{"id":549,"date":"2026-04-09T14:13:58","date_gmt":"2026-04-09T14:13:58","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=549"},"modified":"2026-04-09T14:13:58","modified_gmt":"2026-04-09T14:13:58","slug":"hybrid-p2p-botnet-13-year-old-apache-rce-and-18-more-stories","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=549","title":{"rendered":"Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 09, 2026<\/span><\/span>Hacking News \/ Cybersecurity News<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Thursday. Another week, another batch of things that probably should’ve been caught sooner but\u00a0weren’t.<\/p>\n

This\u00a0one’s got some range \u2014 old vulnerabilities getting new life, a few \u00abwhy was that even possible\u00bb moments, attackers leaning on platforms and tools you’d normally trust without thinking twice. Quiet\u00a0escalations more than loud zero-days, but the kind that matter more in practice\u00a0anyway.<\/p>\n

Mix\u00a0of malware, infrastructure exposure, AI-adjacent weirdness, and some supply chain stuff that’s… not\u00a0great. Let’s get into\u00a0it.<\/p>\n

\n
\n
    \n
  1. \n <\/p>\n
    \n Resilient hybrid botnet surge<\/span><\/p>\n

    \n A new variant of the botnet known as Phorpiex (aka Trik) has been observed, using a hybrid communication model that combines traditional C2 HTTP polling with a peer-to-peer (P2P) protocol over both TCP and UDP to ensure operational continuity in the face of server takedowns. The malware acts as a conduit for encrypted payloads, making it challenging for external parties to inject or modify commands. The primary goal of Phorpiex’s Twizt variant is to drop a clipper that re-routes cryptocurrency transactions, as well as distribute high-volume sextortion email spam and facilitate ransomware deployment (e.g., LockBit Black, Global). It also exhibits worm-like behavior by propagating through removable and remote drives, and drop modules responsible for exfiltrating mnemonic phrases and scanning for Local File Inclusion (LFI) vulnerabilities. \u00abPhorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform,\u00bb Bitsight said<\/a>. \u00abThe Phorpiex botnet remains a highly adaptive and resilient threat.\u00bb There are about 125,000 infections daily on average, with the most affected countries being Iran, Uzbekistan, China, Kazakhstan, and Pakistan.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  2. \n <\/p>\n
    \n Chained flaws enable stealth RCE<\/span><\/p>\n

    \n A remote code execution (RCE) vulnerability that lurked in Apache ActiveMQ Classic for 13 years could be chained with an older flaw (CVE-2024-32114) to bypass authentication. Tracked as CVE-2026-34197 (CVSS score: 8.8), the newly identified bug allows attackers to invoke management operations through the Jolokia API and trick the message broker into retrieving a remote configuration file and executing operating system commands. According to Horizon3.ai, the security defect is a bypass for CVE-2022-41678, a bug that allows authenticated attackers to trigger arbitrary code execution and write web shells to disk. \u00abThe vulnerability requires credentials, but default credentials (admin:admin) are common in many environments,\u00bb Horizon3.ai researcher Naveen Sunkavally said<\/a>. \u00abOn some versions (6.0.0 – 6.1.1), no credentials are required at all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated RCE.\u00bb The newly discovered security defect was addressed<\/a> in ActiveMQ Classic versions 5.19.4 and 6.2.3.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  3. \n <\/p>\n
    \n Cyber fraud losses hit record highs<\/span><\/p>\n

    \n Cyber-enabled fraud cost victims over $17.7 billion during 2025, as financial losses to internet-enabled fraud continue to grow. The total loss exceeds $20.87 billion, up 26% from 2024. \u00abCyber-enabled fraud is responsible for almost 85% of all losses reported to IC3 [Internet Crime Complaint Center] in 2025,\u00bb the U.S. Federal Bureau of Investigation (FBI) said<\/a>. \u00abCryptocurrency investment fraud was the highest source of financial losses to Americans in 2025, with $7.2 billion reported in losses.\u00bb In all investment scams led the pack with $8.6 billion in reported losses, followed by business email compromise ($3 billion) and tech support scams ($2.1 billion). Sixty-three new ransomware variants were identified last year, leading to more than $32 million in losses. Akira, Qilin, INC.\/Lynx\/Sinobi, BianLian, Play, Ransomhub, Lockbit, Dragonforce, Safepay, and Medusa emerged as the top ten variants to hit critical manufacturing, healthcare, public health, and government entities.\n <\/p>\n<\/p><\/div>\n<\/li>\n

