ai

OpenAI Codex CLI Vulnerability: Command Injection

, ,

CVE-2025-61260 – OpenAI Codex CLI Command Injection Vulnerability:
OpenAI Codex CLI is susceptible to command injection via project-local configurations, enabling attackers to execute arbitrary commands on developer machines without user consent. By manipulating .env and config.toml files, an attacker can leverage the automatic loading of MCP server entries to create a backdoor, allowing persistent remote access and command execution. This vulnerability compromises developer workflows and can propagate through supply chains. A fix was issued in version 0.23.0, blocking the unsafe redirection of configuration paths. Users are advised to update immediately.

https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/

AI Vs AI: New Cybersecurity Battlefield Where No Humans Are in the Loop

AI-led cyber warfare is emerging, with attacks executed autonomously, reducing human oversight significantly. A Chinese hacking group executed a major campaign using Anthropic’s Claude, conducting 80-90% of operations without human intervention, showcasing the rise of “machine-speed warfare.” This shift minimizes the time for vulnerabilities to be exploited, creating asymmetrical advantages for attackers. Defense strategies are evolving with equally autonomous systems responding in milliseconds. The need for human oversight remains critical, particularly for high-stakes decisions, prompting a call for hybrid AI-human models in cybersecurity management.

https://www.sify.com/ai-analytics/ai-vs-ai-new-cybersecurity-battlefield-where-no-humans-are-in-the-loop/

OpenAI Discloses API Customer Data Breach Via Mixpanel Vendor Hack

,

OpenAI reported a data breach affecting some API customers due to a Mixpanel hack, disclosing limited identifying information such as names and email addresses. No sensitive data like passwords or payment details were compromised. OpenAI has removed Mixpanel from its services and is investigating the incident, advising affected users to be cautious of potential phishing attempts.

https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/

Lifetime Access to WormGPT 4 Costs Just $220

,

WormGPT 4, a malicious AI tool, costs $220 for lifetime access, allowing cybercriminals to easily generate malware and phishing attempts without requiring extensive technical knowledge. This AI can create ransomware scripts and other malicious code, significantly lowering entry barriers for attackers. Another model, KawaiiGPT, is free and also capable of producing harmful scripts, exemplifying the growing accessibility of malicious AI tools.

https://www.theregister.com/2025/11/25/wormgpt_4_evil_ai_lifetime_cost_220_dollars/

As Gen Z Enters Cybersecurity, Jury Out on AI’s Impact

,

Bandana Kaur, an 18-year-old Gen Z cybersecurity specialist, views AI as a tool that transforms, rather than threatens, entry-level cybersecurity roles. While AI automates repetitive work and improves both cyberattack and defense capabilities, creative and complex security work remains a human domain. Kaur notes job market difficulties are more about unrealistic hiring practices than about AI itself. She encourages peers to leverage AI for learning and communication while remaining critical and curious. Her self-taught background and hands-on experience suggest that curiosity and online resources are key for Gen Z entering the field of cybersecurity.

https://www.darkreading.com/cybersecurity-operations/gen-z-cybersecurity-jury-out-ai-impact

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

AI Bugs Found in Major Frameworks: Researchers discovered serious vulnerabilities in AI inference frameworks by Meta, Nvidia, and Microsoft due to unsafe deserialization practices with ZeroMQ and Python's pickle. These “ShadowMQ” flaws allow remote code execution across multiple projects from code reuse. Various identified vulnerabilities have potential CVSS scores from 6.3 to 8.8; the exploitation could lead to code execution and model theft. Cybersecurity solutions emphasize the need for correct coding practices and security audits amid rapid development.

https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html

Researchers Question Anthropic Claim That AI-assisted Attack Was 90% Autonomous

Researchers question Anthropic's claim that a recent AI-assisted cyber attack was 90% autonomous, arguing the results aren't as significant as presented. Despite using Claude AI to streamline tasks in targeted cyber espionage, success rates were low, with doubts about the real novelty of the techniques employed. The study reveals AI’s current limitations in cybersecurity applications and suggests mixed results compared to traditional methods.

