Daily Security Briefing #055

October 30, 2025 | Read Online

AI bioweapon arms race, critical Jenkins vulnerabilities, and surge in NFC relay malware top today’s security headlines…

Executive Summary

The cybersecurity landscape today highlights escalating risks from both emerging technologies and traditional attack vectors. The race between AI systems to create and detect engineered bioweapons uncovers new threat dimensions that blend biotechnology with cyber risks. Meanwhile, significant vulnerabilities in Jenkins automation servers demand urgent patching to protect CI/CD pipelines from authentication bypass and privilege escalation. Cloud environments face growing threats as adversaries co-opt AzureHound penetration tools for reconnaissance within Azure and Microsoft Entra ID infrastructures. Additionally, surge in NFC relay malware targeting European credit cards and ongoing nation-state intrusions into telecom providers spotlight the persistent and evolving threat from financially motivated and geopolitical actors. Public and private sectors must stay vigilant to these complex attack techniques spanning AI, cloud, and mobile ecosystems.

Top Articles

The AI-Designed Bioweapon Arms Race
Researchers reveal a troubling arms race between AI tools that design new biological toxins and those that aim to detect them before creation. Testing showed variants of ricin toxin designed by AI could evade current DNA order screening software, indicating risks of engineered pathogen threats slipping past defenses. This emerging domain underscores the fusion of AI with biosecurity challenges.
Bruce Schneier

Jenkins Flaws Expose SAML Authentication Bypass and MCP Server Plugin Weaknesses
Fourteen distinct vulnerabilities affecting Jenkins automation servers, including critical SAML authentication bypass issues and permission enforcement flaws in MCP plugins, could enable attackers to hijack sessions and escalate privileges. These widespread security gaps threaten enterprise CI/CD infrastructures and highlight the urgent need for patching to prevent unauthorized access.
GBHackers | CyberPress

Massive Surge of NFC Relay Malware Steals Europeans’ Credit Cards
Cybercriminals in Eastern Europe have exploited Near-Field Communication (NFC) relay malware embedded in over 760 malicious Android apps to steal credit card data at scale. The rapid rise of this technique poses a significant threat to mobile payment security, emphasizing the need for enhanced safeguards on mobile platforms and NFC transactions across Europe.
BleepingComputer

Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites
The Kurdish hacktivist group Hezi Rash, active since 2023, has escalated its cyber campaigns through distributed denial-of-service (DDoS) attacks targeting governments and entities considered hostile to Kurdish or Muslim interests. With growing technical capabilities, Hezi Rash represents a new ideological threat actor blending activism with aggressive offensive operations in cyberspace.
Checkpoint Blog

Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments
Attackers are increasingly exploiting AzureHound, a penetration testing tool originally designed for legitimate security assessment, to map Azure and Microsoft Entra ID environments for malicious purposes. This misuse illustrates the growing trend of repurposing authentic security utilities for reconnaissance aimed at compromising cloud infrastructure.
GBHackers | CyberPress

Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Google’s integrated AI-powered protections on Android devices have successfully blocked over 10 billion suspected scam calls and messages monthly, preventing fraudulent communications on a massive scale. Additionally, more than 100 million suspicious numbers have been barred from using Rich Communication Services (RCS), demonstrating significant advancements in mobile scam detection capabilities.
TheHackerNews

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
Multiple Russian-affiliated ransomware groups are adopting AdaptixC2, an open-source command-and-control framework designed for post-exploitation and adversarial emulation. Written partly in Golang and C++ QT, AdaptixC2 provides extensible tools that aid in sophisticated ransomware operations, underscoring the risks posed by the weaponization of freely available security testing frameworks by cybercriminals.
TheHackerNews

Major Telecom Services Provider Ribbon Breached by State Hackers
Ribbon Communications disclosed state-sponsored intrusions into its IT networks dating back to December 2024. As a major telecom services provider supporting U.S. government and global telecom clients, Ribbon’s breach raises concerns regarding espionage risks, supply chain security, and unauthorized access within critical telecommunications infrastructure.
BleepingComputer

CISA, NSA Offer Guidance to Better Protect Microsoft Exchange Servers
In an effort to bolster the defense of widely deployed Microsoft Exchange Servers, CISA and NSA have jointly issued updated security guidance that reiterates best practices previously advised by Microsoft. These recommendations aim to help organizations mitigate common vulnerabilities and reduce risks from exploitation attempts targeting this critical email infrastructure.
CyberScoop

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.