⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field.

This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today's security landscape. Whether you're defending systems or just keeping up, these highlights help you spot what's coming before it lands on your screen.

⚡ Threat of the Week

Oracle 0-Day Under Attack — Threat actors with ties to the Cl0p ransomware group have exploited a zero-day flaw in E-Business Suite to facilitate data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle Concurrent Processing component. In a post shared on LinkedIn, Charles Carmakal, CTO of Mandiant at Google Cloud, said "Cl0p exploited multiple vulnerabilities in Oracle EBS which enabled them to steal large amounts of data from several victims in August 2025," adding "multiple vulnerabilities were exploited including vulnerabilities that were patched in Oracle's July 2025 update as well as one that was patched this weekend (CVE-2025-61882)."

Don't Just Find Threats, Fix Them Faster with XM Cyber & Google

XM Cyber's integration with Google Security Operations helps you focus on what matters most. Proactively reduce your attack surface by turning security context into a clear, actionable remediation plan.

Learn More ➝

🔔 Top News

• Phantom Taurus Targets Africa, the Middle East, and Asia — A previously undocumented Chinese nation-state actor has been targeting government agencies, embassies, military operations, and other entities across Africa, the Middle East, and Asia in a cyber-espionage operation as sophisticated as it is stealthy and persistent. What makes the campaign different from other China-nexus activity is the threat actor's surgical precision, unprecedented persistence, and its use of a highly sophisticated, custom-built toolkit called NET-STAR to go after high-value systems at organizations of interest. The threat actor's operations are supported by other bespoke tools like TunnelSpecter and SweetSpecter to compromise mail servers and steal data based on keyword searches.
• Detour Dog Uses Compromised WordPress Sites to Deliver Strela Stealer — An established, persistent group of cybercriminals has been silently infecting WordPress websites around the world since 2020, using them to redirect unsuspecting site visitors to scam, and, more recently, to malware such as Strela Stealer. The threat actor is tracked as Detour Dog. The attack involves using DNS TXT records to send secret commands to the infected sites to either redirect visitors to scams or fetch and run malicious code. In about 90% of the cases, the website performs as intended, triggering its malicious behavior only in select conditions. Because normal visitors only rarely encounter the malicious payloads, infections often go unnoticed for extended periods of time. Infoblox said Detour Dog likely operates as a distribution-as-a-service (DaaS), using its infrastructure to deliver other malware.
• Self-Spreading WhatsApp Malware SORVEPOTEL Targets Brazil — Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding that the attack is "engineered for speed and propagation" rather than data theft or ransomware. The starting point of the attack is a phishing message sent from an already compromised contact on WhatsApp to lend it a veneer of credibility. The message contains a ZIP attachment that masquerades as a seemingly harmless receipt or health app-related file. Once the attachment is opened, the malware automatically propagates via the desktop web version of WhatsApp, ultimately causing the infected accounts to be banned for engaging in excessive spam. There are no indications that the threat actors have leveraged the access to exfiltrate data or encrypt files.
• ProSpy and ToSpy Spyware Campaigns Target U.A.E. Android Users — Two Android spyware campaigns dubbed ProSpy and ToSpy have impersonated apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). The malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware malware strains establish persistent access to compromised Android devices and exfiltrate data. Neither app containing the spyware was available in official app stores.
• Researchers Demonstrate Battering RAM and WireTap — A new attack called Battering RAM can use a $50 interposer to bypass the confidential computing defenses of both Intel and AMD processors used in hardware powering cloud environments, thus allowing attackers to break encryption designed to protect sensitive data. Similarly, WireTap undermines the guarantees offered by Intel's Software Guard eXtensions (SGX) on DDR4 systems to passively decrypt sensitive data. For the attack to be successful, however, it requires that someone have one-time physical access to the hardware system. Both Intel and AMD have marked the physical attack as "out of scope" of their threat models. The findings coincide with VMScape, another attack that breaks existing virtualization isolation to leak arbitrary memory and expose cryptographic keys. VMScape has been described as "the first Spectre-based end-to-end exploit in which a malicious guest user can leak arbitrary, sensitive information from the hypervisor in the host domain, without requiring any code modifications and in default configuration."

