Issues

Inside the Rise of AI-Powered Pharmaceutical Scams

AI-driven scams in healthcare exploit trust by impersonating real doctors to sell counterfeit medications. Scammers use deepfake technology for false endorsements, creating fake social media accounts and websites that mimic legitimate clinics. These operations pose serious health risks by promoting unapproved drugs like fake GLP-1 products. The coordinated fraudulent networks leverage shared infrastructure, making scams scalable. Consumers are urged to verify pharmacy legitimacy and be cautious of online ads. A collaborative response involving cybersecurity experts and healthcare agencies is essential to combat these threats.

https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

, ,

Google's AI “Big Sleep” found five vulnerabilities in Apple's Safari WebKit, potentially leading to crashes or memory corruption. Apple released patches in iOS 26.1, iPadOS 26.1, and other systems to address these issues. Big Sleep is part of a Google initiative for automated vulnerability discovery, having previously identified risks in other software. Keeping devices updated is recommended for optimal security.

https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

Vulnerability Report

Extreme TLDR:

October 2025 Vulnerability Report highlights critical vulnerabilities impacting major software, including Oracle and Microsoft products. Key entries include CVE-2025-61882 and CVE-2025-59287. New Known Exploited Vulnerabilities catalog entries include VMware and Adobe issues. Unpublished vulnerabilities noted include critical flaws in Chrome and 7-Zip. Contributors discussed ongoing security threats linked to recent incidents and vulnerabilities. Continuous vigilance and timely patching are emphasized.

https://www.vulnerability-lookup.org/2025/11/04/vulnerability-report-october-2025/

Violent Cybercrime Surges in Europe Amid Big Payouts

, ,

Cybercriminals in Europe are increasingly engaging in violent tactics, with 18 reported incidents in 2025, predominantly in France. This surge, termed “violence as a service,” includes high-profile cases like the kidnapping of Ledger co-founders. The UK remains the most targeted country for cybercrime, with over 2,100 attacks recorded since 2024, primarily from ransomware and data theft groups. The rise in violence is linked to organized networks that facilitate traditional cybercrime and physical theft, especially concerning cryptocurrency.

https://www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/

Databroker Files: Targeting the EU

, , ,

Mobile phone location data of millions in the EU is being sold for advertising, posing serious privacy and security risks, including potential espionage. This data can reveal sensitive patterns of movement for EU officials, despite GDPR regulations meant to protect personal information. Investigations show that data brokers can easily target political figures, with significant implications for national security amid rising geopolitical tensions. EU leaders and NATO express concern over the situation but effective protective measures remain inadequate. Comprehensive regulation to curb data trading and enhance privacy rights is urgently needed, with calls for a ban on advertising tracking.

https://netzpolitik.org/2025/databroker-files-targeting-the-eu/

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

,

Extreme TLDR: Check Point Research uncovered vulnerabilities in Microsoft Teams allowing impersonation, message manipulation, and notification spoofing by both outsiders and insiders, risking trust and security for over 320 million users. Microsoft fixed these in 2024-2025 after responsible disclosure. Effective defense requires multi-layered security, user training, and awareness of social engineering threats.

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

New Prompt Injection Papers: Agents Rule of Two and The Attacker Moves Second

Two new papers on LLM security focus on prompt injection:

  1. Agents Rule of Two proposes that agents must not exceed two of these three criteria during a session: process untrustworthy inputs, access sensitive data, or change state/communicate externally. This framework addresses risks of prompt injection effectively, highlighting the need for cautious system design.

  2. The Attacker Moves Second critiques 12 defenses against prompt injections, revealing high success rates for adaptive attacks. These sophisticated attacks outperform simple defenses, underscoring the difficulty of establishing reliable protections.

Overall, the papers emphasize the inadequacy of current prompt injection defenses and advocate for a design-focused approach to enhance security.

https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/

OAuth Device Code Phishing: Azure Vs. Google Compared

, ,

Extreme TLDR: Microsoft and Google implement OAuth 2.0’s device code flow differently, affecting phishing attack vulnerabilities. Microsoft's setup allows attackers to gain significant access via device code phishing by utilizing legitimate API flows, leading to dangerous token generation. Google's implementation limits potential damages due to restricted scopes and client ID controls, making successful exploitation challenging.

https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/

Facial Recognition: a Step Forward for Security or Danger?

