Cybersecurity News Worth Your Attention This Week – 2025-10-06

This week we have an announcement from 3 ransomware groups that they are now a cartel. Good for them, working together to level up their performance I guess?

Also, a reason to talk to your payroll people, they are being directly targeted in a new campaign.

And yes, another week and new ways AI coding assistants are exploited …

P.S. If you get value out of this summary, make sure to subscribe to it via e-mail (scroll to the end) or we also publish it on our LinkedIn every Monday.

1. ClayRat Android Spyware Self-Propagates via SMS and Telegram

A new Android spyware campaign called ClayRat has spread rapidly beyond its Russian origin by tricking users into sideloading fake TikTok, YouTube and Google Photos apps via phishing sites and Telegram channels. Once granted SMS-handler privileges, it steals messages, call logs, contacts and front-camera photos, then blasts malicious links to every contact to turn each victim into a distribution hub. 

Key Details

• Zimperium: Over 600 ClayRat samples and 50 dropper variants in three months.
• Delivered via phishing websites posing as popular apps and via Telegram “update” channels.
• Abuses Android’s default SMS handler role to bypass permission prompts and intercept/send texts.
• Exfiltrates SMS, contacts, call logs, notifications and can take front-camera photos.

Next Steps

• Block all APK sideloading via Android Enterprise policies.
• Deploy mobile threat defense integrated with MDM for real-time detection.
• Educate users to avoid installing apps from unverified links or channels.

Read more at CSO Online

2. California Requires One-Click Browser Opt-Out for Personal Data Sales

California’s governor has signed a law mandating that web browsers provide a clear, one-button mechanism for residents to opt out of third-party sales of their personal data under the CCPA. The measure shifts compliance effort from individual site visits to browser settings, reducing user friction and raising expectations for data-tracking controls. 

Key Details

• The new requirement implements CCPA opt-out “signal” via an easy-to-find browser toggle.
• It’s the first U.S. law forcing universal browser-level data-sale opt-outs; similar mobile OS bill was vetoed last year.
• Companion laws now require social platforms to delete all user data on account cancellation and expand data broker registration disclosures.
• AB 566 is scheduled to enter into force 1 Jan. 2027 and authorizes the California Privacy Protection Agency “to adopt regulations as necessary to implement and administer those provisions.”

Read more at The Record, IAPP

3. High-DPI Computer Mice Can Secretly Record Nearby Conversations

Researchers at UC Irvine demonstrate “Mic-E-Mouse,” a side-channel attack that uses high-resolution optical mouse sensors to detect desk vibrations from speech and reconstruct private conversations without elevated privileges. Although accuracy falls under real-world noise and hardware constraints, the proof-of-concept highlights a new eavesdropping risk for security-conscious environments. 

Key Details

• Attack leverages mice with ≥20,000 DPI and high polling rates (kHz range).
• Depending on the environment, accuracy today is around 40%-60%
• Vibrations travel through desks ≤3 cm thick; mouse must remain mostly stationary.
• Signal enhancement via Wiener filtering and neural networks boosts intelligibility.
• No kernel-level privileges required but additional application needs to be installed. Browsers don’t report such high frequency data even if the mouse supports it.

Next Steps

• Place rubber pads or mouse mats under high-DPI mice.

Read more at CSO Online, arXiv

4. Google DeepMind Debuts CodeMender AI Agent for Automated Vulnerability Patching

Google DeepMind’s new CodeMender AI agent has automatically discovered and fixed 72 security flaws in open-source projects, some exceeding 4.5 million lines, by combining Gemini Deep Think reasoning with advanced static and dynamic analysis. It both reacts to newly found bugs and proactively hardens existing code (for example, adding –fbounds-safety to libwebp to neutralize CVE-2023-4863), significantly reducing developer effort, while human researchers still vet every patch to maintain quality.

Key Details

• Utilizes static analysis, fuzzing, SMT solvers, differential testing and an LLM-based critique tool to verify fixes.
• Submitted patches have already been upstreamed to several critical open-source libraries.
• Employs multi-agent workflows to isolate, debug and validate root causes without introducing regressions.
• Proactive annotations in libwebp would have rendered the zero-click iOS exploit (CVE-2023-4863) unexploitable.
• The tool is not yet available publicly
• DeepMind is starting pilots with maintainers of critical open-source libraries.