    <\/p>\n

  4. \n <\/p>\n
    \n AI-driven DDoS tactics escalate<\/span><\/p>\n

    \n According to data from NETSCOUT, more than 8 million DDoS attacks were recorded across 203 countries and territories between July and December 2025. \u00abThe attack count remained stable compared to the first half of the year, but the nature and sophistication of attacks changed dramatically,\u00bb the company said<\/a>. \u00abThe TurboMirai class of IoT botnets, including AISURU and Eleven11 (RapperBot), emerged as a major force. DDoS-for-hire platforms are now integrating dark-web LLMs and conversational AI, lowering the technical barrier for launching complex, multi-vector attacks. Even unskilled threat actors can now orchestrate sophisticated campaigns using natural-language prompts, increasing risk for all industries.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  5. \n <\/p>\n
    \n Insider breach exposes private photos<\/span><\/p>\n

    \n A former Meta employee in the U.K. is under investigation over allegations that he illegally downloaded about 30,000 private photos from Facebook. According to The Guardian<\/a>, the accused developed a software program to evade Facebook’s internal security systems and access users’ private images. Meta uncovered the breach more than a year ago, terminated the employee, and referred the case to law enforcement. The company said it also notified affected users, although it’s not clear how many were impacted.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  6. \n <\/p>\n
    \n Help desk attacks enable enterprise breaches<\/span><\/p>\n

    \n Google said it’s tracking a financially motivated threat cluster called UNC6783 that’s tied to the \u00abRaccoon\u00bb persona and is targeting dozens of high-profile organizations across multiple sectors by compromising business process outsourcing (BPO) providers and help desk staff for later data extortion. \u00abThe campaign relies on live chat social engineering to direct employees to spoofed Okta logins using [org].zendesk-support[##].com domains,\u00bb Austin Larsen, Google Threat Intelligence Group (GITG) principal threat analyst, said<\/a>. \u00abTheir phishing kit steals clipboard contents to bypass MFA and enroll their own devices for persistent access. We also observed them using fake security updates (ClickFix) to drop remote access malware.\u00bb Organizations are advised to prioritize FIDO2 hardware keys for high-risk roles, monitor live chat for suspicious links, and regularly audit newly enrolled MFA devices.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  7. \n <\/p>\n
    \n Magecart skimmer hides in SVG<\/span><\/p>\n

    \n A large-scale Magecart campaign is using invisible 1×1 pixel SVG elements to inject a fake checkout overlay on 99 Magento e-commerce stores, exfiltrating payment data to six attacker-controlled domains. \u00abIn the early hours of April 7th, nearly 100 Magento stores got mass-infected with a ‘double-tap’ skimmer: a credit card stealer hidden inside an invisible SVG element,\u00bb Sansec said<\/a>. \u00abThe likely entry vector is the PolyShell vulnerability that continues to affect unprotected Magento stores.\u00bb Like other attacks of this kind, the skimmer shows victims a convincing \u00abSecure Checkout\u00bb overlay, complete with card validation and billing fields. Once the payment details are captured, it silently redirects the shopper to the real checkout page. Adobe has yet to release a security update to address the PolyShell flaw in production versions of Magento.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  8. \n <\/p>\n
    \n Emoji-coded signals evade detection<\/span><\/p>\n

    \n Cybercriminals are using emojis<\/a> across illicit communities to signal financial activity, access and account compromise, tooling and service offerings, represent targets or regions, and communicate momentum or importance. Using emojis allows bad actors to bypass security controls. \u00abEmojis provide a shared visual layer that allows actors to communicate core concepts without relying entirely on text,\u00bb Flashpoint said<\/a>. \u00abThis is particularly valuable in: large Telegram channels with international membership, cross-border fraud operations, [and] decentralized marketplaces. This ability to compress meaning into visual shorthand helps scale operations and coordination across diverse actor networks.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  9. \n <\/p>\n
    \n Stealth RAT delivered via MSI<\/span><\/p>\n