‎️‍🔥 Trending CVEs

Hackers move fast. They often exploit new vulnerabilities within hours, turning a single missed patch into a major breach. One unpatched CVE can be all it takes for a full compromise. Below are this week's most critical vulnerabilities gaining attention across the industry. Review them, prioritize your fixes, and close the gap before attackers take advantage.

This week's list includes — CVE-2025-27915 (Zimbra Collaboration), CVE-2025-61882 (Oracle E-Business Suite), CVE-2025-4008 (Smartbedded Meteobridge), CVE-2025-10725 (Red Hat OpenShift AI), CVE-2025-59934 (Formbricks), CVE-2024-58260 (SUSE Rancher), CVE-2025-43400 (iOS 26.0.1, iPadOS 26.0.1, iOS 18.7.1, iPadOS 18.7.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, and visionOS 26.0.1), CVE-2025-30247 (Western Digital MyCloud), CVE-2025-41250, CVE-2025-41251, CVE-2025-41252 (Broadcom VMware), CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 (OpenSSL), CVE-2025-52906 (TOTOLINK), CVE-2025-59951 (Termix Docker), CVE-2025-10547 (DrayTek), CVE-2025-49844 (Redis), CVE-2025-57714 (QNAP NetBak Replicator), and vulnerabilities in a Russian guest management system called PassOffice.