Read more at CSO Online, Google Deepmind

5. Microsoft Warns of ‘Payroll Pirate’ Attacks Hijacking HR SaaS Accounts to Divert Salaries

A financially motivated group dubbed Storm-2657 is using adversary-in-the-middle phishing to steal MFA codes, take over HR SaaS accounts like Workday, and redirect employee salary payments to attacker-controlled banks. Microsoft observed compromises at U.S. universities exploiting missing phishing-resistant MFA and hiding alert emails via inbox rules. Security teams should treat any system storing payroll or bank data as a high-risk target.

Key Details

• Since March 2025, 11 accounts at three U.S. universities were hijacked and used to send phishing to ~6,000 addresses across 25 institutions.
• Attackers leveraged AitM phishing links to capture credentials and one-time MFA codes for Exchange Online and SSO into Workday.
• Inbox rules were auto-created to delete Workday notification emails, concealing unauthorized “Manage Payment Elections” changes.
• Persistent access achieved by enrolling attacker phone numbers as MFA devices in victim profiles.

Next Steps

• Deploy phishing-resistant MFA (e.g., FIDO2 security keys).
• Audit HR SaaS accounts for unknown MFA devices and inbox rules.
• Enforce manual approval for payroll and bank-account changes.

Read more at Microsoft Security Blog, The Hacker News

6. China-Based Storm-2603 Abuses Velociraptor DFIR Tool in Multi-Ransomware Campaign

Cisco Talos researchers discovered that the China-based group Storm-2603 deployed an outdated Velociraptor agent (v0.73.4.0) with a known privilege-escalation flaw (CVE-2025-6264) to maintain stealthy persistence and orchestrate Warlock, LockBit, and Babuk ransomware against VMware ESXi hosts and Windows servers. 

Key Details

• Attack first spotted August 2025 during a multi-vector ransomware response by Cisco Talos.
• Storm-2603 used Velociraptor to launch commands post-isolation, disable Defender via GPO changes, and drop three ransomware strains.
• Overlap in TTPs: SharePoint exploitation, scheduled tasks, cmd.exe misuse, supports moderate-confidence attribution to Storm-2603.
• Previous abuse of Velociraptor noted by Sophos CTU in August, including VS Code tunneling for C2 communications.

Next Steps

• Inventory all Velociraptor agents and confirm upgrade to ≥ v0.73.5.
• Audit endpoint logs for unexpected “velociraptor.exe” services and scheduled tasks.
• Implement application allowlisting to block unauthorized Velociraptor binaries.

Read more at CSO Online

7. Prompt Injection Flaw in GitHub Copilot Chat Leaks AWS Keys from Private Repositories

Security researchers uncovered a prompt injection vulnerability in GitHub Copilot Chat that used hidden comments in pull requests to trick the AI into leaking AWS keys and other secrets from private repos. 
The exploit chained a Content Security Policy bypass through GitHub’s own image proxy (Camo) with remote prompt injection to exfiltrate data one character at a time. 
GitHub has since patched the issue by disabling image rendering in Copilot Chat.

Key Details

• Attackers hide malicious prompts in Markdown comments within pull request descriptions, which Copilot still processes.
• Exfiltration leveraged pre-generated signed Camo URLs for every letter to load invisible 1×1 images, revealing secrets by request order.
• Vulnerability rated 9.6 CVSS; fixed in August by disabling all external image rendering in Copilot Chat.
• Technique could also expose private tickets or issue content containing vulnerability disclosures.

Next Steps

• Audit AI-assistant features for external resource rendering.
• Scan pull requests for hidden Markdown comments before analysis.
• Consider restricting Copilot Chat access to sensitive or private repositories.

Read more at CSO Online

8. Crime groups LockBit, DragonForce and Qilin Form Ransomware Cartel to Coordinate Attacks

Three leading RaaS groups—LockBit, DragonForce and Qilin announced a cartel to share resources, techniques and market intelligence as law enforcement disrupts major operations. 

