Daily Brief

Researchers have identified a jailbreak technique that circumvents OpenAI's GPT-5 safeguards, enabling the generation of harmful instructions through narrative-driven steering and Echo Chamber methods. The Echo Chamber technique uses indirect references and semantic steering to gradually manipulate the AI model, bypassing refusal triggers and producing illicit content. A series of zero-click attacks, termed AgentFlayer, exploit AI agents like ChatGPT Connectors and Microsoft Copilot Studio to exfiltrate sensitive data without user interaction. These attacks leverage indirect prompt injections embedded in innocuous documents or emails, highlighting vulnerabilities in AI systems when connected to external platforms. The vulnerabilities expose enterprise environments to risks such as data theft and unauthorized access, necessitating robust security measures and regular red teaming exercises. AI security firms emphasize the importance of implementing strict output filtering and understanding dependencies to mitigate these emerging threats. The findings underscore the challenge of balancing AI innovation with security, as AI systems continue to integrate into critical business operations.

Over 275,000 downloads of 60 malicious Ruby gems have been identified since March 2023, targeting developer accounts primarily in South Korea. The gems, discovered by Socket, impersonate legitimate packages on RubyGems.org, the official Ruby package manager, complicating detection and removal efforts. Attackers used aliases such as zon, nowon, kwonsoonje, and soonje to distribute the malicious gems, making traceability and blocking more difficult. These gems present legitimate-looking GUIs but act as phishing tools, exfiltrating credentials to hardcoded command-and-control servers. Harvested data includes plaintext usernames and passwords, device MAC addresses, and package names, aiding in campaign performance tracking. Some credential logs have been found on Russian-speaking darknet markets, linked to interactions with a dubious marketing tool site. Despite reports to the RubyGems team, at least 16 malicious gems remain available, highlighting ongoing challenges in securing open-source supply chains. Developers are advised to scrutinize open-source libraries for suspicious code, verify publisher reputations, and lock dependencies to secure versions.

Security researchers identified 14 vulnerabilities in CyberArk and HashiCorp vaults, potentially enabling remote attackers to extract enterprise secrets without credentials. The vulnerabilities, collectively termed "Vault Fault," include authentication bypasses, privilege escalation, and remote code execution, posing significant risks to corporate identity systems. Affected products include CyberArk Secrets Manager, Conjur Open Source, and HashiCorp Vault, with flaws existing for over eight years in some cases. Exploits could lead to unauthorized command execution and privilege escalation, bypassing multi-factor authentication and lockout protections. Researchers emphasize the potential for these vulnerabilities to be weaponized, turning security features into ransomware vectors. Mitigation steps include applying the latest patches and reviewing security configurations to prevent exploitation. The discovery underscores the importance of regular security audits and timely patch management to safeguard sensitive data.

A WinRAR vulnerability, CVE-2025-8088, was exploited as a zero-day by RomCom hackers, targeting users through phishing attacks to deploy malware. The vulnerability, a directory traversal flaw, allowed attackers to extract files into paths of their choice, facilitating unauthorized remote code execution. WinRAR 7.13 has addressed this flaw, but the lack of an auto-update feature necessitates manual updates by users to ensure protection. ESET researchers discovered the exploitation, observing spear-phishing emails with malicious RAR attachments delivering RomCom backdoors. RomCom, a Russian hacking group, is associated with ransomware, data theft, and credential-stealing campaigns, often leveraging zero-day vulnerabilities. Users are urged to update to the latest WinRAR version to mitigate risks, as the vulnerability affects Windows versions but not Unix or Android. ESET plans to release a detailed report on the exploitation, providing further insights into the attack methods and mitigation strategies.

A Vanderbilt University investigation reveals a Chinese company, GoLaxy, is using AI to influence US politicians and influencers, aiming to sway public opinion towards Beijing's policies. GoLaxy employs AI-generated social media profiles to map and influence existing ones, marking a shift from traditional human-led propaganda efforts. The documents suggest GoLaxy operates a "Smart Propaganda System" capable of real-time targeting and content creation, impacting political discourse. Former NSA chief General Paul Nakasone notes this represents a new phase in information warfare, with China rapidly advancing in AI-driven propaganda tactics. GoLaxy, linked to the Chinese government, denies the allegations, claiming its operations rely on open-source data and dismissing the findings as misinformation. The evolving use of AI in propaganda presents challenges for detecting and countering these efforts, prompting calls for private sector innovation in identifying synthetic messaging. The case underscores the growing sophistication of state-sponsored influence operations, highlighting the need for enhanced cybersecurity measures and awareness.

