Daily Security Briefing #168

Daily Security Briefing #168

Table of Contents

September 17, 2025 | Read Online

Phishing Kit Hosted on Legitimate Cloud and CDN Platforms Targeting Microsoft and Google Users, UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day, AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks

Executive Summary

Today’s cybersecurity landscape is marked by a shift in threat tactics. A growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms has been observed, targeting enterprise users specifically. This creates serious visibility challenges for security teams as trusted platforms and valid indicators shield malicious activity from detection. Additionally, the exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines by UNC6201 highlights the ongoing threat posed by sophisticated nation-state actors. Furthermore, researchers have disclosed that AI assistants can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection.

Top Articles

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Mandiant and Google Threat Intelligence Group have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769. Analysis revealed that UNC6201 has exploited this flaw since at least mid-2024 to move laterally within environments.

CLOUD_GOOGLE

Building the Future of Cloud Security: Rapid7 Recognized as a Contender in Cloud Native Application Protection, Q1 2026

Rapid7 has been recognized in The Forrester Wave™: Cloud Native Application Protection Solutions (CNAPP), Q1 2026. This acknowledgment highlights the company’s strategic evolution and continued drive to help security teams shift from reactive defense to proactive, preemptive response.

RAPID7

Side-Channel Attacks Against LLMs

Researchers have described different side-channel attacks against large language models. The attacks exploit data-dependent timing characteristics, allowing attackers to infer sensitive information about the model’s internal workings.

SCHNEIER

Check Point Named Leader in GigaOm Radar for Cloud Network Security For 3 Years in a Row – Protects 22 Cloud Vendors

Check Point has been recognized as the leader in GigaOm Radar for Cloud Network Security for three years in a row. The company’s solution protects 22 cloud vendors, providing comprehensive security for businesses deploying workloads across multiple clouds.

CHECKPOINT

Cybersecurity Excellence Awards Reveal Nomination Shift from AI Hype to Governance Execution

The Cybersecurity Excellence Awards have revealed a shift in vendor emphasis from broad AI positioning toward governance frameworks, identity architecture, and measurable accountability. This trend highlights the growing importance of effective security governance.

CYS

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

CredShields has contributed to the OWASP Smart Contract Top 10 2026, a risk prioritization framework developed from structured analysis of real-world exploit data observed across blockchain ecosystems in 2025.

GBHACKERS

Video Training Final Price Increase

The price for Jason’s online OSINT video training has been increased due to the growth of the content, which now includes over 120 hours of high-quality video and a 1,000-page training guide.

INTEL TECHNIQUES

Phishing Kit Hosted on Legitimate Cloud and CDN Platforms Targeting Microsoft and Google Users

ANY.RUN has observed a growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms, targeting enterprise users specifically.

CYPRESS PRESS

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster

A webinar will explore how modern SOC teams use AI and context to investigate cloud breaches faster. The discussion will cover the challenges of cloud forensics and the importance of using AI to speed up investigations.

THE HACKER NEWS

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Researchers have disclosed that artificial intelligence (AI) assistants can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection.

THE HACKER NEWS

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks

Researchers have demonstrated that AI assistants can be turned into stealthy command-and-control (C2) relays. This technique could allow attackers to blend into legitimate enterprise communications and evade detection.

CHECKPOINT

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.

Tags :
Share :
comments powered by Disqus

Related Posts

Daily Security Briefing #160

Daily Security Briefing #160

February 9, 2026 | Read Online Critical RCE Vulnerability, UNC1069 Targets Cryptocurrency Sector, AI-Driven Threats Evolving & More…

Read More
Daily Security Briefing #165

Daily Security Briefing #165

February 14, 2026 | Read Online Phishing, AI-Powered Malware Analysis, macOS Malware and more…

Read More
Daily Security Briefing #167

Daily Security Briefing #167

February 16, 2026 | Read Online Search ad phishing, Critical WordPress plugins, Evolving Android malware and more…

Read More