Issues

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Extreme TLDR:
Google Threat Intelligence Group (GTIG) identifies increased malicious AI use: adversaries now deploy AI-enhanced malware like PROMPTFLUX and PROMPTSTEAL, capable of dynamic self-modification and command generation. Threat actors use social engineering to bypass AI safeguards and access capabilities for phishing, malware design, and data exfiltration. A mature underground marketplace offers AI tools for cybercrime, reflecting a shift towards greater sophistication in criminal operations. State-sponsored actors leverage AI throughout the attack lifecycle, including advancements in cryptocurrency-focused thefts.

https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools

AI-based Malware Makes Attacks Stealthier and More Adaptive

Google identifies five AI-powered malware families that adapt and evade detection, marking a new phase in cyber threats. These families—FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, and QUIETVAULT—utilize AI to dynamically alter their code and create attacks, complicating defense efforts. Recent findings suggest a technological arms race between attackers and defenders, highlighting the need for improved detection methods against such evolving threats.

https://www.cybersecuritydive.com/news/ai-powered-malware-google/804760/

Cops Cuff 18 Suspects Over $345M Credit Card Fraud Scheme

Eighteen people have been arrested in a global operation targeting three networks suspected of large-scale credit card fraud and money laundering. The criminals used stolen data from millions of cardholders worldwide to create fake online subscriptions for adult and streaming services, resulting in $345 million in losses. The scheme involved insiders at payment processing companies and relied on shell companies to conceal activity. Authorities coordinated across 30 countries, searched dozens of properties, and seized millions in assets. The fraudulent activity was halted in 2021, and investigations continue.

https://www.bankinfosecurity.com/cops-cuff-18-suspects-over-345m-credit-card-fraud-scheme-a-29935

Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

, ,

Tycoon 2FA Phishing Kit Overview:
Emerging in August 2023, Tycoon 2FA is a sophisticated phishing threat leveraging multi-factor authentication (MFA) bypass techniques, primarily targeting Microsoft 365 and Gmail users. With over 64,000 incidents reported in 2025, it employs a Phishing-as-a-Service platform to capture user credentials via a reverse proxy and deceptive login pages. The attack exploits various distribution methods, including PDFs, and evades detection with anti-research mechanisms and real-time MFA code capture. Enhanced security measures and user education are essential to mitigate risks associated with Tycoon 2FA.

https://gbhackers.com/tycoon-2fa-phishing/

Inside the Rise of AI-Powered Pharmaceutical Scams

AI-driven scams in healthcare exploit trust by impersonating real doctors to sell counterfeit medications. Scammers use deepfake technology for false endorsements, creating fake social media accounts and websites that mimic legitimate clinics. These operations pose serious health risks by promoting unapproved drugs like fake GLP-1 products. The coordinated fraudulent networks leverage shared infrastructure, making scams scalable. Consumers are urged to verify pharmacy legitimacy and be cautious of online ads. A collaborative response involving cybersecurity experts and healthcare agencies is essential to combat these threats.

https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

, ,

Google's AI “Big Sleep” found five vulnerabilities in Apple's Safari WebKit, potentially leading to crashes or memory corruption. Apple released patches in iOS 26.1, iPadOS 26.1, and other systems to address these issues. Big Sleep is part of a Google initiative for automated vulnerability discovery, having previously identified risks in other software. Keeping devices updated is recommended for optimal security.

https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

Vulnerability Report

Extreme TLDR:

October 2025 Vulnerability Report highlights critical vulnerabilities impacting major software, including Oracle and Microsoft products. Key entries include CVE-2025-61882 and CVE-2025-59287. New Known Exploited Vulnerabilities catalog entries include VMware and Adobe issues. Unpublished vulnerabilities noted include critical flaws in Chrome and 7-Zip. Contributors discussed ongoing security threats linked to recent incidents and vulnerabilities. Continuous vigilance and timely patching are emphasized.

https://www.vulnerability-lookup.org/2025/11/04/vulnerability-report-october-2025/