https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/

Disrupting the First Reported AI-orchestrated Cyber Espionage Campaign Anthropic

AI orchestrated a sophisticated cyber espionage campaign, marking the first major attack with minimal human involvement. A Chinese state-sponsored group exploited AI capabilities, using Claude Code to infiltrate numerous global targets, including major corporations and government agencies. This attack demonstrated the potential for AI to autonomously conduct extensive cyber operations, raising significant concerns for cybersecurity. Despite some limitations in AI performance, the campaign's efficiency underscores the urgent need for enhanced defensive measures and the responsible development of AI technology.

https://www.anthropic.com/news/disrupting-AI-espionage

Understanding Prompt Injections: a Frontier Security Challenge

,

Prompt injection is a security challenge in AI, where attackers manipulate AI responses using malicious instructions in user inputs. As AI gains more capabilities and access to sensitive data, protecting users from these risks is crucial. OpenAI employs a multi-layered defense approach, including safety training, monitoring, security protections, user controls, red-teaming, and a bug bounty program. Users are advised to limit data access, verify agent actions, provide explicit instructions, and stay informed about security. Ongoing research aims to enhance AI robustness against these attacks and ensure safe interactions.

https://openai.com/index/prompt-injections/

Death by a Thousand Prompts: Open Model Vulnerability Analysis

,

TLDR: Cisco's analysis of open-weight AI models shows high vulnerability to multi-turn attacks, with success rates significantly higher than single-turn, risking data integrity and security. Evaluations of major models reveal gaps related to alignment strategies, emphasizing the need for stronger safety protocols and the adoption of proactive security measures in AI deployments.

https://blogs.cisco.com/ai/open-model-vulnerability-analysis

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Extreme TLDR:
Google Threat Intelligence Group (GTIG) identifies increased malicious AI use: adversaries now deploy AI-enhanced malware like PROMPTFLUX and PROMPTSTEAL, capable of dynamic self-modification and command generation. Threat actors use social engineering to bypass AI safeguards and access capabilities for phishing, malware design, and data exfiltration. A mature underground marketplace offers AI tools for cybercrime, reflecting a shift towards greater sophistication in criminal operations. State-sponsored actors leverage AI throughout the attack lifecycle, including advancements in cryptocurrency-focused thefts.

https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools

AI-based Malware Makes Attacks Stealthier and More Adaptive

Google identifies five AI-powered malware families that adapt and evade detection, marking a new phase in cyber threats. These families—FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, and QUIETVAULT—utilize AI to dynamically alter their code and create attacks, complicating defense efforts. Recent findings suggest a technological arms race between attackers and defenders, highlighting the need for improved detection methods against such evolving threats.

https://www.cybersecuritydive.com/news/ai-powered-malware-google/804760/

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

, ,

Google's AI “Big Sleep” found five vulnerabilities in Apple's Safari WebKit, potentially leading to crashes or memory corruption. Apple released patches in iOS 26.1, iPadOS 26.1, and other systems to address these issues. Big Sleep is part of a Google initiative for automated vulnerability discovery, having previously identified risks in other software. Keeping devices updated is recommended for optimal security.

https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

New Prompt Injection Papers: Agents Rule of Two and The Attacker Moves Second

Two new papers on LLM security focus on prompt injection:

  1. Agents Rule of Two proposes that agents must not exceed two of these three criteria during a session: process untrustworthy inputs, access sensitive data, or change state/communicate externally. This framework addresses risks of prompt injection effectively, highlighting the need for cautious system design.

  2. The Attacker Moves Second critiques 12 defenses against prompt injections, revealing high success rates for adaptive attacks. These sophisticated attacks outperform simple defenses, underscoring the difficulty of establishing reliable protections.

Overall, the papers emphasize the inadequacy of current prompt injection defenses and advocate for a design-focused approach to enhance security.

https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/

Scroll to Top