overlaying fake login pages on top of legitimate banking apps.
  • Intercept one-time passwords (OTPs) sent via SMS, defeating two-factor authentication.
  • Log keystrokes and capture screenshots, giving the attacker full visibility into the device.

The malware communicates with its command-and-control (C2) server over encrypted channels, making detection harder for traditional antivirus tools. Zimperium’s zLabs says RedWing targets over 100 banking apps globally, with a particular focus on European and Latin American financial institutions.

Oblivion connection: A $300-a-month malware family

Zimperium’s analysis reveals strong code similarities between RedWing and the Oblivion malware family. Oblivion, first documented in early 2024, was sold as a subscription service for $300 per month on Telegram and dark web forums. It offered similar capabilities — screen recording, keylogging, and SMS interception — but RedWing appears to be an upgraded version.

Key differences include:

  • Improved obfuscation to evade Google Play Protect and other security scanners.
  • New anti-analysis tricks, such as detecting if it’s running in an emulator or sandbox environment.
  • Expanded target list with more banking apps and cryptocurrency wallets.

The pricing for RedWing hasn’t been disclosed publicly, but Zimperium suspects it follows a similar subscription model. The Telegram channel advertising the service boasts features like “24/7 support” and “regular updates” — a sign that the operators are treating it as a professional business.

Telegram as a marketplace for cybercrime tools

Telegram has become a hub for cybercriminal activity, from selling stolen data to renting out malware. The platform’s encrypted messaging, large file sharing, and channel features make it ideal for underground marketplaces. RedWing’s operators use Telegram channels to advertise their product, provide customer support, and distribute updates.

This isn’t new. Researchers have documented dozens of MaaS operations on Telegram, including ransomware builders, DDoS-for-hire services, and phishing kits. What makes RedWing notable is its focus on Android bank fraud — a lucrative niche where even low-skill attackers can drain accounts if they have the right tools.

For victims, the consequences can be severe: emptied bank accounts, stolen identities, and months of financial recovery. For banks, it means constantly updating fraud detection systems to catch new variants of malware.

How to protect against RedWing and similar threats

Android users can take several steps to reduce their risk:

  • Only install apps from the Google Play Store. Sideloading apps from unknown sources is the primary infection vector for RedWing.
  • Review app permissions carefully. If a flashlight app asks for SMS access or screen overlay permissions, that’s a red flag.
  • Enable Google Play Protect and keep it updated. It won’t catch everything, but it blocks many known malware samples.
  • Use a reputable mobile security app that can detect malicious behavior in real time.
  • Never click on links in unsolicited SMS or email messages claiming to be from your bank. Instead, open your banking app directly.

For security teams, Zimperium recommends monitoring for traffic patterns associated with RedWing’s C2 servers and integrating mobile threat detection into their existing security stack.

The bigger picture: MaaS is here to stay

RedWing is just the latest in a growing wave of Malware-as-a-Service offerings. As long as there’s demand for easy-to-use cybercrime tools, developers will build them and market them on platforms like Telegram. The barrier to entry for digital bank fraud has never been lower.

For consumers, the takeaway is clear: treat your phone like a wallet, because that’s exactly what attackers see it as. And for the security industry, the challenge is keeping up with an ever-evolving threat landscape where a new variant can appear on Telegram overnight.

Zimperium’s full technical report on RedWing is available on their blog, with indicators of compromise (IOCs) for security teams to use. The company says it’s sharing its findings with Google and affected financial institutions to help mitigate the threat.

Continue Reading

CyberSecurity

North Korean Hackers Poison Open Source Repos to Steal Developer Credentials

Published

on

North Korean hackers

More Than 100 Open Source Packages Weaponized in Ongoing Campaign

Since December 2025, a threat group linked to North Korea has been systematically compromising open source repositories and package registries. Security firm Socket calls the operation PolinRider, and it’s already hit more than 100 legitimate packages across NPM, Packagist, Go modules, and Chrome extensions.

The attackers aren’t just sneaking in a single malicious library. They’re deploying a two-stage infection: a JavaScript loader that pulls down the DEV#POPPER remote access trojan (RAT) and a separate information stealer called OmniStealer. The goal is to grab credentials, source code, and CI/CD secrets from developer machines.

Socket has identified 162 malicious release artifacts across 108 unique packages so far. And they expect more to surface.

How PolinRider Works: Compromised Accounts and Rewritten Git History

The attack chain starts with the threat actor taking over legitimate maintainer accounts on GitHub. Once inside, they tamper with repositories and push infected package versions. To cover their tracks, they rewrite Git history — making the malicious changes look like they were made months earlier.

The compromised repos contain obfuscated JavaScript loaders. Those loaders connect to blockchain and public RPC infrastructure to fetch encrypted payloads. It’s a clever way to host command-and-control data on decentralized networks, making takedowns harder.

One example Socket flagged: a GitHub account called Xpos587, which maintains several repositories. All of them were modified on June 23 within a short window. That pattern — a burst of changes to unrelated repos — is a red flag.

Packagist Compromise: Malware Hidden in Configuration Files

The campaign recently expanded to Packagist, the main package repository for PHP. Multiple packages under the sevenspan namespace were compromised. The attackers stashed the malicious loaders inside configuration files — the kind of files most developers wouldn’t think to inspect closely.

Socket notes that even a cleanup operation missed some of these hidden loaders. That means teams that installed any affected package version should treat the entire development environment as potentially compromised.

Why Developer Machines Are Prime Targets

Developers’ workstations often hold a treasure trove of credentials: package registry tokens, cloud API keys, source code repositories, and CI/CD pipeline secrets. A single compromised machine can give attackers access to an entire organization’s software supply chain.

