Cybersecurity.watch

AI Makes Phishing 4.5x More Effective, Microsoft Says

Oct 20 2025

Microsoft's report reveals AI enhances phishing emails, boosting click rates from 12% to 54% and potentially increasing profitability by 50 times. Cybercriminals exploit AI for targeted attacks, utilizing tools like voice cloning and deepfakes. Nation-state actors are also adopting AI for cyber operations. Additionally, new tactics like “ClickFix” have emerged, allowing attackers to manipulate users into executing malware. Overall, AI significantly alters phishing strategies, making attacks more efficient and harder to detect.

https://www.theregister.com/2025/10/16/ai_makes_phishing_45x_more_effective/

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

supply chain

Oct 20 2025

Over 100 VS Code extensions leaked access tokens, allowing potential distribution of malicious updates, risking over 150,000 installations. Wiz security identified 550 hard-coded secrets across more than 500 extensions, including major service providers' secrets. Users are advised to limit extensions and enforce scrutiny to mitigate risks. Additionally, a threat actor, TigerJack, published malicious extensions disguised as legitimate ones to exploit unsuspecting developers, reinforcing the vulnerabilities in extension security across platforms. Microsoft is enhancing security measures but warns of risks outside its marketplace.

https://thehackernews.com/2025/10/over-100-vs-code-extensions-exposed.html

How AI-powered Ransomware Could Destroy Your Business

ai, vulnerability

Oct 17 2025

AI-powered ransomware presents a significant threat to businesses, demonstrated by the collapse of KNP Logistics after a ransomware attack exploiting weak passwords. AI techniques like generative adversarial networks (GANs) enhance password cracking, making traditional defenses ineffective. Organizations must adopt robust security measures, including password managers, employee training, and multi-factor authentication, to mitigate these risks. The evolution of AI in cybercrime necessitates a reevaluation of security protocols to combat increasingly sophisticated attacks.

https://www.theregister.com/2025/10/16/machine_learning_meets_malware/

F5 Security Incident

incident

Oct 17 2025

F5 reported a security incident involving a nation-state threat actor accessing and exfiltrating files from their BIG-IP product development environment in August 2025. They confirmed some BIG-IP source code was taken, but no critical vulnerabilities were disclosed or exploited. F5 is updating their software, engaging cybersecurity experts, and implementing security measures. They advise customers to update systems, enhance monitoring, and utilize available resources to strengthen security. Ongoing efforts aim to improve the overall security posture and regain customer trust.

https://my.f5.com/manage/s/article/K000154696

New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds

google, vulnerability

Oct 15 2025

New Pixnapping attack on Android devices can steal 2FA codes from Google Authenticator in under 30 seconds. It exploits hardware vulnerabilities in GPUs and Android APIs without needing special permissions. The attack bypasses traditional app security, can capture sensitive data from various apps, and has both Google and Samsung addressing the issue. Users are urged to update devices and monitor app behavior to mitigate risks.

https://cybersecuritynews.com/pixnapping-attack/

CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

ai, vulnerability

Oct 14 2025

Legit recently reported a critical vulnerability in GitHub Copilot Chat that allowed exfiltration of secrets and code from private repos via remote prompt injection, leading to unauthorized access and code suggestions. GitHub has since fixed this vulnerability.

https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code

Why Signal’s Post-quantum Makeover Is an Amazing Engineering Achievement

post-quantum

Oct 14 2025

Signal Protocol has undergone a significant update to enhance its quantum resistance, crucial as quantum computing could undermine current encryption methods. The upgrade introduces a third “Sparse Post Quantum Ratchet” (SPQR), ensuring secure messaging against potential quantum attacks. This complex engineering feat maintains its robust performance while adapting to the challenges posed by larger quantum-safe keys and asynchronous messaging environments. The result is a groundbreaking achievement in cryptography, ensuring user security remains intact amid future technological threats.

https://arstechnica.com/security/2025/10/why-signals-post-quantum-makeover-is-an-amazing-engineering-achievement/

AI Models Can Acquire Backdoors From Surprisingly Few Malicious Documents

Oct 13 2025

AI models can develop backdoor vulnerabilities from just 250 malicious documents, contrary to previous belief that larger models require proportional amounts. Research shows models of varying sizes, from hundreds of millions to billions of parameters, learned the same backdoor behavior from a small number of poisoned examples. This vulnerability can facilitate actions like generating gibberish on encountering trigger phrases. While the risk is evident, successful defenses exist with adequate clean training data, indicating the need for improved security practices against targeted data poisoning attacks.