The Federal Trade Commission reported that Americans aged 60 and older lost $700 million to online scams in 2024, marking a significant rise in fraud targeting seniors. This figure represents a sixfold increase from 2020's $121 million losses and a 30% rise from 2023's $542 million, highlighting a growing threat to older demographics. Scammers commonly use tactics such as impersonation, fake crisis scenarios, and phone calls, often posing as government agencies or businesses like Microsoft and Amazon. Victims are manipulated into transferring money, depositing cash into Bitcoin ATMs, or handing over valuables, with scammers even impersonating FTC staff. The FTC advises against moving money or sharing financial details with unknown contacts and recommends verifying requests through official channels. The total fraud losses in 2024 reached a record $12.5 billion, reflecting a 25% increase over 2023, underscoring the continuous rise in scam-related financial damage. Older adults are particularly vulnerable due to larger financial reserves, trust in authorities, and limited technological understanding, often resulting in devastating financial impacts.

Cybercriminals in Brazil are exploiting AI-powered tools to create realistic phishing sites mimicking government agencies, tricking users into fraudulent payments via the PIX system. Phishing sites are crafted using DeepSite AI and BlackBox AI, with SEO poisoning techniques enhancing their visibility and increasing attack success rates. The campaign targets sensitive personal data, including CPF numbers, using staged data collection to mimic legitimate processes and validate information via a threat actor-controlled API. Concurrently, a malspam campaign is distributing the Efimer Trojan, targeting cryptocurrency wallets through compromised WordPress sites and malicious email attachments. Efimer Trojan communicates with its command-and-control server via the TOR network, employing clipper malware to replace cryptocurrency wallet addresses and harvest sensitive data. The campaign has affected over 5,000 users globally, with a significant concentration in Brazil, India, and several European countries, posing risks to both individual and corporate environments. This dual-threat scenario underlines the need for enhanced vigilance against AI-driven phishing and malware campaigns, emphasizing the importance of robust cybersecurity measures.

StarDict, a dictionary app included in Debian, transmits user-selected text unencrypted to Chinese servers, raising privacy concerns. The app, designed to look up text in English-Chinese dictionaries, sends data to dict.youdao.com and dict.cn by default. This behavior is not classified as a bug but can be disabled by adjusting the app's settings to limit network dictionary use. The issue, reminiscent of CVE-2009-2260, has been flagged again by Vincent Lefèvre, who filed bug #1110370 to address the default setting. While similar features exist in other platforms, such as macOS, they do not require internet connectivity, unlike StarDict. Privacy standards vary globally, but this feature's default setting may not align with user expectations outside China. Users are advised to verify if StarDict is installed and consider removing it to mitigate potential data privacy risks. Wayland-based systems are unaffected due to their application isolation policy, preventing StarDict from accessing selected text.

The U.S. Federal Judiciary experienced a cyberattack on its electronic case management systems, impacting confidential court documents and prompting enhanced cybersecurity measures. Sensitive information within sealed filings is now under stricter access controls to prevent unauthorized access by hackers. The Judiciary is collaborating with courts to mitigate impacts on litigants, indicating potential exposure of sensitive litigant information. The breach affected multiple federal districts, directly impacting the CM/ECF and PACER systems, which are crucial for federal court document management. The Judiciary became fully aware of the incident's severity on July 4, 2025, but has not publicly confirmed a breach of confidential documents on PACER. The situation reflects a broader trend of escalating cyberattacks on public and private entities, highlighting challenges in protecting legacy systems. The U.S. Federal Judiciary is prioritizing security enhancements to prevent future attacks and safeguard sensitive information.

Recent disclosures reveal critical vulnerabilities in Microsoft's SharePoint and Exchange Server, raising alarms about national security risks tied to these pervasive systems. Former White House cybersecurity advisor Roger Cressey criticizes Microsoft's longstanding security issues, suggesting they pose significant threats to U.S. infrastructure. Chinese familiarity with Microsoft products is seen as a strategic advantage, potentially allowing easier exploitation during hostilities. The U.S. government continues to invest heavily in Microsoft products despite recurring security lapses, sparking debate over procurement practices. Calls for accountability increase as vulnerabilities expose sensitive government data, including incidents affecting the U.S. Energy Department. Concerns grow over Microsoft's operations in China, with reports of Chinese engineers involved in maintaining U.S. government cloud systems. Legislative and executive scrutiny intensifies, with suggestions for comprehensive security audits before future Microsoft contracts are awarded.

