Daily Security Briefing 025

Daily Security Briefing 025

Table of Contents

September 29, 2025 | Read Online

Notion AI agent exploited for data theft, TamperedChef malware targets productivity tools, Interpol disrupts African romance scams…

Executive Summary

Today’s cybersecurity landscape continues to highlight the growing risk posed by sophisticated malware exploiting trusted productivity tools and AI platforms. Notion’s new AI agent version has been identified as vulnerable to data theft via prompt injection, illustrating hazards in emerging AI integrations. Meanwhile, the TamperedChef malware campaign demonstrates evolving threat tactics leveraging digitally signed applications to bypass security defenses and siphon sensitive information. Interpol’s recent operation across 14 African nations signifies ongoing global efforts to combat large-scale romance scam and sextortion networks. Additionally, targeted spear phishing attacks continue to use specialized malware payloads such as DarkCloud, underscoring persistent risks to enterprise environments.

Top Articles

Abusing Notion’s AI Agent for Data Theft
Notion’s release of version 3.0, including AI agents, has opened an attack vector whereby prompt injection techniques allow attackers to access private data. This vulnerability stems from Notion’s system architecture combining access to private content and exposure to untrusted inputs, creating opportunities for data theft. The issue stresses the need for improved AI security safeguards in productivity platforms.
Schneier

New TamperedChef Malware Exploits Productivity Tools to Access and Exfiltrate Sensitive Data
A newly identified malware campaign called TamperedChef manipulates trojanized productivity utilities such as ImageLooker.exe and Calendaromatic.exe. These applications are digitally signed and packaged to avoid detection, enabling them to persist on target machines and exfiltrate confidential data. The campaign relies on deceptive online distribution tactics, posing significant challenges for endpoint defenses.
GBHackers | CyberPress

Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform
The Acreed infostealer, first spotted in early 2025, is now widely used for harvesting credentials and cryptocurrency data. Its distinct command-and-control communication through Steam community profiles offers enhanced operational security, making detection difficult. Acreed’s unique method sets it apart from other prominent stealers in the cybercrime ecosystem.
GBHackers

Interpol Operation Disrupts Romance Scam and Sextortion Networks in Africa
In a globally coordinated initiative, Interpol arrested 260 suspects across 14 African countries targeting romance scam and sextortion rings. The crackdown, Operation Contender 3.0, addressed syndicates responsible for nearly $2.8 million in losses affecting approximately 1,500 victims. This operation highlights sustained international efforts to dismantle large-scale fraud infrastructures.
CyberScoop

Spear Phishing Attack Uses DarkCloud Malware to Capture Keystrokes and FTP Credentials
A sophisticated spear phishing operation was unveiled on September 25, 2025, targeting a manufacturing client’s Zendesk email. The attackers employed a banking-themed lure containing a malicious ZIP file. Extraction deployed DarkCloud 3.2, an information stealer marketed for capturing keystrokes and FTP credentials, reflecting advanced threat actor tools in enterprise attacks.
CyberPress

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Cybercriminals have been observed distributing malware disguised as AI and productivity tools in a broad campaign affecting multiple regions including Europe, the Americas, and AMEA. Trend Micro’s research reveals that these deceptive tools serve as Trojan horses, enabling future targeted intrusions into global organizations.
TheHackerNews

⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
This weekly roundup addresses high-impact cybersecurity developments including a Cisco zero-day vulnerability, record-breaking DDoS attacks, new ransomware variants like LockBit 5.0, and emerging botnets such as ShadowV2. The briefing captures critical intelligence to support ongoing cyber defense efforts.
TheHackerNews

29th September – Threat Intelligence Report
Check Point Research’s latest bulletin covers major cyber incidents including a data breach affecting Stellantis, the automotive giant. The breach exposed North American customer data due to unauthorized third-party access, emphasizing continuing risks in the supply chain and third-party integrations.
CheckPoint

Can We Trust AI To Write Vulnerability Checks? Here’s What We Found
Intruder evaluated AI’s capability to assist in writing vulnerability checks, finding that while AI can accelerate some processes, it still requires significant human oversight to ensure quality and accuracy. Their research identifies strengths and limitations critical for integrating AI in security testing workflows.
BleepingComputer

Japan’s Largest Brewer Suspends Operations Due to Cyberattack
Asahi Group Holdings, Japan’s top beer producer, revealed a cyberattack that interrupted multiple operational areas. Details remain limited, but the incident underscores the growing impact of cyber threats on major industrial and consumer-facing enterprises globally.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.

