Intel and AMD Trusted Enclaves, a Foundation for Network Security, Fall to Physical Attacks

Intel and AMD's Trusted Execution Enclaves (TEEs) are foundational for cloud security but are vulnerable to physical attacks, as shown by researchers who revealed two new exploits: Battering RAM and Wiretap. These attacks exploit deterministic encryption used in TEEs, allowing attackers to view or manipulate encrypted data. Battering RAM enables active decryption and manipulation, while Wiretap permits passive decryption. Both exploits highlight significant design flaws in TEE security, raising concerns as cloud services rely on these protections. Solutions would require fundamental changes to encryption methods, which are currently unclear.

https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/

Abusing Notion’s AI Agent for Data Theft

Notion's AI 3.0 is vulnerable to data theft via prompt injection, exploiting its access to private data and ability to communicate externally. Attackers can hide malicious prompts in documents, instructing the AI to extract and send sensitive information. The fundamental issue is that the LLM can't distinguish between legitimate commands and harmful inputs, posing significant security risks. Deploying AI agents without considering these vulnerabilities is reckless.

https://www.schneier.com/blog/archives/2025/09/abusing-notions-ai-agent-for-data-theft.html

First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails

TLDR: Koi Security reveals a malicious npm package, postmark-mcp, that secretly copies emails to an external server. Version 1.0.16 introduced a BCC line that stealthily exfiltrates sensitive information from over 300 organizations. Trusting unknown developers with AI tools poses significant risk, especially as these tools run autonomously with full permissions. Immediate action is required to remove the compromised package and assess potential breaches.

https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft

New LockBit 5.0 Targets Windows, Linux, ESXi

LockBit 5.0 ransomware targets Windows, Linux, and ESXi systems, utilizing advanced obfuscation and anti-analysis techniques for enhanced cross-platform attacks. Key features include randomized file extensions, Russian system avoidance, and comprehensive encryption capabilities affecting entire virtual infrastructures. Significant improvements over previous versions include sophisticated payload loading methods and anti-forensics measures. Organizations need robust cross-platform defenses to mitigate risks from LockBit 5.0's evolving threat landscape.

https://www.trendmicro.com/en_us/research/25/i/lockbit-5-targets-windows-linux-esxi.html

Iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

,

TL;DR: Attackers exploit payment iframes using malicious overlays, compromising credit card data security. Traditional defenses like CSP and X-Frame-Options fail; real-time monitoring and more robust strategies are essential to protect against evolving threats. A six-step defense approach, including strict CSP, iframe monitoring, and secure postMessage handling, is recommended for effective protection.

https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html

AI Vs. AI: Detecting an AI-obfuscated Phishing Campaign

,

A blog post discusses a phishing campaign in which AI was likely used to create complex, obfuscated code, disguising it as a legitimate document. Microsoft Defender for Office 365 successfully detected and blocked this campaign through behavioral and infrastructural analysis, emphasizing the need for continuous vigilance against AI-aided threats. Recommendations for organizations include improved email settings and user education to protect against such phishing tactics.

https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/

Unmasking Akira: The Ransomware Tactics You Can’t Afford to Ignore

Zensec highlights the ransomware group Akira's tactics, focusing on their operation since 2023, impacting various UK industries. Akira employs double extortion, exploiting SSL VPN vulnerabilities for initial access, and using tools like Netscan and AnyDesk for execution. Key findings from investigations show their methods in privilege escalation, data exfiltration, and encryption processes, which often include targeting backup systems. Recommendations for organizations include ensuring multi-factor authentication on VPNs, regular software updates, and rigorous monitoring of security tools to prevent such attacks.

https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/

Large-Scale Attack Targeting Macs Via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware

, ,

TLDR: A large-scale cyberattack targets Mac users through fake GitHub pages impersonating companies, promoting the installation of an infostealer malware called Atomic. The malicious sites use SEO tactics to appear high in search results, redirecting users to download malware after entering commands. LastPass has taken down some fraudulent sites and continues to monitor the situation.

