• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact

October 2025 - ExploreSec Cybersecurity Threat Intelligence Newsletter

October 10, 2025

This is a newsletter I create and share with my internal security team. Feel free to grab and do the same.

Targeted Prompt Injection in GitHub Copilot via Issue-Based Backdoors 

An emerging threat model highlights how malicious actors can hijack GitHub’s Copilot Agent via crafted GitHub issues. Attackers submit issues to public repositories with instructions that appear helpful—but contain hidden prompt injections. If a developer assigns Copilot to address the issue, the injected prompt can coerce the AI into adding a backdoor into the code, which may then be approved and merged blindly. 

Key Insights 

  • GitHub issues become the attack surface: An innocuous-looking issue carries a hidden instruction that taints the resulting code generated by Copilot. 

  • Trusted automation, exploited: The exploit leverages developer reliance on AI-generated contributions, making backdoors stealthy and high-impact. 

  • Amplified by scale: As more teams adopt AI-assisted coding, similar prompt injection attacks could spread across the ecosystem. 

  • Defensive alert: Manual review and validation of AI-generated changes is essential to prevent these subtle but dangerous backdoors. 

Further Reading: Trail of Bits – Prompt Injection Engineering for Attackers: Exploiting GitHub Copilot 

 

 

Stealth Prompt Injection via Image Scaling in AI Systems 

Researchers at Trail of Bits have demonstrated a novel technique for covertly injecting prompts into AI systems via carefully crafted images. By exploiting how platforms like Gemini CLI, Vertex AI Studio, Google Assistant, and others downscale images before processing, attackers embed hidden instructions that are imperceptible to users but fully executed by the model—leading to serious outcomes such as unauthorized data exfiltration. 

Key Insights 

  • Invisible threat vector: Images concealed malicious instructions that only appear once scaled down, silently compromising AI agents. 

  • Widespread impact: The technique works across multiple AI systems—including both UI and API interfaces—making it a widespread concern. 

  • Attack fingerprinting required: Each system's unique downscaling algorithm (nearest neighbor, bilinear, bicubic, etc.) necessitates reverse-engineering to craft effective injections. 

  • Defensive best practices: Systems should avoid automatic downscaling and ensure users see exactly what the model processes; prevent tool-triggering content embedded in image data. 

Further Reading: Trail of Bits – Weaponizing Image Scaling Against Production AI Systems 

 

 

Phishing via Video Invites Deploying ScreenConnect RMM Tool 

A widespread phishing campaign is abusing trusted workplace tools like Zoom and Microsoft Teams invites to deliver ConnectWise ScreenConnect—a legitimate remote access tool turned into a malware deployment vector. Attackers impersonate real meeting notifications, often using compromised accounts, and craft AI-generated phishing pages to trick users into installing the tool under the guise of joining a meeting. 

 

Key Insights 

  • This tactic subverts user trust by leveraging familiar communication channels to bypass typical phishing filters. 

  • The campaign has targeted over 900 organizations globally, spanning education, religious institutions, healthcare, finance, retail, legal, and manufacturing sectors across the U.S., U.K., Canada, and Australia. 

  • Attack workflows employ sophisticated delivery methods such as AI-generated landing pages, obfuscated URLs via domain wrapping, and trusted hosting platforms to evade detection. 

  • ScreenConnect, once installed, gives attackers administrator-level access, enabling lateral movement, credential harvesting, and further internal phishing. 

  • The attack is supported by a growing criminal marketplace offering pre-packaged “ScreenConnect attack kits,” complete with stealth features and persistence capabilities. 

 

Further Reading: Abnormal AI – ScreenConnect Abuse Phishing Campaign 

 

 

HexStrike-AI: AI Orchestration Transforms Zero-Day Exploitation 

Check Point Research reveals HexStrike-AI, a sophisticated AI-driven offensive framework that connects LLMs (like GPT and Claude) to over 150 security tools, orchestrating vulnerability discovery and exploitation via an abstracted control layer. This AI “brain” automates complex cyberattacks, collapsing exploit development timelines from days or weeks to under ten minutes—dramatically shrinking the window for defenders. 

