Undocumented Commands Found in Bluetooth Chip Used by a Billion Devices

Espressif's ESP32 Bluetooth chip, used in over 1 billion devices, has undocumented commands that could enable attacks like device impersonation and unauthorized data access. Discovered by Spanish researchers, these commands may allow malicious actors to manipulate memory and bypass security controls, posing significant risks, especially in IoT devices. Concerns about potential exploitation are ongoing, with a specific vulnerability tracked under CVE-2025-27840.

https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/

New AI Protection From Google Cloud Tackles AI Risks, Threats, and Compliance

, ,

Google Cloud launched AI Protection, enhancing security for generative AI with capabilities to discover AI assets, secure them, and manage associated threats. It integrates with Google’s Security Command Center for comprehensive risk management and regulatory compliance. Key features include automatic inventory discovery, prompt injection prevention, and threat detection, providing a broader security platform to mitigate AI-related vulnerabilities.

https://www.securityweek.com/new-ai-protection-from-google-cloud-tackles-ai-risks-threats-and-compliance/

Badbox Is Back and a Million Android Devices Were Backdoored

,

Badbox botnet resurfaces, infecting up to a million Android devices via malware. Originating with off-brand devices, it targets cheap hardware running AOSP. The malware operates through infected apps on third-party stores, deceiving users. Human Security reports a rise in complexity and collaboration among criminals, increasing device variety and fraud tactics. Infected devices are traced globally; the botnet’s revenue comes from disguised ad fraud. Though number of infected devices has halved due to intervention, ongoing risks remain as criminals adapt their strategies.

https://www.theregister.com/2025/03/07/badbox_botnet_returns/

Malicious Chrome Extensions Can Spoof Password Managers in New Attack

Malicious Chrome extensions can now emulate legitimate ones, like password managers, to steal sensitive user data. By exploiting Chrome's ‘chrome.management' API or injecting scripts, these extensions can identify installed extensions and disguise themselves. They trick users into entering credentials via fake prompts. SquareX Labs has illustrated this threat, urging Chrome to take preventative measures, as current protections are inadequate.

https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/

Apple Takes UK to Court Over ‘backdoor’ Order

Apple is suing the UK government over a mandate to create a ‘backdoor' into iCloud for accessing encrypted data. This legal challenge is unprecedented and targets the Home Office's order under the Investigatory Powers Act, which Apple argues violates user privacy. In response, Apple disabled its Advanced Data Protection feature for UK users, compromising end-to-end encryption. Critics claim this government action threatens data privacy and allows excessive state surveillance, echoing concerns over national security and potential abuses of power.

https://www.theregister.com/2025/03/05/apple_reportedly_ipt_complaint/

YouTube Warns of AI-generated Video of Its CEO Used in Phishing Attacks

YouTube warns that scammers are using AI-generated videos of CEO Neal Mohan in phishing attacks to steal creators' credentials. These videos are sent via emails claiming changes to monetization policies, urging recipients to click links leading to credential-stealing sites. YouTube advises against clicking suspicious links and highlights that it will never communicate through private videos. Many creators have already been victimized, resulting in hijacked accounts used for scams.

https://www.bleepingcomputer.com/news/security/youtube-warns-of-ai-generated-video-of-its-ceo-used-in-phishing-attacks/

Nearly 12,000 API Keys and Passwords Found in AI Training Dataset

Nearly 12,000 API keys and passwords were discovered in the Common Crawl dataset used to train AI models, raising concerns about insecure coding practices. Researchers found 11,908 valid secrets after examining 400 terabytes of data from billions of web pages. Among these were AWS and MailChimp keys, often hardcoded into HTML and JavaScript. Vulnerabilities include potential misuse for phishing and data exfiltration. The study highlights the challenge of removing sensitive information from large datasets despite pre-processing efforts.

https://www.bleepingcomputer.com/news/security/nearly-12-000-api-keys-and-passwords-found-in-ai-training-dataset/

LatAm Orgs Face 40% More Attacks Than Global Average

Due to weaker security, political instability, and rapid tech adoption, Latin American organizations experience 40% more cyberattacks than the global average. Check Point found that Latin America faces 2,569 attacks weekly, impacting critical industries and vulnerable citizens, particularly in countries like Brazil, Mexico, and Colombia. Cybercriminals exploit these conditions, often collaborating with local cartels, while law enforcement struggles to control the surge in cybercrime.