“Because PolinRider targets developer environments and may expose package registry, source code, cloud, and CI/CD credentials, remediation should be performed from a clean machine, not from the potentially infected host,” Socket warns.

Part of a Broader North Korean Hacking Ecosystem

PolinRider isn’t an isolated incident. Socket connects it to a larger operation called Contagious Interview, which overlaps with several known North Korean campaigns: DeceptiveDevelopment, Operation Dream Job, and ClickFake Interview.

These campaigns share a common playbook. Attackers pose as recruiters, contact developers on LinkedIn or other platforms, and lure them into installing malicious packages or running fake coding tests. The goal is always the same — get a foothold in the developer’s machine and pivot into the corporate network.

Earlier this year, North Korean hackers were blamed for the Mastra NPM supply chain attack and for targeting high-profile Node.js maintainers. They’ve also been spotted using AppleScript and ClickFix tricks in fresh macOS attacks.

What Developers Should Do Right Now

If your team uses open source packages from NPM, Packagist, or Go modules, here’s what Socket recommends:

  • Audit your dependencies against the list of known compromised packages (Socket maintains an updated inventory).
  • Check your GitHub repositories for unusual activity — especially sudden bursts of changes to multiple repos from the same account.
  • Review Git history for rewritten commits. If a commit timestamp looks suspiciously old but the content seems recent, investigate.
  • Rotate all credentials stored on any machine that might have installed an affected package. Do this from a clean, isolated system.
  • Enable two-factor authentication on all package registry and GitHub accounts. Use hardware security keys where possible.

The PolinRider campaign is a stark reminder that open source isn’t just about convenience. It’s an attack surface. And North Korean hackers are exploiting it with increasing sophistication.

Continue Reading

CyberSecurity

Google’s Dialogflow CX Had a ‘Rogue Agent’ Flaw That Let Attackers Steal Chatbot Data

Published

on

Dialogflow CX flaw

The Flaw That Let a Rogue Agent Run Wild

In late 2025, security researchers at Varonis uncovered a troubling vulnerability in Google’s Dialogflow CX, the enterprise-grade platform for building conversational AI. The flaw, which they dubbed a ‘rogue agent’ attack, allowed an unauthorized actor to hijack a chatbot session and siphon sensitive data from unsuspecting users.

The implications are stark. Imagine a customer service bot for a bank or healthcare provider. A rogue agent could pose as the legitimate assistant, ask for personal details, and walk away with account numbers, medical records, or login credentials. Google patched the issue after Varonis disclosed it, but the incident raises uncomfortable questions about how many AI systems are sitting on similar weak points.

How the Dialogflow CX Vulnerability Worked

Dialogflow CX lets developers build complex, multi-turn conversations. It’s used by major enterprises for everything from support to lead generation. The flaw centered on how the platform handled agent-to-agent transfers — a feature meant to escalate a user from a general bot to a specialized one.

Varonis found that under certain conditions, an attacker could inject a malicious agent configuration into a legitimate session. The rogue agent could then override the conversation flow, ask probing questions, and capture responses. The data never left Google’s infrastructure — but it reached the wrong hands within it.

The researchers demonstrated the attack in a controlled environment. They showed that a user interacting with what they thought was a trusted bot could be silently rerouted to a malicious agent without any visual clue. The victim had no way to know the conversation had been hijacked.

Why This Matters Beyond the Patch

Google addressed the flaw quickly, and there’s no evidence it was exploited in the wild. But the Dialogflow CX flaw is a wake-up call for anyone running AI chatbots. The attack surface is broader than most teams realize.

Consider the typical AI pipeline. A chatbot sits on top of a language model, which may have access to databases, APIs, or internal documents. If an attacker can manipulate the conversation layer, they don’t need to break into the database — the bot will happily fetch the data for them. This is a variant of prompt injection, but at the architectural level rather than the prompt level.

Varonis’s finding reinforces a hard truth: AI systems inherit all the old security problems of web applications, plus a whole new set. Authentication, session management, and access controls remain critical. A chatbot is still a web app under the hood.

What Enterprises Should Do Now

If your organization uses Dialogflow CX or any conversational AI platform, here are practical steps to tighten security:

  • Audit agent configurations regularly. Check for unauthorized agents or modified flows. Treat your chatbot environment like you would a production server.
  • Restrict data access. The bot should only have the minimum permissions needed. If it doesn’t need to read customer PII, don’t give it that access.
  • Monitor session logs. Look for unusual transfer patterns or agents that appear out of nowhere. Anomaly detection can catch a rogue agent before it does damage.
  • Test for injection vulnerabilities. Include conversation hijacking in your penetration testing scope. Standard web app tests won’t catch these flaws.

These aren’t exotic measures. They’re basic hygiene, applied to a new context. The same discipline that protects your WhatsApp HD photo sending or your cloud storage applies here — but the attack vector is different, and so the defense must be adapted.

The Bigger Picture: AI Infrastructure Security

The Dialogflow CX flaw is part of a pattern. As companies rush to deploy generative AI, security is often an afterthought. The focus is on model accuracy, latency, and user experience. Hardening the infrastructure comes later — or not at all.

But the stakes are high. A compromised chatbot can damage brand trust, leak customer data, and create regulatory liability. The European Union’s AI Act and similar frameworks are starting to demand accountability. A vulnerability like this is exactly the kind of thing regulators will scrutinize.

Varonis’s disclosure was responsible: they gave Google time to fix the issue before going public. Google’s response was professional. But the incident should prompt every security team to ask: what else is lurking in our AI stack?

Chatbots are everywhere now — on websites, in apps, in customer service portals. They handle sensitive conversations daily. The Dialogflow CX flaw is a reminder that these systems are only as secure as the infrastructure beneath them. A rogue agent can slip in quietly. The question is whether your defenses will catch it.

Continue Reading

Trending