📰 Around the Cyber World

• New iOS Video Injection Tool Can Conduct Deepfake Attacks — Cybersecurity researchers have uncovered a highly specialized tool designed to perform advanced video injection attacks, marking a significant escalation in digital identity fraud. "The tool is deployed via jailbroken iOS 15 or later devices and is engineered to bypass weak biometric verification systems—and crucially, to exploit identity verification processes that lack biometric safeguards altogether," iProov said. "This development signals a shift toward more programmatic and scalable attack methods." To perform the attack, the threat actor uses a Remote Presentation Transfer Mechanism (RPTM) server to connect their computer to the compromised iOS device and then inject sophisticated synthetic media.
• Qilin Ransomware Claims 104 Attacks in August — The Qilin ransomware operation claimed 104 attacks in August 2025, making it the most active group, followed by Akira (56), Sinobi (36), DragonForce (30), and SafePay (29). "The U.S. remains overwhelmingly the biggest target for ransomware groups, while Europe and Canada continue to draw significant interest from attackers, with Germany and the UK moving past Canada into second and third place, respectively," Cyble said. According to data compiled by Halcyon, Manufacturing, Retail, and Hospitals and Physicians Clinics were the sectors most targeted industry verticals in August 2025.
• New Impact Solutions Toolkit Emerges — A new phishing toolkit named Impact Solutions has surfaced on cybercrime networks, further democratizing access to advanced phishing attacks for threat actors with minimal technical skills. The kit includes modules to build Windows shortcut (LNK) attachments, HTML files for HTML smuggling attacks, HTML templates mimicking login pages and secure invoice viewers, SVG files embedded with scripts, and payloads that leverage the Windows Run dialog for ClickFix attacks. "Promoted as a comprehensive payload delivery framework, Impact Solutions provides attackers with a user-friendly, point-and-click interface to create malicious email attachments that appear completely legitimate," Abnormal AI said. "The toolkit specializes in creating persuasive social engineering lures designed to bypass both user awareness and security filters. These include weaponized Windows shortcut files (.LNK), covert HTML pages, and cleverly disguised SVG images—all built to exploit human trust rather than technical vulnerabilities."
• Microsoft Plans to Retire SVG Support in Outlook — Microsoft said it's retiring support for inline Scalable Vector Graphics (SVG) images in Outlook for Web and the new Outlook for Windows starting early September 2025. "Outlook for Web and new Outlook for Windows will stop displaying inline SVG images, showing blank spaces instead," the company said in a Microsoft 365 Message Center update. "This affects under 0.1% of images, improves security, and requires no user action. SVG attachments remain supported. Organizations should update documentation and inform users." The development comes as threat actors are increasingly using SVG files as a way to distribute malware in phishing campaigns. Previously, Microsoft said the Outlook app for Windows will start blocking .library-ms and .search-ms file types.
• Profile of Keymous+ — A profile of Keymous+ has described it as a threat actor that uses publicly available DDoS booter services to launch DDoS attacks. According to NETSCOUT, the group has been attributed to confirmed 249 DDoS attacks targeting organizations across 15 countries and 21 industry sectors. Government agencies, hospitality and tourism, transportation and logistics, financial services, and telecommunications are some of the most targeted sectors. Morocco, Saudi Arabia, Sudan, India, and France have experienced the most frequent attacks. "Although the group's individual attacks peaked at 11.8Gbps, collaborative efforts with partners reached 44Gbps, demonstrating significantly enhanced disruptive capability," the company said.
• Lunar Spider Uses Fake CAPTCHA for Malware Delivery — The Russian-speaking cybercriminal group known as Lunar Spider (aka Gold Swathmore), which is assessed to be behind IcedID and Latrodectus, has been observed using ClickFix tactics to distribute Latrodectus. "The fake CAPTCHA framework includes a command to run PowerShell that downloads an MSI file and also features victim click monitoring, which reports back to a Telegram channel," NVISO Labs said. "During the execution chain, the MSI file contains an Intel EXE file registered in a Run key that subsequently sideloads a malicious DLL, identified as Latrodectus V2." In a separate report published by The DFIR Report, the threat actor has been attributed to a nearly two-month-long intrusion in May 2024 that began with a JavaScript file disguised as a tax form to execute the Brute Ratel framework via an MSI installer, along with Latrodectus, Cobalt Strike, and a custom .NET backdoor. "Threat actor activity persisted for nearly two months with intermittent command and control (C2) connections, discovery, lateral movement, and data exfiltration," it said. "Twenty days into the intrusion, data was exfiltrated using Rclone and FTP." Details of the activity were previously shared by EclecticIQ.
• Red Hat Confirms Security Incident — Red Hat disclosed that unauthorized threat actors broke into its GitLab instance used for internal Red Hat Consulting collaboration in select engagements and copied some data from it. "The compromised GitLab instance housed consulting engagement data, which may include, for example, Red Hat's project specifications, example code snippets, and internal communications about consulting services," the company said. "This GitLab instance typically does not house sensitive personal data." It also said it's reaching out to impacted customers directly. The acknowledgement came after an extortion group calling itself the Crimson Collective said it stole nearly 570GB of compressed data across 28,000 internal development repositories.
