Top of the list of prominent cyber threats are malware and phishing. In some cases, the latter can lead to the installation of the former. Now, with Artificial Intelligence in the mix, it gets increasingly scary, to say the least. Yes, AI is here to help; there is no doubt about that. However, history has always taught us that humans can, and will always use legitimate tools for malicious purposes.
While reading the previous paragraph, I believe you already have an idea of the articles that we're about to review. If not, you're about to find out. Also, don't be surprised if you find an article that's not implicitly called out above. It's because we talk about it almost every week. Can you guess?
How to Backdoor Large Language Models
It's an interesting research and one that you must read. It might change the way you view LLMs but I don't think you'll stop using them anytime soon.
There is no excerpt for this one. Have fun reading.
What is device code phishing, and why are Russian spies so successful at it?
On most occasions, I avoid articles that have the names of countries in their title. This time, I decided to ignore that rule because I found the article interesting to read.
Here is why:
The threat actors masquerade as trusted, high-ranking officials and initiate conversations with a targeted user on a messenger app such as Signal.
After building a rapport, the attackers ask the user to join a Microsoft Teams meeting, give access to applications and data as an external Microsoft 365 user
When the target visits the link with a browser authorized to access the Microsoft 365 account and enters the code, the attacker device gains access that will last as long as the authentication tokens remain valid.
Microsoft warns that the powerful XCSSET macOS malware is back with new tricks
You might think that it's an exaggeration when malware is dubbed powerful. In most cases, it's not. It just tells you how destructive or malicious that malware is.
Here is why:
The malware first came to light in 2020, when security firm Trend Micro said it had targeted app developers after spreading through a publicly available project the attacker wrote for Xcode, a developer tool Apple makes freely available. The malware gained immediate attention because it exploited what, at the time, were two zero-day vulnerabilities
New FrigidStealer macOS Malware Distributed as Fake Browser Update
When I advise my readers to always update their web browsers from official sources or via the browser's built-in update mechanism, this article is one of the reasons. The excerpt below contains information about the threat actor and how they are pulling off the attack.
Distributed by a financially motivated cybercriminal group tracked as TA2727 since the end of January, FrigidStealer is targeting macOS users outside of North America who visit the compromised website, Proofpoint says.
A script injected into the website redirects the visitors to a fake update page where they are prompted to click a fake update button, which leads to the download of a DMG file that the user is encouraged to mount.
How Hackers Manipulate Agentic AI With Prompt Engineering
The article contains some attack methods that you have probably not heard of. I mean steganographic prompting or prompt probing. These are words that you're likely to find in an academic research paper. However, AI is bubbling right now, making this article a necessity to write and for you and me to read.
Here is why:
...there are numerous other prompt engineering methods that attackers can leverage to exploit or manipulate agentic AI systems. And just like any other application, AI needs to be subject to red teaming to expose any risks and vulnerabilities.
Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
There is a patch available in the latest version of the affected applications. Now, can you guess the vulnerability? .... It's a lack of input validation. I know you might think, well, how did they miss that? Guess what? Humans can and will always make mistakes. We ain't perfect and that is what makes us special!
From the article:
The first of the critical-severity flaws in the library, tracked as CVE-2024-53900, could allow an attacker to exploit the $where value to potentially achieve RCE on Node.js. The second issue, tracked as CVE-2025-23061, is a bypass for CVE-2024-53900’s patch.
Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3
When the barrier to causing havoc becomes increasingly easy, it gives birth to rookie but effective cybercriminals. That's the case of this PhaaS (Phishing as a Service). Who in the world would do this? I mean code an application that can indirectly be used to defraud people? Why in the whole wide world will somebody do this? Why!
Anyway, here is an excerpt from the article:
Darcula v3 goes a step further by offering a way to convert the stolen credit card details into a virtual image of the victim's card that can be scanned and added to a digital wallet for illicit purposes. Specifically, the cards are loaded onto burner phones and sold to other criminals.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)