Facial recognition technology has advanced significantly, improving security in sectors like law enforcement and healthcare. While it aids crime-solving and safety, concerns about privacy, racial bias, and potential misuse by authoritarian regimes persist. Critics emphasize risks such as constant surveillance and data breaches, leading to calls for regulation. Despite its benefits, the debate centers on balancing safety and privacy. Experts advocate for governance to ensure responsible use while minimizing societal risks.

https://www.meer.com/en/84857-facial-recognition-a-step-forward-for-security-or-danger

Massive Surge of NFC Relay Malware Steals Europeans’ Credit Cards

,

NFC relay malware significantly increased in Eastern Europe, with over 760 malicious Android apps identified stealing credit card data. This malware utilizes Android’s Host Card Emulation to capture payment information and perform unauthorized transactions without the card present. It first appeared in Poland and has spread to several countries. Security experts advise Android users to avoid installing risky apps, check permissions, and utilize built-in anti-malware tools.

https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/

When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems

, ,

Extreme TLDR: A new attack method, “agent session smuggling,” exploits AI agents' communication protocols (A2A) to inject harmful instructions during ongoing sessions, allowing malicious agents to manipulate and deceive victim agents. This dynamic threat leverages trust relationships and stateful interactions, making detection difficult. Mitigation strategies include human oversight, remote party verification, and context awareness. The research emphasizes the need for advanced security tools and proactive assessments to safeguard AI environments against evolving threats.

https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/

Has Anyone Actually Found Real Value in AI for Cybersecurity?

Most cybersecurity professionals find significant value in AI when it comes to streamlining repetitive tasks, such as report writing, log parsing, code review, incident triage, and policy drafting. AI is widely used as a productivity booster and workflow accelerator, not as a revolutionary technology for actual threat detection. There is skepticism about AI’s ability to detect novel attacks, with most reliable detections still relying on traditional rule-based systems. Custom AI applications for detection work in large, well-resourced organizations, but widespread breakthrough results are lacking. Overhyped vendor claims, verification challenges, and trust issues are common concerns. Overall, AI’s practical benefits in cybersecurity today primarily involve reducing manual workloads and enhancing efficiency in support tasks, rather than transforming threat detection.

https://www.reddit.com/r/cybersecurity/comments/1om1kbp/has_anyone_actually_found_real_value_in_ai_for/

New Physical Attacks Are Quickly Diluting Secure Enclave Defenses From Nvidia, AMD, and Intel

Novel physical attacks, including TEE.fail, undermine secure enclave protections from Nvidia, AMD, and Intel, allowing attackers to compromise Trusted Execution Environments (TEEs) despite system-level safeguards. These attacks, cheap and quick, exploit deterministic encryption, posing risks to encryption integrity and data confidentiality across industries reliant on TEEs. Chipmakers fail to adequately address physical attack threats, leading to misinformation and user vulnerability. Users need to recognize inherent limitations when utilizing TEE technologies, as current default protections are insufficient against physical breaches.

https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/

Keeping the Internet Fast and Secure- Introducing Merkle Tree Certificates

Cloudflare introduces Merkle Tree Certificates (MTCs) to transition to Post-Quantum (PQ) cryptography, addressing the threat of quantum computers to Internet security. Current TLS handshakes use excessive signatures and public keys, causing performance issues. MTCs aim to minimize this by allowing clients to validate certificates with reduced overhead (1 signature, 1 public key, 1 inclusion proof). An experiment to implement MTCs, in collaboration with Chrome, will test the concept while ensuring users' security through bootstrap certificates. The results are expected to improve both security and performance, keeping the Internet fast and secure amid evolving cryptographic needs.

https://blog.cloudflare.com/bootstrap-mtc/

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Spike in automated botnet attacks targeting PHP servers and IoT devices, exploiting known vulnerabilities and cloud misconfigurations. Major threats come from botnets like Mirai and Gafgyt, with PHP servers as key targets due to common CMS usage. Recommendations include updating software, removing debug tools, and securing credentials. Threat actors now leverage compromised devices for various illicit activities, including credential stuffing and DDoS attacks. Bots can easily evade security controls, suggesting a need for heightened defenses.

https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html

Scroll to Top