• Google Upgrades CSE in Gmail — Google announced that Gmail client-side encryption (CSE) users can send end-to-end encrypted (E2EE) emails to anyone, even if the recipient uses a different email provider. "Recipients will receive a notification and can easily access the encrypted message via a guest account, ensuring secure communication without the hassle of exchanging keys or using custom software," Google said. The company first announced CSE in Gmail way back in December 2022 and made it generally available in March 2023.
• FunkSec Returns with FunkLocker — The FunkSec ransomware group has resurfaced with a new ransomware strain called FunkLocker that exhibits signs of being developed by artificial intelligence. "Some versions are barely functional, while others integrate advanced features such as anti-VM checks," ANY.RUN said. "FunkLocker forcefully terminates processes and services using predefined lists, often causing unnecessary errors but still leading to full system disruption."
• Ransomware Threat Actor Connected to Play, RansomHub and DragonForce — A September 2024 intrusion that commenced with the download of a malicious file mimicking the EarthTime application by DeskSoft, led to the deployment of SectopRAT, which then dropped SystemBC and other tools to conduct reconnaissance. Also discovered in the compromised environment were Grixba, a reconnaissance utility linked to Play ransomware; Betruger, a backdoor associated with RansomHub; and the presence of a previous NetScan output containing data from a company reportedly compromised by DragonForce ransomware, indicating that the threat actor was likely an affiliate for multiple ransomware groups, the DFIR Report said. While no file-encrypting malware was executed, the actor managed to laterally move across the network through RDP connections and exfiltrate data over WinSCP to an FTP server in the form of WinRAR archives.
• LinkedIn Sues ProAPIs for Unauthorized Scraping — LinkedIn filed a lawsuit against a company called ProAPIs for allegedly operating a network of millions of fake accounts used to scrape data from LinkedIn members before selling the information to third-parties without permission. The Microsoft-owned company said ProAPIs charges customers up to $15,000 per month for scraped user data taken from the social media platform. "Defendants' industrial-scale fake account mill scrapes member information that real people have posted on LinkedIn, including data that is only available behind LinkedIn's password wall and that Defendants' customers may not otherwise be allowed to access, and certainly are not allowed to copy and keep in perpetuity," according to the lawsuit.
• BBC Journalist Offered Money to Hack into Company's Network — A BBC journalist was offered a significant amount of money by cybercriminals who sought to hack into the BBC's network in hopes of stealing valuable data and leveraging it for a ransom. "If you are interested, we can offer you 15% of any ransom payment if you give us access to your PC," the message received by the journalist on the Signal messaging app in July 2025. The individual who reached out claimed to be part of the Medusa ransomware group. Eventually, out of precaution, their account was disconnected from BBC entirely. When the journalist stopped responding, the threat actor ended up deleting their Signal account. The findings show that threat actors are increasingly looking for underpaid or disgruntled employees at prospective targets to sell their access in order to breach networks.
• Spike in Exploitation Efforts Targeting Grafana Flaw — GreyNoise warned of a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 – a Grafana path traversal vulnerability that enables arbitrary file reads – on September 28, 2025. Over the course of the day, 110 unique malicious IP addresses attempted exploitation, with China-, Germany-, and Bangladesh-based IPs targeting the U.S., Slovakia, and Taiwan. "The uniform targeting pattern across source countries and tooling indicates common tasking or shared exploit use," it said. "The convergence suggests either one operator leveraging diverse infrastructure or multiple operators reusing the same exploit kit and target set."
• New Data Leak Site Launched by LAPSUS$, Scattered Spider, and ShinyHunters — The loose-knit group comprising LAPSUS$, Scattered Spider, and ShinyHunters has published a dedicated data leak site on the dark web, called Scattered LAPSUS$ Hunters, threatening to release nearly a billion records stolen from companies that store their customers' data in cloud databases hosted by Salesforce. "We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities," Salesforce said in response. "Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology." In its Telegram channel named "SLSH 6.0 Part 3," Scattered Lapsus$ Hunters said it plans to launch a second data leak site after the October 10 deadline that will be devoted to "our (UNC6395) Salesloft Drift App campaign." The development came after the cyber extortion group announced its farewell last month.