Key Insights 

  • Automated offensive orchestration: HexStrike-AI enables AI agents to autonomously plan, execute, and adapt multi-stage attack chains—from scanning to exploit delivery to persistence—in real time. 

  • Immediate weaponization: Threat actors began applying it within hours of a Citrix NetScaler vulnerability disclosure (CVE-2025-7775–7776, 8424), achieving unauthenticated remote code execution and deploying webshells. 

  • AI-driven resilience and adaptation: With retry logic and dynamic decision-making, the system adapts to failures automatically—heightening effectiveness and lowering the expertise barrier. 

  • Defensive paradigm shift required: Static rules and traditional patch cycles are obsolete. To stay ahead, organizations must adopt adaptive detection, AI-enhanced threat intelligence, continuous patch automation, and assume compromise by design. 

Further Reading: Check Point – HexStrike-AI: When LLMs Meet Zero-Day Exploitation 

 

 

Talos Q2 2025: Valid Credentials Remain the Cybercriminals’ Favorite Entry Point 

Cisco Talos’ Q2 2025 findings reveal that phishing continues as the top method for initial access—despite a 40% drop from Q1—often executed using compromised internal or trusted partner email accounts. Credential theft remains central, with attackers exploiting both valid authentications and MFA weaknesses. Ransomware remains prevalent, with new activity from Qilin and Medusa variants. Disturbingly, outdated tools like PowerShell v1.0 are still in use, especially in ransomware deployments. Education is now the most targeted sector, and more than 40% of incidents involved some MFA misconfiguration or bypass. 

Key Insights 

  • Phishing remained dominant for initial access, powered largely by trusted internal or partner emails. 

  • Qilin and Medusa ransomware emerged as new threats, continuing a deepening focus on credential theft. 

  • Around 33% of ransomware cases used legacy tools such as PowerShell v1.0, highlighting alarming security gaps. 

  • The education sector experienced the highest targeting intensity across industries. 

  • More than 40% of cases involved MFA issues—misconfiguration, absence, or bypass—emphasizing the need to validate MFA's effectiveness. 

Further Reading: Cisco Talos – Legitimate Credentials Remain a Prime Target for Cybercriminals 

 

 

Stealerium & Phantom Infostealers: Resurgence of Open-Source Malware 

Proofpoint researchers have observed a significant uptick in the use of Stealerium, an open-source infostealer once positioned as educational, now increasingly weaponized in live campaigns. Multiple variants—including Phantom Stealer and Warp Stealer—share substantial code overlap, making detection more challenging. Notably, threat actors such as TA2715 and TA2536 leveraged Stealerium in mid-2025, targeting industries like hospitality, education, and finance with varied delivery methods, including compressed executables and VBS attachments. 

Key Insights 

  • Open-source at-scale abuse: Stealerium’s freely available code is providing threat actors a shortcut to build custom, stealthy infostealers. 

  • Broad delivery tactics: Campaigns use lures such as “Payment Due,” “Court Summons,” and travel-related themes, delivered via JS, ISO, IMG, and VBS file formats. 

  • Extensive and evasive exfiltration options: Capable of stealing browser credentials, credit cards, crypto wallets, chat logs, and exfiltrating via multiple services including SMTP, Discord, and Telegram. 

  • Anti-analysis sophistication: Includes sleep timers, GPU and user-blocklists, sandbox detection, and self-destruction when analysis environments are detected. 

Further Reading: Proofpoint – Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers 

 

 

“Data Is the New Diamond” – Hackers Intensify Data Heists from SaaS Platforms 

Recent findings by Unit 42 show that cybercriminals are increasingly focusing on the theft of customer and corporate data—not just for resale, but for extortion—especially from platforms like Salesforce. Groups such as UNC6395, Bling Libra, and others are exploiting misconfigurations, social engineering, and weak third-party app controls. Retail and hospitality sectors are under particular pressure, as actors shift away from noisy compromises toward stealthier supply chain attacks and data theft extortion. 