Violent Cybercrime Surges in Europe Amid Big Payouts

, ,

Cybercriminals in Europe are increasingly engaging in violent tactics, with 18 reported incidents in 2025, predominantly in France. This surge, termed “violence as a service,” includes high-profile cases like the kidnapping of Ledger co-founders. The UK remains the most targeted country for cybercrime, with over 2,100 attacks recorded since 2024, primarily from ransomware and data theft groups. The rise in violence is linked to organized networks that facilitate traditional cybercrime and physical theft, especially concerning cryptocurrency.

https://www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/

Databroker Files: Targeting the EU

, , ,

Mobile phone location data of millions in the EU is being sold for advertising, posing serious privacy and security risks, including potential espionage. This data can reveal sensitive patterns of movement for EU officials, despite GDPR regulations meant to protect personal information. Investigations show that data brokers can easily target political figures, with significant implications for national security amid rising geopolitical tensions. EU leaders and NATO express concern over the situation but effective protective measures remain inadequate. Comprehensive regulation to curb data trading and enhance privacy rights is urgently needed, with calls for a ban on advertising tracking.

https://netzpolitik.org/2025/databroker-files-targeting-the-eu/

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

,

Extreme TLDR: Check Point Research uncovered vulnerabilities in Microsoft Teams allowing impersonation, message manipulation, and notification spoofing by both outsiders and insiders, risking trust and security for over 320 million users. Microsoft fixed these in 2024-2025 after responsible disclosure. Effective defense requires multi-layered security, user training, and awareness of social engineering threats.

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

New Prompt Injection Papers: Agents Rule of Two and The Attacker Moves Second

Two new papers on LLM security focus on prompt injection:

  1. Agents Rule of Two proposes that agents must not exceed two of these three criteria during a session: process untrustworthy inputs, access sensitive data, or change state/communicate externally. This framework addresses risks of prompt injection effectively, highlighting the need for cautious system design.

  2. The Attacker Moves Second critiques 12 defenses against prompt injections, revealing high success rates for adaptive attacks. These sophisticated attacks outperform simple defenses, underscoring the difficulty of establishing reliable protections.

Overall, the papers emphasize the inadequacy of current prompt injection defenses and advocate for a design-focused approach to enhance security.

https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/

OAuth Device Code Phishing: Azure Vs. Google Compared

, ,

Extreme TLDR: Microsoft and Google implement OAuth 2.0’s device code flow differently, affecting phishing attack vulnerabilities. Microsoft's setup allows attackers to gain significant access via device code phishing by utilizing legitimate API flows, leading to dangerous token generation. Google's implementation limits potential damages due to restricted scopes and client ID controls, making successful exploitation challenging.

https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/

Facial Recognition: a Step Forward for Security or Danger?

Facial recognition technology has advanced significantly, improving security in sectors like law enforcement and healthcare. While it aids crime-solving and safety, concerns about privacy, racial bias, and potential misuse by authoritarian regimes persist. Critics emphasize risks such as constant surveillance and data breaches, leading to calls for regulation. Despite its benefits, the debate centers on balancing safety and privacy. Experts advocate for governance to ensure responsible use while minimizing societal risks.

https://www.meer.com/en/84857-facial-recognition-a-step-forward-for-security-or-danger

Massive Surge of NFC Relay Malware Steals Europeans’ Credit Cards

,

NFC relay malware significantly increased in Eastern Europe, with over 760 malicious Android apps identified stealing credit card data. This malware utilizes Android’s Host Card Emulation to capture payment information and perform unauthorized transactions without the card present. It first appeared in Poland and has spread to several countries. Security experts advise Android users to avoid installing risky apps, check permissions, and utilize built-in anti-malware tools.

https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/

When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems

, ,

Extreme TLDR: A new attack method, “agent session smuggling,” exploits AI agents' communication protocols (A2A) to inject harmful instructions during ongoing sessions, allowing malicious agents to manipulate and deceive victim agents. This dynamic threat leverages trust relationships and stateful interactions, making detection difficult. Mitigation strategies include human oversight, remote party verification, and context awareness. The research emphasizes the need for advanced security tools and proactive assessments to safeguard AI environments against evolving threats.

https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/

Scroll to Top