https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

One Token to Rule Them All

Dirk-jan Mollema, an infosec researcher, discusses a significant vulnerability in Microsoft's Entra ID that allows attackers to gain Global Admin access in any tenant using undocumented “Actor tokens.” This flaw arises from a defect in the Azure AD Graph API, which fails to validate originating tenants, enabling cross-tenant access with impersonation tokens. After reporting it to Microsoft, the vulnerability was swiftly fixed. The implications include potential full control over any Entra ID tenant, with minimal logging or detection capabilities, fundamentally highlighting design flaws in token management and security protocols.

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

New Attack on ChatGPT Research Agent Pilfers Secrets From Gmail Inboxes

New attack, ShadowLeak, exploits OpenAI's Deep Research agent to extract confidential Gmail data without user interaction. Utilizing prompt injection, attackers access emails and exfiltrate information to their servers, bypassing security. Despite known vulnerabilities, mitigating measures were implemented only after the attack was alerted. Users should reconsider connecting LLMs to sensitive information due to ongoing risks.

https://arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt-research-agent-pilfers-secrets-from-gmail-inboxes/

Kerberoasting

Kerberoasting is a persistent vulnerability in Microsoft’s Active Directory that exploits weak service account passwords, allowing attackers to crack them offline. Despite being a known issue for over a decade, it remains prevalent due to legacy systems and insufficient mitigation efforts by Microsoft. This flaw enables lateral movement within corporate networks and has been linked to ransomware attacks, highlighting the need for stronger security measures and abandonment of outdated cryptographic practices.

https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/

Why XSS Still Matters: MSRC’s Perspective on a 25-year-old Threat 

XSS (Cross-Site Scripting) vulnerabilities remain prevalent despite being known for 25 years, with Microsoft mitigating over 970 cases from January 2024 to mid-2025. Researchers report vulnerabilities across various Microsoft platforms, emphasizing the need for secure coding practices and proactive validation. MSRC evaluates XSS severity based on its potential impact on customer security, focusing on exploitability and data sensitivity. Future blog posts will explore defensive strategies against XSS attacks, advocating for continuous engagement with security researchers.

https://msrc.microsoft.com/blog/2025/09/why-xss-still-matters-msrcs-perspective-on-a-25-year-old-threat/

Claude Code Runs Code to Test if It Is Safe, Which Has Risks

Automated security reviews in Anthropic's Claude Code identify bugs but can create new risks by executing code during testing. While it finds some vulnerabilities effectively, it failed on more complex issues and misidentified dangerous code as safe. Researchers warn caution, suggesting AI's code review should not replace human oversight due to risks like prompt injection and naive decision-making. Recommendations include restricting production access and requiring human validation for risky AI actions.

https://www.theregister.com/2025/09/09/ai_security_review_risks/

Cyberattack on Jaguar Land Rover Threatens to Hit British Economic Growth

Cyberattack on Jaguar Land Rover (JLR) disrupts operations, threatening UK's economic growth. Experts warn that government inaction on cybersecurity regulations may lead to more severe incidents. JLR, a key exporter, faces operational delays, affecting supply chains. Intelligence agencies have previously alerted the government to rising cyber threats, but legislative action, like the Cyber Security and Resilience Bill, remains stalled. Critics emphasize urgency in improving cybersecurity to prevent strategic economic risks and call for a more proactive government approach.

https://therecord.media/cyberattack-jaguar-land-rover-economic-growth-uk-government

Hackers Hijack Npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Hackers hijacked NPM packages with over 2.6 billion weekly downloads through a phishing attack on a maintainer's account, injecting malware that intercepts cryptocurrency transactions. The malicious code alters wallet interactions, rerouting funds to attacker-controlled addresses. Attackers used spoofed emails to scare maintainers into revealing credentials. Some compromised packages include ‘chalk' and ‘debug', which were removed after detection. Despite concerns, specific conditions limit overall impact on users.

https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

Scroll to Top