    \n A ClickFix campaign targeting Windows users is leveraging malicious MSI installers to deliver a Node.js-based information stealer. \u00abThis Windows payload is a highly adaptable remote access Trojan (RAT) that minimizes its forensic footprint by using dynamic capability loading,\u00bb Netskope said<\/a>. \u00abThe core stealing modules and communication protocols are never stored on the victim\u2019s disk. Instead, they are delivered in-memory only after a successful C2 connection is established. To further obfuscate the attacker\u2019s infrastructure, the malware routes gRPC streaming traffic over the Tor network, providing a persistent and masked bidirectional channel.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  10. \n <\/p>\n
    \n macOS attack bypasses Terminal safeguards<\/span><\/p>\n

    \n More ClickFix, this time targeting macOS. According to Jamf, a ClickFix-style macOS attack is abusing the \u00abapplescript:\/\/\u00bb URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload, thereby bypassing Terminal entirely. The attack leverages fake Apple-themed web pages that include instructions to \u00abreclaim disk space on your Mac\u00bb by clicking on an \u00abExecute\u00bb button that triggers the \u00abapplescript:\/\/\u00bb URL scheme. The new approach is likely a response to a new security feature introduced by Apple in macOS 26.4 that scans commands pasted into Terminal before they’re executed. \u00abIt’s a meaningful friction point, but as this campaign illustrates, when one door closes, attackers find another,\u00bb security researcher Thijs Xhaflaire said.\n <\/p>\n<\/p><\/div>\n

    \"\"<\/a><\/div>\n<\/li>\n
  11. \n <\/p>\n
    \n PyPI package exfiltrates AI prompts<\/span><\/p>\n

    \n A malicious PyPI package named hermes-px has been advertised as a \u00abSecure AI Inference Proxy\u00bb but contains functionality to steal users’ prompts. \u00abThe package actually hijacks a Tunisian university’s private AI endpoint, bundles a stolen and rebranded Anthropic Claude Code system prompt, launders all responses to hide the true upstream source, and exfiltrates every user message directly to the attacker’s Supabase database, bypassing the very Tor anonymity it promises,\u00bb JFrog said<\/a>.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  12. \n <\/p>\n
    \n Exposed PLCs targeted by state actors<\/span><\/p>\n

    \n Data from Censys has revealed that there are 5,219 internet-exposed hosts that self-identify as Rockwell Automation\/Allen-Bradley devices. \u00abThe United States accounts for 74.6% of global exposure (3,891 hosts), with a disproportionate share on cellular carrier ASNs indicative of field-deployed devices on cellular modems,\u00bb it said<\/a>. \u00abSpain (110), Taiwan (78), and Italy (73) represent the largest non-Anglosphere concentrations. Iceland’s presence (36 hosts) is disproportionate to its population and warrants attention, given its geothermal energy infrastructure.\u00bb The disclosure follows a joint advisory from U.S. agencies that warned of ongoing exploitation of internet-facing Rockwell Automation\/Allen-Bradley programmable logic controllers (PLCs) by Iranian-affiliated nation-state actors since March 2026 to breach U.S. critical infrastructure sectors, causing operational disruption and financial loss in some cases. The agencies said the attacks are reminiscent of similar attacks on PLCs by Cyber Av3ngers in late 2023.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  13. \n <\/p>\n
    \n Code leak weaponized for malware spread<\/span><\/p>\n

    \n In late March 2026, Anthropic inadvertently exposed internal Claude Code source material via a misconfigured npm package, which included approximately 512,000 lines of internal TypeScript. While the exposure lasted only about three hours, it triggered rapid mirroring of the source code across GitHub, prompting Anthropic to issue takedown notices<\/a> (and later a partial retraction<\/a>). Needless to say, threat actors wasted no time and took advantage<\/a> of the topical nature of the leak to distribute Vidar Stealer, PureLogs Stealer, and GhostSocks proxy malware through fake leaked Claude Code GitHub repositories. \u00abThe campaign abuses GitHub Releases as a trusted malware delivery channel, using large trojanized archives and disposable accounts to repeatedly evade takedowns,\u00bb Trend Micro said<\/a>. \u00abThe combined functionality of the malware payloads enables credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows, giving the operators multiple monetization paths from a single infection.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  14. \n <\/p>\n
    \n Lumma successor adopts evasive tactics<\/span><\/p>\n

    \n A new 64-bit version of Lumma Stealer called Remus (historically called Tenzor) has emerged in the wild following Lumma’s takedown and the doxxing of its alleged core members. \u00abThe first Remus campaigns date back to February 2026, with the malware switching from Steam\/Telegram dead drop resolvers to EtherHiding and employing new anti-analysis checks,\u00bb Gen researchers said<\/a>. Besides using identical code, direct syscalls\/sysenters, and the same string obfuscation technique, another detail linking the two is the use of an application-bound encryption method, only observed in Lumma Stealer to date.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  15. \n <\/p>\n
    \n Court rulings split on AI risk label<\/span><\/p>\n