Key Insights 

  • The Salesloft Drift supply chain attack has been linked to UNC6395, and is showing deep reconnaissance efforts and new data exfiltration of Salesforce objects like Accounts, Contacts, Cases, and Opportunities. 

  • Threat actors are using Telegram channels to boast about stolen data and extortion efforts—some even discussing a new Ransom-as-a-Service (RaaS) tool they say can encrypt at speeds of ~1 GB/s. 

  • Social engineering and procedural gaps (rather than zero-day software bugs) are being exploited heavily—particularly via uninstalled connected apps, weak oversight of third-party integrations, and user access controls. 

  • Retaliatory moves from defenders include Salesforce limiting end users’ ability to use uninstalled connected applications, raising the cost of attacker access. 

Further Reading: Unit 42 – Data Is the New Diamond: Latest Moves by Hackers and Defenders 

 

 

FileFix Campaign Goes Live: Steganography, Obfuscation, and StealC Infostealer 

Acronis Threat Research Unit has uncovered a sophisticated FileFix campaign operating in the wild. Unlike earlier proof-of-concept versions, this one uses advanced techniques including steganography, layered payloads, and global targeting to deliver StealC infostealer. 

Key Insights 

  • A FileFix attack that tricks victims via a phishing site posing as Meta support, urging them to view an “incident report.” Victims are prompted to paste what appears to be a file path—but this action triggers a malicious PowerShell command. 

  • Steganographic payloads: A JPG image hosts both a second-stage PowerShell script and encrypted executables, downloaded by the victim and extracted for execution—making detection harder. 

  • The attack chain is multistage with heavy obfuscation: fragmented PowerShell commands, Base64 encoding, encrypted URLs, stealthy loaders, and sandbox/VM detection. 

  • Final payload, StealC, aims at browser credentials, messaging apps, crypto wallets, and cloud service secrets. 

  • Global reach with multilingual phishing pages and evolving variants over recent weeks, indicating rapid adaptation and expansion of the attack infrastructure. 

Further Reading: Acronis → FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography 

 

 

Four Phishing Lures Deliver RMM Tools (Red Canary & Zscaler) 

Red Canary and Zscaler research identifies campaigns using four primary social-engineering lures—fake browser updates, meeting invites, party invites, and fake government forms—to trick victims into downloading legitimate-looking Remote Monitoring & Management (RMM) installers (ITarian, PDQ, SimpleHelp, Atera, ScreenConnect). Adversaries leverage these tools’ legitimacy to establish stealthy persistence, sideload malicious DLLs, deploy infostealers, and maintain long-term access while evading many automated detections. 

Key Insights 

  • Four repeatable lures (browser update, meeting invite, party invite, government form) reliably drive RMM installs. 

  • Attackers sometimes chain two RMMs quickly to ensure multiple persistent access routes. 

  • Malicious chains use signed or otherwise legitimate installers that sideload trojanized DLLs and launch additional loaders/infostealers. 

  • Infection flows often include iframe overlays, device-aware redirects, and JS that fingerprints and tracks victims for campaign optimization. 

  • Telegram and similar services are abused for C2 and exfiltration, and infrastructure frequently rotates to avoid static IOCs. 

  • Detection opportunities exist (e.g., unusual RmmService.exe child processes, unexpected MSI installs, and suspicious process paths) but require behavioral analytics and threat hunting to catch reliably. 

Further Reading: Red Canary – You’re invited: Four phishing lures in campaigns dropping RMM tools 

 

 

AdaptixC2: New Open-Source Post-Exploitation Framework Observed in the Wild 

Unit 42 observed AdaptixC2 — an open-source post-exploitation / adversary-emulation framework — being used in real attacks in mid-2025. The toolkit offers modular C2, multiple transport profiles, plugin/BOF support, and configurable OpSec options, making it simple for operators to customize persistence, tunneling, and data exfiltration. 

Key Insights 

  • Versatile post-exploitation features: supports EXE/DLL/service/shellcode agents, file transfer, SOCKS proxying, and beaconing. 

  • Modular & evasive design: plugin/extender architecture, BOF support, encrypted embedded configs, and anti-analysis hooks enable tailored evasion. 

