Daily Security Briefing #061

November 5, 2025 | Read Online

AI-driven malware evolution, billion-dollar blockchain exploit, critical vulnerabilities actively exploited

Executive Summary

Cyber threats involving AI have entered a new phase, with adversaries now deploying AI-enabled malware capable of dynamically altering behavior during execution. Researchers have uncovered novel AI malware like PROMPTFLUX leveraging generative models to obfuscate code hourly, while ChatGPT itself suffers from data-leak vulnerabilities. Meanwhile, blockchain security took a hit as attackers exploited a rounding error to steal over $128 million from Balancer. On the defensive front, industry leaders like Check Point continue to set benchmarks for enterprise security effectiveness. Active exploitation of critical vulnerabilities in popular cloud file-sharing platforms and Windows components underscores the urgency for patch management.

Top Articles

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools Google’s Threat Intelligence Group highlights a tactical shift where attackers move beyond using AI for productivity, now deploying AI-powered malware with self-modifying capabilities during execution. This development signals an escalating operational phase of AI abuse in cyberattacks. This report updates prior landscape analyses and illustrates the threat actors’ evolving sophistication. Google Cloud Blog

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly Google has identified a novel Visual Basic Script malware named PROMPTFLUX that interacts with the Gemini AI model API to rewrite its own code hourly, enhancing evasion and obfuscation. This exploitation of generative AI capabilities marks a significant innovation in malware design, complicating traditional detection methods. The Hacker News

How an Attacker Drained $128M from Balancer Through Rounding Error Exploitation Check Point Research documented a sophisticated attack on Balancer V2’s ComposableStablePool contracts where a rounding error in the pool’s invariant calculations was exploited. Over 30 minutes, the attacker drained $128.64 million across six blockchain networks, demonstrating the high stakes involved in smart contract precision and security. Check Point Research

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data Security researchers disclosed seven vulnerabilities in OpenAI’s GPT-4o and GPT-5 models that allow attackers to extract personal information from ChatGPT users’ chat histories without detection. These findings raise concerns about privacy and data protection in AI conversational agents and highlight the need for robust safeguards. The Hacker News

Check Point Software Achieves the Highest Security Effectiveness at 99.59% in NSS Labs Enterprise Firewall Test Check Point leads the cybersecurity industry with a 99.59% effectiveness rating in the latest NSS Labs tests, reinforcing its status as a leader in prevention-first enterprise firewall solutions. With over half of enterprise networks using AI tools, robust and AI-aware security solutions are critical to protecting against increasingly sophisticated threats. Check Point Blog

CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation The Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation targeting critical vulnerabilities (CVE-2025-11371) in Gladinet CentreStack and Triofox cloud file-sharing platforms. These flaws expose sensitive system files, requiring immediate attention from organizations using these services to mitigate risks. GBHackers

Windows Cloud Files Mini Filter Driver Flaw Actively Exploited for Privilege Escalation A critical TOCTOU vulnerability (CVE-2025-55680) in the Windows Cloud Files Mini Filter Driver is being exploited to gain unauthorized system-level access through privilege escalation. The flaw, rooted in a previously disclosed 2020 vulnerability, highlights ongoing concerns over Windows kernel security and patch application urgency. CyberPress

APT-C-60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants JPCERT/CC has issued a high-priority alert about the APT-C-60 group’s spear-phishing attacks targeting Japanese recruitment professionals. Attackers impersonate job applicants and use malicious VHDX files hosted on Google Drive to compromise HR workflows, underlining risks in sector-specific social engineering attacks. GBHackers

Cybercrime Heavyweights Combine Forces Under the Name Scattered LAPSUS$ Hunters Three prominent cybercrime groups—Scattered Spider, ShinyHunters, and LAPSUS$—have formed a federated alliance called Scattered LAPSUS$ Hunters (SLH), offering Extortion-as-a-Service. This coalition intensifies threat actor capabilities, continuing the evolution of loosely connected but highly effective cybercriminal ecosystems. CyberPress

Court Reimposes Original Sentence for Capital One Hacker A federal judge reinstated Paige Thompson’s original sentence for the 2019 Capital One breach that exposed data of over 100 million individuals. Thompson’s sentence includes time served and multiple years of supervised release, reaffirming judicial commitment to accountability in large-scale data breaches. CyberScoop

Scientists Need a Positive Vision for AI Bruce Schneier reflects on the challenges facing AI optimism amid rising authoritarianism, misinformation from AI deepfakes, and exploitative labor practices in data labeling. The article calls for the research community to develop a constructive vision that ensures AI benefits society rather than exacerbates conflicts and inequalities. Schneier on Security

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.