https://arstechnica.com/ai/2025/10/ai-models-can-acquire-backdoors-from-surprisingly-few-malicious-documents/

How Your AI Chatbot Can Become a Backdoor

Oct 10 2025

AI chatbots enhance business interactions but pose risks as backdoors to sensitive data. A multi-layered defense is essential for AI security, as no single protective measure suffices. Trend Micro emphasizes the importance of comprehensive protection across the AI ecosystem to mitigate risks associated with new technologies. The article explores vulnerabilities in an AI attack chain.

https://www.trendmicro.com/en_us/research/25/j/ai-chatbot-backdoor.html

Who Owns Express VPN, Nord, Surfshark? VPN Relationships Explained

vpn

Oct 9 2025

VPN ownership and relationships examined, detailing ExpressVPN (owned by Kape Technologies), NordVPN (owned by Nord Security), and Surfshark (merging with NordVPN), along with affiliate dynamics and legal issues in the VPN market.

https://windscribe.com/blog/the-vpn-relationship-map/

Too Salty to Handle: Exposing Cases of CSS Abuse for Hidden Text Salting

Oct 8 2025

Cisco Talos reports on hidden text salting in emails—using CSS to conceal irrelevant content for evasion of spam detection. The technique recently highlighted shows frequent use in spam versus legitimate messages. Four key areas where salt is inserted include the preheader, header, attachments, and body of emails. Common methods involve manipulating CSS properties like font size, visibility, and display, complicating detection efforts. Hidden text salting undermines email security solutions and requires enhanced filtering and detection strategies to mitigate risks effectively.

https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/

New Cybersecurity Survey 2025: AI, Scam Fears and Fraud Risks

payments, trends

Oct 7 2025

Mastercard is a global payments technology company offering various credit, debit, and prepaid cards with security and payment solutions. A recent survey reveals many consumers feel more insecure about online safety than home security, with significant anxiety about cyber threats and AI-generated scams. Younger generations are more susceptible to online fraud but express confidence in their threat detection abilities. Trust and security are critical for digital economies, and collaboration between human intuition and AI is essential for effective cybersecurity.

https://www.mastercard.com/global/en/news-and-trends/stories/2025/consumer-cybersecurity-survey.html

How to Detect Hidden Cameras: 8 Ways to Protect Your Privacy

privacy

Oct 6 2025

Extreme TLDR: Detect hidden cameras using visual inspections, Wi-Fi scans, smartphone IR checks, flashlight tests, RF detectors, lens finders, network searches, and sound detection. Report findings if necessary and ensure personal privacy against digital threats. Panda Security offers antivirus protection against broader cybersecurity risks.

https://www.pandasecurity.com/en/mediacenter/how-to-detect-hidden-camera/

They Traveled to Thailand. They Wound up Cyber Scam Slaves in Myanmar.

scams

Oct 6 2025

A commercial flight from Ethiopia to Bangkok leads Oly, a 39-year-old I.T. consultant, into a human trafficking scheme. Victims at scam centers in Myanmar, run by Chinese gangs, are forced into online fraud operations. Oly is misled by fake immigration officials and abducted upon arrival, eventually ending up in KK Park, a notorious scam enclave. He and others endure grueling work conditions, violence, and exploitation. Some manage to escape, but rescuers face challenges aiding victims. Despite efforts to shut down centers, thousands remain trapped in ongoing scams, with victims suffering severe mistreatment and public authorities denying involvement.

https://www.reuters.com/graphics/SOUTHEASTASIA-SCAMS/mypmxwdwwvr/

Intel and AMD Trusted Enclaves, a Foundation for Network Security, Fall to Physical Attacks

vulnerability

Oct 3 2025

Intel and AMD's Trusted Execution Enclaves (TEEs) are foundational for cloud security but are vulnerable to physical attacks, as shown by researchers who revealed two new exploits: Battering RAM and Wiretap. These attacks exploit deterministic encryption used in TEEs, allowing attackers to view or manipulate encrypted data. Battering RAM enables active decryption and manipulation, while Wiretap permits passive decryption. Both exploits highlight significant design flaws in TEE security, raising concerns as cloud services rely on these protections. Solutions would require fundamental changes to encryption methods, which are currently unclear.

https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/