    \n In a setback for Anthropic, a Washington, D.C., federal appeals court declined to block the U.S. Department of Defense’s national security designation of the AI company as a supply chain risk. The development comes after another appeals court in San Francisco came to the opposite conclusion in a separate legal challenge by Anthropic, granting it a preliminary injunction that bars the Trump administration from enforcing a ban on the use of AI chatbot Claude.The company has said the designation could cost the company billions of \u2060dollars in lost business and reputational harm. As Reuters notes<\/a>, the lawsuit is one of two that Anthropic filed over the Trump administration’s unprecedented move to classify it as a supply chain risk after it refused to allow the military to use Claude for domestic mass surveillance or autonomous weapons.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  16. \n <\/p>\n
    \n Trojanized tools deliver crypto clipper<\/span><\/p>\n

    \n In a new campaign<\/a> observed by Kaspersky, unwitting users searching for proxy clients like Proxifier on search engines like Google and Yandex are being directed to malicious GitHub repositories that host an executable, which acts as a wrapper around the legitimate Proxifier installer.Once launched, it configures Microsoft Defender Antivirus exclusions, launches the real Proxifier installer, sets up persistence, and runs a PowerShell script that reaches out to Pastebin to retrieve a next-stage payload. The downloaded PowerShell script is responsible for retrieving another script containing the Clipper malware from GitHub. The malware substitutes cryptocurrency wallet addresses copied to the clipboard with an attacker-controlled wallet with the intention of rerouting financial transactions. Since the start of 2025, more than 2,000 Kaspersky users \u2013 most of them in India and Vietnam \u2013 have encountered the threat.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  17. \n <\/p>\n
    \n SaaS platforms abused for phishing delivery<\/span><\/p>\n

    \n Threat actors are leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. Because these emails are dispatched from the platform’s own infrastructure (e.g., Jira’s Invite Customers feature), they are unlikely to be blocked by email security tools. \u00abThese emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira, minimizing the likelihood that they will be blocked in transit to potential victims,\u00bb Cisco Talos said<\/a>. \u00abBy taking advantage of the built-in notification functionality available within these platforms, adversaries can more effectively circumvent email security and monitoring solutions and facilitate more effective delivery to potential victims.\u00bb The development coincides with a phishing campaign targeting multiple organizations with invitation lures sent from compromised email accounts that lead to the deployment<\/a> of legitimate remote monitoring and management (RMM) tools like LogMeIn Resolve. The campaign, tracked as STAC6405<\/a>, has been ongoing since April 2025. In one case, the threat actor has been found to leverage a pre-existing installation of ScreenConnect to download a HeartCrypt-protected ZIP file that ultimately leads to the installation of malware that’s consistent with ValleyRAT<\/a>. Other campaigns have leveraged procurement-themed emails<\/a> to direct users to cloud-hosted PDFs containing embedded links that, when clicked, take victims to Dropbox credential harvesting pages. Threat actors have also distributed executable files<\/a> disguised as copyright violation notices to trick them into installing PureLogs Stealer as part of a multi-stage campaign. What’s more, Reddit posts advertising the premium version of TradingView have acted as a conduit for Vidar and Atomic Stealer to steal valuable data from both Windows and macOS systems. \u00abThe threat actor actively comments on their own posts with different accounts, creating the illusion of a busy and helpful community,\u00bb Hexastrike said<\/a>. \u00abMore concerning, any comments from real users pointing out that the downloads are malware get deleted within minutes. The operation is hands-on and closely monitored.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  18. \n <\/p>\n
    \n Linux SMB flaw leaks crypto keys<\/span><\/p>\n

    \n A high-severity security flaw has been disclosed in the Linux kernel’s ksmbd<\/a> SMB3 server. Tracked as CVE-2026-23226<\/a> (CVSS score: 8.8), it falls under the same bug class as CVE-2025-40039<\/a>, which was patched in October 2025. \u00abWhen two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct \u2013 exposing the per-channel AES-128-CMAC signing key and causing a kernel panic,\u00bb Orca said<\/a>. \u00abAn attacker needs valid SMB credentials and network access to port 445.\u00bb Alternatively, the vulnerability can be exploited by an attacker to leak the per-channel AES-128-CMAC key used to sign all SMB3 traffic, enabling them to forge signatures, impersonate the server, or bypass signature verification. It has been fixed in the commit \u00abe4a8a96a93d.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  19. \n <\/p>\n
    \n Prompt injection turns AI into attack tool<\/span><\/p>\n