Key Details

• DragonForce proposed the coalition on dark web forums following LockBit’s LockBit 5.0 release
• Cartel rules prohibit infighting and aim to “dictate market conditions” for affiliates
• LockBit now authorizes attacks on nuclear, thermal and hydroelectric power plants

Read more at CSO Online

9. 1Password Launches Secure Agentic Autofill to Protect AI Browser Agent Credentials

1Password teamed with Browserbase to introduce Secure Agentic Autofill, enabling AI browser agents to authenticate without exposing plaintext credentials. The feature uses end-to-end encryption, human approval prompts, and just-in-time credential injection to plug authentication blind spots as enterprises adopt agentic browsers. 

Key Details

• Agents often store unencrypted credentials in session storage or cookies
• Human-in-the-loop approval via 1Password extension before credential release
• Just-in-time delivery injects passwords and TOTP codes at runtime
• Detailed audit logs track when and how agents use credentials

Read more at 1Password, Dark Reading, SiliconANGLE

10. OpenAI Disrupts Chinese State-Linked Hackers Using ChatGPT for Malware and Phishing

OpenAI has banned dozens of ChatGPT accounts tied to Chinese government-affiliated hackers who leveraged the models to refine malware tooling and generate multilingual phishing campaigns. Since February 2024, the company has shut down over 40 networks abusing its AI, highlighting that these actors use ChatGPT to speed up existing operations, such as debugging GOVERSHELL-style code and crafting targeted lures, rather than inventing new attack methods.

Key Details

• The “Cyber Operation Phish and Scripts” cluster used ChatGPT for code snippets linked to GOVERSHELL and HealthKick malware.
• Phishing templates were generated in Chinese, English and Japanese, targeting Taiwan’s semiconductor industry, U.S. academia and PRC critics.
• Additional banned users drafted proposals for a “High-Risk Uyghur-Related Inflow Warning Model” and social-media monitoring tools for extremist content.
• OpenAI shared indicators of compromise with partners and continues investing in detection and disruption efforts.

Read more at Cybersecurity News, OpenAI October 2025 Report

11. Discord Third-Party Breach Exposes Up to 70,000 ID Photos, Hackers Claim 2.1M

Discord confirms a breach at its Zendesk customer-support vendor exposed up to 70,000 government ID photos and related user data, while extortionists claim they stole 1.5 TB, including 2.1 million ID images. Attackers compromised a support-agent account for 58 hours, highlighting the supply-chain risk of outsourced customer service. Discord has revoked vendor access, launched a forensic investigation, notified affected users, and refused to pay the ransom.

Key Details

• Breach occurred Sept 20 – 22 via compromised BPO agent on Zendesk.
• Exposed data: names, emails, IPs, support chats, partial billing and ID photos.
• Hackers (Scattered Lapsus$ Hunters) demand ransom; Discord disputes 2.1M ID figure.
• Discord engaged a forensics firm, law enforcement, and ended partnership with the vendor.

Read more at Cybersecurity News

12. SonicWall Confirms All MySonicWall Cloud Backup Users Impacted by Data Breach

SonicWall has confirmed that threat actors accessed firewall configuration backup files for every customer using its MySonicWall cloud backup feature. Although these files remain AES-256 encrypted, they include detailed network and credential settings that raise the risk of targeted attacks, so administrators must review the portal’s device list, prioritize internet-exposed firewalls, and apply SonicWall’s remediation playbook immediately.

Key Details

• An unauthorized party used a brute-force attack on the MySonicWall cloud backup API to steal .EXP files.
• Exposed files contain AES-256-encrypted credentials plus configuration data (users, DNS, certificates, policies).

Next Steps

• Log into MySonicWall and open Product Management → Issue List.
• Prioritize remediation of Active – High Priority (internet-facing) firewalls.
• Follow the SonicWall playbook to reset all credentials and update affected keys.

Read more at CSO Online, SonicWall, Arctic Wolf

Subscribe

Subscribe to receive weekly cybersecurity news summary to your inbox every Monday.