  • Multiple communications profiles: operators can switch between HTTP, SMB (named pipes), and raw TCP to bypass monitoring. 

  • Real-world use: deployed via social-engineering and code-assisted delivery vectors to establish persistent access. 

  • Defender advantage: predictable, extractable config blocks (encrypted but parseable) enable reliable indicator extraction for hunting and blocklisting. 

Further Reading: Unit 42 – AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks 

 

 

EDR-Freeze: User-Mode Abuse of Windows Error Reporting to Suspend EDR 

A new proof-of-concept called EDR-Freeze demonstrates an attacker can suspend endpoint security processes from user mode by abusing Windows Error Reporting (WER). The technique uses WerFaultSecure and the MiniDumpWriteDump API to trigger a dump operation that suspends a target process’s threads — then suspends the dumper itself so the target never resumes, leaving the security agent in a persistent “coma.” A public tool and PoC have been published and successfully tested against Windows Defender on Windows 11 24H2. 

Key Insights 

  • User-mode attack surface: Leverages legitimate WER components (WerFaultSecure + MiniDumpWriteDump) — no vulnerable kernel driver required. 

  • Race condition weaponization: The attacker triggers a dump of the security process, then suspends the dumper to prevent resumption, leaving the EDR/AV suspended indefinitely. 

  • Proof-of-concept available: A public tool/PoC was released and tested, demonstrating real-world impact on Windows Defender. 

  • Stealth & practicality: Because it uses built-in OS components and PPL processes, the technique is stealthy and harder for traditional protections to spot. 

  • Detection opportunities: Monitoring for unexpected WER/dump activity targeting security processes or anomalous WerFaultSecure actions can surface misuse. 

  • Platform hardening needed: OS vendors could restrict or validate WER invocations for sensitive PIDs, limit allowed parameters, or add stricter controls around WerFaultSecure to close this abuse path. 

Further Reading: Bleeping Computer – New EDR-Freeze tool uses Windows WER to suspend security software 

 

 

CISA Issues Emergency Directive After Google Chrome 0-Day Exploited In the Wild 

CISA has issued an Emergency Directive (2025-06) mandating U.S. federal agencies immediately mitigate a critical zero-day vulnerability in Google Chrome (CVE-2025-XXXX). The flaw is actively exploited in the wild via malicious Microsoft Word documents embedding HTML/WSH payloads. When opened, these documents silently launch a loader in the background that abuses Chrome’s internal APIs to fetch and execute remote shellcode. Evidence ties campaign infrastructure to a known China-based threat cluster (UNCX), suggesting espionage motives. 

Key Insights 

  • The exploit abuses Chrome internal APIs to download and run shellcode, bypassing typical browser exploit mitigation. 

  • Attackers embed payloads in Word files, making delivery via email or documents deceptively trivial. 

  • Infrastructure analysis shows overlap with previously known threat actors, indicating this is not a “novel actor.” 

  • CISA’s emergency directive underscores that governments consider this a severe threat to national infrastructure. 

  • Organizations should prioritize Chrome patching, scanning for artifact indicators (malicious Word macros, shadow loader activity), and monitoring post-exploit shellcode behavior. 

Further Reading: CyberSecurityNews – CISA greenlights emergency directive after Google Chrome 0-day exploits 

 

 

AI vs AI: Detecting an AI-Obfuscated Phishing Campaign 

Microsoft Threat Intelligence analyzed a credential-phishing campaign that used AI-generated, heavily obfuscated JavaScript hidden inside an SVG to evade detection. Attackers disguised malicious logic as business-style visuals; the payload reconstructed commands at runtime. Defender disrupted the campaign by correlating behavioral signals, message context, and infrastructure indicators rather than relying on surface content alone. 

Key Insights 

  • Attackers used AI to generate obfuscated code embedded in an innocuous file type (SVG) that appeared as business dashboard visuals. 

  • Obfuscation relied on decoy elements and reconstructed logic that only executed at runtime. 

  • Patterns typical of AI-generated artifacts (e.g., overly verbose identifiers, unnatural structure) can themselves be detection signals. 