    \n New research has demonstrated it’s possible to trick Anthropic’s vibe coding tool Claude Code into performing a full-scope penetration attack and credential theft by modifying a project’s \u00abCLAUDE.md\u00bb file to bypass the coding agent’s safety guardrails. The instructions explicitly tell Claude Code to help the developer complete a penetration testing assessment against their own website and assist them in their tasks. \u00abClaude Code should scan CLAUDE.md before every session, flagging instructions that would otherwise trigger a refusal if attempted directly within a prompt,\u00bb LayerX said<\/a>. \u00abWhen Claude detects instructions that appear to violate its safety guardrails, it should present a warning and allow the developer to review the file before taking any actions.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  20. \n <\/p>\n
    \n AI exploit silently leaks enterprise data<\/span><\/p>\n

    \n Grafana has patched a security vulnerability that could have enabled attackers to trick its artificial intelligence (AI) capabilities into leaking sensitive data by means of an indirect prompt injection and without requiring any user interaction. The attack has been codenamed GrafanaGhost by Noma Security. \u00abBy bypassing the client-side protections and security guardrails that restrict external data requests, GrafanaGhost allows an attacker to bridge the gap between your private data environment and an external server,\u00bb the cybersecurity company said<\/a>. \u00abBecause the exploit ignores model restrictions and operates autonomously, sensitive enterprise data can be leaked silently in the background.\u00bb GrafanaGhost is stealthy, as it requires no login credentials and does not depend on a user clicking a malicious link. The attack is another example of how AI-assisted features integrated into enterprise environments can be abused to access and extract critical data assets while remaining entirely invisible to defenders.\n <\/p>\n<\/p><\/div>\n

    \"\"<\/a><\/div>\n<\/li>\n
  21. \n <\/p>\n
    \n Android framework abused for payment fraud<\/span><\/p>\n

    \n LSPosed<\/a> is a powerful framework for rooted Android devices that allows users to modify the behavior of the system and apps in real-time without actually making any modifications to APK files. According to CloudSEK, threat actors are now weaponizing the tool to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems via a malicious module called \u00abDigital Lutera.\u00bb The attack effectively undermines SIM-binding restrictions applied to banking and instant payment apps in India. However, for this approach to work, the threat actor requires a victim to install a Trojan that can intercept SMS messages sent to\/from the device. While the attack previously combined a trojanized mobile device (the victim) and a modified mobile payment APK (on the attacker’s device) to trick bank servers into believing the victim’s SIM card is physically present in the attacker’s phone, the latest iteration leans on LSPosed to achieve the same goals. A key requisite to this attack is that the attacker must have a rooted Android device with the LSPosed module installed. \u00abThis new attack vector allows threat actors to hijack legitimate, unmodified payment applications by ‘gaslighting’ the underlying Android operating system,\u00bb CloudSEK said<\/a>. \u00abBy using LSPosed, the threat actor ensures the payment app’s signature remains valid, making it invisible to many standard integrity checks.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n<\/ol>\n<\/section>\n<\/div>\n

    That’s the week. A\u00a0lot of ground covered \u2014 old problems with new angles, platforms being abused in ways they weren’t designed for, and a few things that are just going to keep getting worse before anyone seriously addresses\u00a0them.<\/p>\n

    Patch\u00a0what you can. Audit\u00a0what you’ve trusted by default. And\u00a0maybe double-check anything that touches AI right now \u2014 that space is getting messy\u00a0fast.<\/p>\n

    Same\u00a0time next\u00a0Thursday.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    \ue804Ravie Lakshmanan\ue802Apr 09, 2026Hacking News \/ Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but\u00a0weren’t. This\u00a0one’s got some range \u2014 old vulnerabilities getting…<\/p>\n","protected":false},"author":1,"featured_media":550,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1141,1142,192,1139,1140,316,187],"class_list":["post-549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-13yearold","tag-apache","tag-botnet","tag-hybrid","tag-p2p","tag-rce","tag-stories"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=549"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/549\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/550"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}