Tags :
Share :
comments powered by Disqus

Related Posts

Daily Security Briefing 023

Daily Security Briefing 023

September 27, 2025 | Read Online Fake Teams malware, China-linked telecom attacks, Dutch teens spying for Russia…

Read More
Daily Security Briefing 015

Daily Security Briefing 015

September 19, 2025 | Read Online\n\nSpyware investment surges, Ivanti mobile vulnerabilities exploited, Russian hackers deploy Kazuar backdoor…\n\n—\n\n## Executive Summary\n\nToday’s cybersecurity landscape highlights increasing complexities in both state-sponsored and criminal cyber operations. The spyware market shows significant growth in U.S.-based investments, reflecting heightened interest in surveillance technology. Meanwhile, critical vulnerabilities in Ivanti Endpoint Manager Mobile have been actively exploited to deploy sophisticated malware, prompting urgent alerts from CISA. Russian hacking groups Gamaredon and Turla continue coordinated efforts against Ukrainian organizations, emphasizing persistent geopolitical cyber conflict. Additionally, significant threats have emerged targeting telecom providers, major web platforms, and the booming NFT ecosystem, underscoring the broad attack surface security teams must defend.\n\n—\n\n## Top Articles\n\nSurveying the Global Spyware Market \nThe Atlantic Council’s second annual report, “Mythical Beasts,” reveals a notable increase in U.S.-based investors participating in the global spyware market compared to last year. The detailed report dives deep into surveillance technologies, providing insights into market dynamics and emerging trends in spyware development and deployment. \nBruce Schneier\n\nCISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware \nCyber adversaries have weaponized two critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to deploy multi-component loaders designed to inject code and maintain persistence mainly on Apache Tomcat servers. CISA has issued warnings following evidence of increasingly sophisticated malware leveraging these flaws for ongoing attacks. \nGBHackers | BleepingComputer\n\nRussian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor \nGamaredon and Turla, linked to Russia’s FSB, have demonstrated unprecedented coordination in cyberattacks targeting Ukrainian entities. Their operations deploy the advanced Kazuar backdoor, allowing stealthy remote access and espionage, signifying continued geopolitical cyber tensions. \nGBHackers\n\nDon’t Get Rekt: The NFT Security Handbook That Could Save Your Digital Fortune \nThe burgeoning NFT market faces rising security risks where poor wallet permissions or malicious smart contracts can result in total asset loss. This handbook outlines common attack vectors and best practices to protect users from NFT theft and fraud. \nCheckpoint\n\nTop 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025 \nThis guide evaluates leading SOAR solutions designed to enhance security teams’ incident response capabilities by automating workflows and reducing alert fatigue, helping organizations stay ahead of growing cyber threats. \nCyberPress\n\nCritical Flaw in HubSpot Jinjava Engine Allows RCE Across Thousands of Websites \nA severe vulnerability in HubSpot’s Jinjava templating engine enables attackers to bypass sandbox controls and execute arbitrary code remotely. The flaw arises from insecure deserialization, threatening thousands of websites relying on Jinjava. Prompt remediation is critical. \nCyberPress\n\nUNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware \nIran-linked espionage group UNC1549 has compromised 34 devices across 11 European telecom companies by leveraging LinkedIn recruitment-themed lures and deploying MINIBIKE malware for reconnaissance and data theft. The campaign highlights continuing targeted threats to telecom infrastructure. \nTheHackerNews\n\nSystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers \nSystemBC malware fuels REM Proxy, an extensive network averaging 1,500 VPS daily victims spanning 80 command-and-control servers. This botnet supports a large proxy pool, including hijacked MikroTik routers and open proxies, posing serious risks to internet security. \nTheHackerNews\n\nMicrosoft starts rolling out Gaming Copilot on Windows 11 PCs \nMicrosoft has initiated the beta rollout of Gaming Copilot, an AI-powered assistant on Windows 11 aimed at providing real-time game guidance and optimization. The feature is currently available for users over 18, excluding mainland China residents. \nBleepingComputer\n\nA Conversation With Grant Lee CO-Founder & CEO At Gamma \nGrant Lee, CEO of Gamma, discusses how their AI-driven platform reshapes presentations by focusing first on storytelling rather than slides, automating visual and structural elements to enhance impact and clarity. \nOmny

Read More
Daily Security Briefing 021

Daily Security Briefing 021

September 25, 2025 | Read Online Quantum-safe cryptography, Chinese state hackers infiltrate telecoms, Cisco zero-day exploits, FIFA 2026 threat prep…

Read More