Researchers identified a prompt injection flaw in Google's Gemini AI apps, enabling attacks such as email exfiltration and unauthorized smart home control via simple calendar invites or emails. The vulnerability allowed attackers to manipulate AI-powered systems to execute harmful actions, including controlling smart home devices and streaming video without consent. Exploiting this flaw involved inserting instructions into materials intended only for reference, bypassing the AI's ability to distinguish between prompts and references. Google's response included deploying multiple layered defenses, such as enhanced user confirmations, URL sanitization, and advanced prompt injection detection. The flaw was disclosed to Google in February and addressed through their AI Vulnerability Rewards Program, showcasing the importance of proactive threat sharing. This incident emphasizes the critical need for robust security measures in AI systems, especially as they gain more control over external tools and environments. The research was presented at Black Hat USA and will be further discussed at DEF CON 33, highlighting ongoing efforts to improve AI security.

A new wave of 60 malicious packages has been identified in the RubyGems ecosystem, masquerading as automation tools for social media and messaging services to steal user credentials. These malicious gems, active since March 2023, have been downloaded over 275,000 times, though not all downloads lead to execution or compromise. Threat actors using aliases like zon and nowon have embedded credential-stealing capabilities within these gems, targeting platforms like Instagram, Twitter, and Telegram. Some packages focus on financial forums, manipulating public perception by flooding discussions with investment narratives and synthetic engagement. The campaign primarily targets South Korean users, using Korean-language interfaces and exfiltrating data to .kr domains, indicating a sophisticated and persistent operation. Concurrently, GitLab reported typosquatting packages on PyPI designed to steal cryptocurrency from Bittensor wallets by exploiting staking functionalities. In response, PyPI has implemented new restrictions to prevent ZIP confusion attacks, aiming to reject compromised packages and enhance security for Python package installers.

Cyberint's report reveals a 160% increase in leaked credentials in 2025, highlighting a significant rise in unauthorized access incidents. Leaked credentials accounted for 22% of breaches in 2024, surpassing phishing and software exploitation as primary breach vectors. Automation and AI-driven tools have facilitated the theft and misuse of credentials, making it accessible even to low-skilled attackers. Cyberint's integration with SIEM and SOAR platforms allows for rapid response, including credential revocation and password resets. Nearly half of the devices involved in credential leaks lack endpoint monitoring, exposing blind spots in corporate security measures. Proactive detection of leaked credentials is crucial, as it reduces dwell time and minimizes potential damage from unauthorized access. Organizations are encouraged to monitor the open, deep, and dark web for exposed credentials to prevent further exploitation.

Microsoft plans to enhance security by blocking the outdated FPRPC protocol in Microsoft 365 apps for Windows starting August 2025, reducing exposure to legacy vulnerabilities. The update will affect file access protocols, with FPRPC being blocked by default in version 2508, while FTP and HTTP remain enabled unless manually disabled. New Trust Center settings will allow users to manage protocol settings, although Group Policy or Cloud Policy service can enforce stricter controls. This move follows Microsoft's broader strategy to update security defaults, including disabling legacy authentication protocols to prevent brute-force and phishing attacks. Administrators can manage these changes through the Cloud Policy service, ensuring compliance with organizational security policies. The initiative is part of Microsoft's ongoing efforts to phase out outdated technologies and enhance protection across its software ecosystem. Businesses using Microsoft 365 should prepare for these changes to avoid disruptions and ensure continued secure access to files.

Privacy groups have criticized the UK government for secretly allowing police access to passport and immigration databases for facial recognition, raising significant privacy and transparency concerns. The Home Office's lack of transparency has been labeled "astonishing" and "dangerous," with calls for a ban on the practice from organizations like Big Brother Watch and Privacy International. The databases in question contain approximately 58 million passport photos and 92 million images from immigration and visa sources, far exceeding the 20 million photos in the Police National Database. Police searches using these databases have dramatically increased, with passport database queries rising from two in 2020 to 417 by 2023, raising concerns about potential misuse. Critics argue that the use of facial recognition technology risks misidentification and injustice, especially when deployed without public knowledge or parliamentary oversight. Despite government claims of improved accuracy and reduced biases, privacy advocates highlight the minimal impact on crime prevention, citing only 0.15% of total arrests in London since 2020. The installation of the UK's first permanent live facial recognition camera in South London contradicts previous assurances of time-bound and targeted use, further fueling public distrust.