https://www.darkreading.com/cybersecurity-analytics/latin-american-orgs-more-cyberattacks-global-average

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

Black Basta and Cactus ransomware groups are now using BackConnect malware to maintain control of compromised systems and exfiltrate sensitive data. Attackers utilize social engineering, particularly via Microsoft Teams and remote access tools, to gain initial access. They abuse legitimate software like OneDrive to sideload malicious DLLs, allowing for persistent control. The BackConnect malware shows links to QakBot and has been associated with numerous breaches, mainly in North America. Organizations should restrict remote access tools, train employees on social engineering, and implement security best practices to mitigate risks associated with such attacks.

https://www.trendmicro.com/de_de/research/25/b/black-basta-cactus-ransomware-backconnect.html

Modern Approach to Attributing Hacktivist Groups

TLDR: Check Point Research analyzes hacktivism, identifying a shift towards state-sponsored groups using hacktivist tactics for influence operations. Utilizing advanced language-based machine learning and linguistic analysis, the study aims to improve attribution methods by examining public messages from various hacktivists. This includes topic modeling to uncover key themes and stylometric analysis to identify writing styles and connections between groups. Findings show increasing complexity in hacktivism as state actors adapt grassroots approaches, complicating attribution while revealing connections to geopolitical events and potential state-sponsored agendas.

https://research.checkpoint.com/2025/modern-approach-to-attributing-hacktivist-groups/

LARVA-208

LARVA-208 is a threat actor known for sophisticated spear-phishing attacks since June 2024, utilizing smishing and vishing tactics to install RMM software on victims' machines. Their methods include creating phishing sites to harvest VPN credentials and using fake calls or messages to divert victims to malicious links. They deploy data stealers and ransomware after gaining access, having compromised over 618 organizations, often linked to LARVA-148 for domain acquisitions. LARVA-208 exemplifies advanced, targeted cyber attack strategies emphasizing social engineering and evasion of security measures, posing ongoing threats to corporate networks.

https://catalyst.prodaft.com/public/report/larva-208/overview

Troy Hunt: Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

TL;DR: Troy Hunt processed 1.5TB of “ALIEN TXTBASE” stealer logs, containing 23 billion rows, impacting 284 million email addresses and introducing 244 million new passwords to “Have I Been Pwned.” Enhanced querying APIs for domain owners and website operators now allow broader searches of stealer logs, aimed at identifying compromised credentials, while a total of 493 million email-password pairs have been analyzed.

https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/

Exposing CVEs From Black Bastas’ Chats

,

Black Basta chat logs revealed 62 unique CVEs, with 85.5% exploited and 70.9% listed in the CISA KEV catalog. They exploit known vulnerabilities in widely used enterprise technologies. Their discussions show a preference for targeting high-revenue firms in sensitive sectors and quickly discuss new CVEs post-advisory. They employ known exploits and consider developing new ones, reinforcing the need for rapid vulnerability remediation. Notably, a rejected CVE was mentioned that had evidence of exploitation.

https://vulncheck.com/blog/black-basta-chats

DeepSeek Lure Used To Spread Malware

,

DeepSeek malware campaign exploits the popularity of the DeepSeek AI chatbot, using look-alike domains to mislead users into executing malware. This includes techniques such as clipboard injection via a fake CAPTCHA page, leading to the installation of the Vidar information stealer. Key concerns raised include the increased risk of data theft and the need for organizations to enforce security measures around generative AI tools.

https://www.zscaler.com/blogs/security-research/deepseek-lure-using-captchas-spread-malware

Botnet Targets Basic Auth in Microsoft 365 Password Spray Attacks

Botnet of 130,000 devices targets Microsoft 365 via password-spray attacks on Basic Authentication, evading multi-factor authentication. Attackers use stolen credentials to exploit Basic Auth, which transmits credentials in plaintext and bypasses MFA. Security experts recommend disabling Basic Auth and strengthening access controls to mitigate risks. Possible links to Chinese threat actors have been identified.

https://www.bleepingcomputer.com/news/security/botnet-targets-basic-auth-in-microsoft-365-password-spray-attacks/

Scroll to Top