• Signal Announces Sparse Post Quantum Ratchet — Signal has introduced the Sparse Post Quantum Ratchet (SPQR), a new upgrade to its encryption protocol that mixes quantum-safe cryptography into its existing Double Ratchet. The result, which Signal calls the Triple Ratchet, makes it much more challenging for future quantum computers to break private chats. The new component guarantees forward secrecy and post-compromise security, ensuring that even in the case of key compromise or theft, future messages exchanged between parties will be safe. Signal said the rollout of SPQR on the messaging platform will be gradual, and users don't need to take any action for the upgrade to apply apart from keeping their clients updated to the latest version. In September 2023, the messaging app first added support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH).
• Large-Scale Phishing Operations Go Undetected for Years — A "multi-year, industrial-scale phishing and brand impersonation scheme" operated undetected for more than three years on Google Cloud and Cloudflare platforms. The activity relates to a large-scale phishing-as-a-service (PhaaS) operation that included 48,000 hosts and more than 80 clusters abusing "high-trust" expired domains. The campaign subsequently used these domains to impersonate trusted brands to distribute fake login pages, malware, and gambling content. "Many of the cloned sites still load resources from the original brand's cloud infrastructure – meaning the original brand may actively be serving content to a malicious impersonator," Deep Specter said.
• HeartCrypt Evolves into a Loader for Stealer and RATs — The packer-as-a-service (PaaS) malware called HeartCrypt has been distributed via phishing emails to ultimately deploy off-the-shelf stealers and remote access trojans (RATs), as well as a lesser-prevalent antivirus termination program known as AVKiller. The activity used copyright infringement notices to target victims in Italy using LNK files that contained a URL to fetch an intermediate PowerShell payload that displays a decoy document while also simultaneously downloading HeartCrypt from Dropbox. "The HeartCrypt packer takes legitimate executables and modifies them by injecting malicious code in the .text section. It also inserts a few additional Portable Executable (PE) resources," Sophos said. These resources are disguised as bitmap files and start with a BMP header, but afterwards the malicious content follows."
• Software Supply Chain Attack Exploiting Packaging Order — Researchers from the KTH Royal Institute of Technology and Universtité de Montréal have detailed a novel attack called Maven-Hijack that exploits the order in which Maven packages dependencies and the way the Java Virtual Machine (JVM) resolves classes at runtime. "By injecting a malicious class with the same fully qualified name as a legitimate one into a dependency that is packaged earlier, an attacker can silently override core application behavior without modifying the main codebase or library names," the researchers said.
• LNK Files Lead to RAT — In a new attack chain detailed by K7 Security Labs, it has been found that threat actors are leveraging LNK files distributed via Discord to launch a decoy PDF and run PowerShell responsible for dropping a ZIP archive that, in turn, executes a malicious DLL using the Windows command-line tool odbcconf.exe. The DLL is a multi-functional RAT designed to execute commands from a C2 server and collect system information from the infected host. "It employs several techniques, including collecting antivirus product information, bypassing Anti-Malware Scan Interface (AMSI), and patching EtwEventWrite to disable Windows Event Tracing (ETW), making it harder for security solutions to detect its malicious activities," the company said.
• Unpatched Flaws in Cognex InSight IS2000M-120 Smart Camera — As many as nine security vulnerabilities have been disclosed in Cognex IS2000M-120, an industrial smart camera used for machine vision applications, that allow an attacker to fully compromise the devices, undermining their operational integrity and safety. No patches are being planned for the model, given that the company is considering an end-of-life status. "First, an unauthenticated attacker on the same network segment as the device – who is capable of intercepting traffic, for example via a Man-in-the-Middle (MitM) attack – can fully compromise the device through multiple attack vectors," Nozomi Networks said. "This scenario presents a critical risk in environments where network segmentation or encryption is not enforced." Furthermore, a low-privileged user with limited access to the camera can escalate their privileges by creating a new administrative account and gaining full control of the device. Lastly, an attacker with limited access to the Windows workstation where the Cognex In-Sight Explorer software is installed can manipulate backup data intended for the camera and carry out malicious actions.
• Hacktivist Group zerodayx1 Launches Ransomware — A pro-Palestinian hacktivist group known as zerodayx1 launched its own Ransomware-as-a-Service (RaaS) operation called BQTLock, making it the latest group to make such as pivot. Zerodayx1 is believed to be a Lebanese hacktivist active since at least 2023, positioning themselves as a Muslim and pro-Palestinian threat actor. "Hacktivism is no longer confined to ideological messaging," Outpost24 said. "Increasingly, groups are integrating financially motivated operations, signaling a shift toward hybrid models that combine activism with profit-seeking agendas."
• Mobile Apps Leak Data — New findings from Zimperium have revealed that one in three Android apps and more than half of iOS apps leak sensitive data. Nearly half of mobile apps contain hard-coded secrets such as API keys. On top of that, an analysis of 800 free VPN apps for both Android and iOS uncovered that many apps provide no real privacy at all, some request excessive permissions far beyond their purpose, others leak personal data, and some rely on outdated, vulnerable code. Other risky behaviors included missing privacy nutrition labels for apps and susceptibility to Man-in-the-Middle (MitM) attack. "Not all VPN apps can be trusted,' the company said. "Many suffer from weak encryption, data leakage, or dangerous permission requests—problems that are invisible to most end users." In another research published last month, Mike Oude Reimer found that misconfigured mobile apps could be exploited to achieve access to more than 150 different Firebase services. This consisted of access to real-time databases, storage buckets, and secrets.