  • Effective detection required behavioral and infrastructure signals beyond static content inspection. 

Further Reading: Microsoft – AI vs AI: Detecting an AI-obfuscated phishing campaign 

 

 

Higher-Ed Account Compromise via Duo MFA Exploited in OTP Interception Scheme 

Abnormal AI reports a recent campaign targeting higher-education institutions where attackers compromised master user email accounts (e.g., Office 365 Global Admins) and used them to control Duo MFA flows. The adversary abused Duo’s “Remembered Device” bypass and session reset features to intercept one-time passcodes (OTPs), effectively taking over accounts without direct credential access. 

Key Insights 

  • Attackers first gained access to an administrator-level email account, then leveraged it to reset or manipulate MFA settings. 

  • Duo’s “Remembered Device” paths and session recovery logic were abused to bypass OTP challenges. 

  • Once access is established, adversaries can escalate privileges, disable security controls, and move laterally across SaaS. 

  • This technique underscores critical weaknesses in MFA workflows when combined with email compromise. 

Further Reading: Abnormal AI – Higher Ed: Duo OTP Theft & Account Compromise 

 

 

MatrixPDF Turns PDFs into Phishing & Malware Delivery Tools 

Varonis Threat Labs has documented a new attack toolkit, MatrixPDF, that weaponizes otherwise benign PDF files by adding malicious overlays, clickable prompts, and embedded JavaScript. The result: emails with PDF attachments easily pass through email filters and render seemingly innocuous in Gmail’s preview — but hidden actions trigger credential harvesting or malware deployment once interacted with. 

Key Insights 

  • The attacker starts with a legitimate PDF and uses the MatrixPDF builder to inject malicious payload URLs, overlays, or fake “unlock document” prompts. 

  • In Gmail preview mode, the PDF looks normal but displays blurred content and a prompt (“Open Secure Document”), enticing users to click. The click launches a redirect to the attacker’s hosted payload. 

  • Because the PDF itself contains no binary payload (only scripts or annotations referencing external resources), many scan engines miss the malicious behavior entirely. 

  • For desktop PDF viewers that support JavaScript, MatrixPDF can embed active scripts that execute on open or when certain prompts are clicked. 

  • The toolkit supports appearance tweaks — custom icons, corporate logos, button styling — to increase believability and lower suspicion. 

Further Reading: Varonis – MatrixPDF Puts Gmail Users at Risk with Malicious PDF Attachments 

 

In News Tags Newsletter, threat intelligence
← October 2025 - ExploreSec Cybersecurity Awareness NewsletterSeptember 2025 - ExploreSec Cybersecurity Threat Intelligence Newsletter →

Latest PoDCASTS

Featured
Dec 2, 2025
Exploring the Next Frontier of IAM: Shared Signals and Data Analytics
Dec 2, 2025
Dec 2, 2025
Nov 25, 2025
How to Close the Cybersecurity Skills Gap with a Student Powered SOC
Nov 25, 2025
Nov 25, 2025
Nov 18, 2025
What is the 2025 State of the API Report From Postman?
Nov 18, 2025
Nov 18, 2025
Nov 11, 2025
How AI Will Transform Society and Affect the Cybersecurity Field
Nov 11, 2025
Nov 11, 2025
Nov 4, 2025
[RERELEASE] How Macs get Malware
Nov 4, 2025
Nov 4, 2025
Oct 28, 2025
[RERELEASE] Why communication in infosec is important - Part 2
Oct 28, 2025
Oct 28, 2025
Oct 21, 2025
[RERELEASE] Why communication in infosec is important
Oct 21, 2025
Oct 21, 2025
Oct 14, 2025
Exploring AI, APIs, and the Social Engineering of LLMs
Oct 14, 2025
Oct 14, 2025
Oct 7, 2025
How to Prepare a Presentation for a Cybersecurity Conference
Oct 7, 2025
Oct 7, 2025
Sep 23, 2025
Exploring the Rogue AI Agent Threat with Sam Chehab
Sep 23, 2025
Sep 23, 2025

Powered by Squarespace