• Microsoft Shares Insights on XSS Flaws — According to Microsoft, 15% of all important or critical MSRC cases between July 2024 – July 2025 were cross-site scripting (XSS) flaws. Out of 265 XSS cases, 263 were rated Important severity and 2 were rated Critical severity. In all, the company has mitigated over 970 XSS cases since January 2024 alone as of mid-2025.
• Threat Actor Exposes Themselves After Installing Security Software — A threat actor has inadvertently revealed their methods and day-to-day activities after installing a trial version of Huntress security software on their own operating machine and a premium Malwarebytes browser extension. The actor is said to have discovered Huntress through a Google advertisement while searching for security solutions like Bitdefender. Further analysis revealed their attempts to use make.com to automate certain workflows, find running instances of Evilginx, and their interest in residential proxy services like LunaProxy and Nstbrowser. "This incident gave us in-depth information about the day-to-day activities of a threat actor, from the tools they were interested in to the ways they conducted research and approached different aspects of attacks," Huntress said.
• Using bitpixie to Bypass BitLocker — Cybersecurity researchers have found that attackers can circumvent BitLocker drive encryption using a Windows local privilege escalation flaw. "The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE soft reboot feature, whereby the BitLocker key is not erased from memory," SySS said. "To exploit this vulnerability on up-to-date systems, a downgrade attack can be performed by loading an older, unpatched boot manager. This enables attackers to extract the Volume Master Key (VMK) from main memory and bypass BitLocker encryption, which could grant them administrative access." To counter the threat, it's advised to use a pre-boot PIN or apply a patch that Microsoft released in 2023 (CVE-2023-21563), which prevents downgrade attacks on the vulnerable boot manager by replacing the old Microsoft certificate from 2011 with the new Windows UEFI CA 2023 certificate.
• How Threat Actors Can Abuse Domain Fronting — In domain fronting, an attacker could connect to a domain that looks outwardly legitimate by connecting to a domain as google.com or meet.google.com, while the backend routes quietly diverts the connection to attacker-controlled infrastructure hosted inside the Google Cloud Platform. By routing C2 traffic through core internet infrastructure and domains, it allows malicious traffic to blend in and fly under the radar. "You make the SNI [Server Name Indication] look like a trusted, high-reputation service (google.com), but the Host header quietly points traffic to attacker-controlled infrastructure," Praetorian said. "From the outside, the traffic looks like normal usage of a major service. But on the backend, it's routed somewhere entirely different."
• Mis-issued certificates for Cloudflare's 1.1.1.1 DNS service — Cloudflare revealed that unauthorized certificates were issued by Fina CA for 1.1.1.1, one of the IP addresses used by its public DNS resolver service. "From February 2024 to August 2025, Fina CA issued 12 certificates for 1.1.1.1 without our permission," the web infrastructure company said. "We have no evidence that bad actors took advantage of this error. To impersonate Cloudflare's public DNS resolver 1.1.1.1, an attacker would not only require an unauthorized certificate and its corresponding private key, but attacked users would also need to trust the Fina CA."
• New Attack to Compromise Web Browsing AI Agents — A novel attack demonstrated by JFrog shows that website cloaking techniques can be weaponized to poison autonomous web-browsing agents powered by Large Language Models (LLMs). "As these agents become more prevalent, their unique and often homogenous digital fingerprints – comprising browser attributes, automation framework signatures, and network characteristics – create a new, distinguishable class of web traffic. The attack exploits this fingerprintability," security researcher Shaked Zychlinski said. "A malicious website can identify an incoming request as originating from an AI agent and dynamically serve a different, "cloaked" version of its content. While human users see a benign webpage, the agent is presented with a visually identical page embedded with hidden, malicious instructions, such as indirect prompt injections. This mechanism allows adversaries to hijack agent behavior, leading to data exfiltration, malware execution, or misinformation propagation, all while remaining completely invisible to human users and conventional security crawlers."
• Exploit Tool Invocation Prompt to Hijack LLM-Based Agentic Systems — Tool Invocation Prompt (TIP) serves as a critical component in LLM systems, determining how LLM-based agentic systems invoke various external tools and interpret feedback from the execution of these tools. However, new research has disclosed that tools like Cursor and Claude Code are susceptible to remote code execution or denial-of-service (DoS) by injecting malicious prompts or code into tool descriptions. The finding comes as Forescout noted that LLMs are falling short in performing vulnerability discovery and exploitation development tasks.

🎥 Cybersecurity Webinars

• Beyond the Hype: Practical AI Workflows for Cybersecurity Teams — AI is transforming cybersecurity workflows, but the best results come from blending human oversight with automation. In this webinar, Thomas Kinsella of Tines shows how to pinpoint where AI truly adds value, avoid over-engineering, and build secure, auditable processes that scale.
• Halloween Special: Real Breach Stories and the Fix to End Password Horrors — Passwords are still a prime target for attackers—and a constant pain for IT teams. Weak or reused credentials, frequent helpdesk resets, and outdated policies expose organizations to costly breaches and reputational damage. In this Halloween-themed webinar from The Hacker News and Specops Software, you'll see real breach stories, discover why traditional password policies fail, and watch a live demo on blocking compromised credentials in real time—so you can end password nightmares without adding user friction.

🔧 Cybersecurity Tools

• Malifiscan – Modern software supply chains rely on public and internal package repositories, but malicious uploads increasingly slip through trusted channels. Malifiscan helps teams detect and block these threats by cross-referencing external vulnerability feeds like OSV against their own registries and artifact repositories. It integrates with JFrog Artifactory, supports 10+ ecosystems, and automates exclusion pattern creation to prevent compromised dependencies from being downloaded or deployed.
• AuditKit – This new tool helps teams verify cloud compliance across AWS and Azure without manual guesswork. Designed for SOC2, PCI-DSS, and CMMC frameworks, it automates control checks, highlights critical audit gaps, and generates auditor-ready evidence guides. Ideal for security and compliance teams preparing for formal assessments, AuditKit bridges the gap between technical scans and the documentation auditors actually need.

Disclaimer: These tools are for educational and research use only. They haven't been fully security-tested and could pose risks if used incorrectly. Review the code before trying them, test only in safe environments, and follow all ethical, legal, and organizational rules.

🔒 Tip of the Week

Quick Windows Hardening with Open-Source Tools — Most Windows attacks succeed not because of zero-days, but because of weak defaults — open ports, old protocols, reused admin passwords, or missing patches. Attackers exploit what's already there. A few small, smart changes can block most threats before they start.

Harden your Windows systems using free, trusted open-source tools that cover audit, configuration, and monitoring. You don't need enterprise tools to raise your defense baseline — just a few solid steps.

Quick Actions (Under 30 Minutes):

• Run Hardentools — disable unsafe defaults instantly.
• Use CIS-CAT Lite — identify missing patches, open RDP, or weak policies.
• Check Local Admins — remove unused accounts, deploy LAPS for password rotation.
• Turn On Logging — enable PowerShell, Windows Defender, and Audit Policy logs.
• Run WinAudit — export a report and compare it weekly for unauthorized changes.
• Scan with Wazuh or OpenVAS — look for outdated software or exposed services.

Key Risks to Watch:

🔑 Reused or shared admin passwords

🌐 Open RDP/SMB without firewall or NLA

⚙️ Old PowerShell versions without logging

🧩 Users running with local admin rights

🪟 Missing Defender Attack Surface Reduction (ASR) rules

📦 Unpatched or unsigned software from third-party repos

These simple, repeatable checks close 80% of the attack surface exploited in ransomware and credential theft campaigns. They cost nothing, take minutes, and build muscle memory for good cyber hygiene.

Conclusion

Thanks for reading this week's recap. Keep learning, stay curious, and don't wait for the next alert to take action. A few smart moves today can save you a lot of cleanup tomorrow.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

________________________________________________________________________________________________________________________________
Original Article Published at The Hackers News
________________________________________________________________________________________________________________________________