Daily Brief

SentinelLABS and Censys identified over 175,000 open-source AI hosts exposed online, creating a significant security risk due to their uniform setup. Predominantly running Llama, Qwen2, and Gemma2 models, these deployments lack diversity, making them vulnerable to widespread exploitation if a zero-day is discovered. Many instances have exposed API endpoints and lack safety guardrails, increasing the risk of unauthorized access and remote execution of operations. The lack of centralized oversight in managing these AI systems could lead to resource hijacking and identity laundering through victim infrastructure. Researchers urge treating AI deployments as critical infrastructure, emphasizing the need for authentication, monitoring, and network controls. This situation serves as a reminder of the importance of securing AI systems akin to other critical infrastructures to prevent potential exploitation. The US Treasury Department terminated contracts with Booz Allen Hamilton following a data breach involving confidential tax returns of high-profile individuals. An ex-employee, Charles Littlejohn, leaked tax information of over 400,000 citizens, including Donald Trump and Elon Musk, between 2018 and 2020. Booz Allen Hamilton previously held 31 contracts with the Treasury worth $4.8 million annually, now deemed unfit for handling sensitive taxpayer data. The breach highlights the critical need for robust data protection measures and the severe consequences of failing to safeguard sensitive information. This incident stresses the importance of implementing stringent data security protocols and monitoring to prevent unauthorized data access and leaks. A simulated cyberattack on South Korean public systems revealed vulnerabilities, with all seven tested systems breached successfully. Breaches exposed sensitive data, including resident registration numbers and unencrypted critical information, within minutes. The Board of Audit and Inspection conducted the tests, but specific system details remain undisclosed to prevent further exploitation. Remedial actions have been implemented, but the security status of the remaining 116 systems remains uncertain. The exercise underscores the urgent need for comprehensive cybersecurity measures across government systems to protect sensitive citizen data. Labyrinth Chollima, a North Korean cyber threat group, has evolved into three entities: Golden Chollima, Pressure Chollima, and the original group. Golden Chollima targets cryptocurrency and fintech firms in developed regions, focusing on small-value thefts. Pressure Chollima is involved in high-profile heists, becoming one of North Korea's most technically advanced cyber adversaries. The original Labyrinth Chollima now focuses on malware-driven espionage targeting defense and manufacturing sectors. Organizations in cryptocurrency, fintech, defense, and logistics sectors should remain vigilant against DPRK social engineering and trojanized software threats.

A threat actor is targeting exposed MongoDB instances, demanding ransoms of approximately $500 in Bitcoin to restore compromised data. Around 1,400 servers have been compromised due to misconfigurations allowing unauthorized access; some databases are deleted without ransom demands. Flare's research identified over 208,500 publicly exposed MongoDB servers, with 3,100 accessible without authentication, highlighting significant security lapses. Nearly half of these unsecured servers had already been compromised, with ransom notes left by attackers demanding payment within 48 hours. The analysis revealed five distinct Bitcoin wallet addresses used in the attacks, with one address appearing in 98% of cases, suggesting a single threat actor. Many exposed servers run outdated MongoDB versions, vulnerable to denial-of-service attacks, although not susceptible to remote code execution. Flare recommends restricting public exposure of MongoDB instances, enforcing strong authentication, and updating to the latest software versions to mitigate risks.

Apple has launched a "Limit Precise Location" feature on certain iPhone and iPad models, restricting cellular networks to only approximate location data. This feature is available with iOS 26.3 or later and applies to specific devices, including iPhone Air and iPad Pro (M5) Wi-Fi + Cellular models. The feature does not affect location data shared with apps or emergency responders, maintaining full functionality for critical services. Users can activate this setting through the device's cellular data options, with some models requiring a restart to finalize the change. Supported carriers include Telekom in Germany, EE and BT in the UK, Boost Mobile in the US, and AIS and True in Thailand. The move follows significant fines imposed by the FCC on major U.S. carriers for privacy violations, totaling nearly $200 million. Apple's initiative represents a significant step in enhancing user privacy by limiting data collection by cellular networks.

An AI security startup experienced a deepfake scam when a candidate used a fake video to apply for a security researcher position. The CEO, Jason Rebholz, noted the growing trend of fake IT workers, including deepfakes, targeting companies of all sizes. Initial red flags included an anime-style profile picture and a resume hosted on a cloud platform, raising suspicions. During the interview, the candidate's video appeared artificial, with telltale signs of deepfake technology such as a blurry face and virtual background. Post-interview analysis with deepfake detection technology confirmed the CEO's suspicions, highlighting the sophistication of such scams. The incident underscores the need for robust verification processes, including mandatory video checks and potential on-site work requirements for new hires. This type of fraud has significant financial implications, with potential data theft and extortion risks if such individuals infiltrate companies. Executives are advised to trust their instincts and implement both high-tech and low-tech solutions to mitigate the risk of hiring fraudulent candidates.

Linwei Ding, a former Google engineer, was convicted for stealing over 2,000 pages of AI supercomputer data and sharing it with Chinese tech firms. The stolen data included proprietary information on Google’s AI infrastructure, TPU and GPU technologies, and orchestration software. Ding was affiliated with two Chinese technology companies and aimed to help China achieve international computing infrastructure capabilities. Evidence revealed Ding's involvement in a Shanghai government-sponsored talent program, intending to bolster China's technological growth. Ding's actions were linked to aiding entities controlled by the Chinese government, focusing on AI supercomputer development and custom machine learning chips. Convicted on 14 counts of economic espionage and trade secret theft, Ding faces potential sentences of 10-15 years per count. This case underscores the ongoing risks of insider threats and the importance of rigorous internal security measures and employee monitoring.

A widespread scam campaign is sending fake cloud storage renewal emails, threatening users with data loss due to alleged payment failures. The phishing emails use randomly generated domains and personalized subject lines to appear legitimate and create urgency. Links within the emails direct users to phishing sites mimicking cloud service portals, falsely claiming storage issues. Victims are redirected to affiliate marketing pages promoting unrelated products, aiming to collect credit card details. The scam exploits users' fears of losing data, prompting unnecessary purchases of unrelated services. Legitimate cloud providers do not send billing issue notifications leading to third-party products; users should verify concerns via official channels. Users are advised to delete such emails and avoid clicking links or making purchases through these fraudulent messages.

Mandiant reports ShinyHunters are executing data-theft attacks using vishing and company-branded phishing sites to steal SSO credentials and MFA codes. Attackers impersonate IT staff, directing employees to phishing sites mimicking company login portals, capturing sensitive authentication details. Once credentials are obtained, attackers access SaaS platforms like Salesforce, Microsoft 365, and Google Drive, leveraging the SSO dashboard as a data access hub. ShinyHunters have launched a data-leak site, releasing stolen data, and claim responsibility for these attacks alongside other threat actors. Mandiant identifies multiple threat clusters, including UNC6661 and UNC6671, employing similar tactics but differing in extortion methods. Attackers use commercial VPNs and residential proxies to obscure their activities, complicating attribution and response efforts. Mandiant advises organizations to strengthen identity workflows, improve logging, and implement detection measures to counter these vishing attacks.

Security researcher Jatin Banga discovered a flaw in Instagram's private profiles, allowing unauthorized access to private photos through embedded links in server responses. The issue affected approximately 28% of tested private profiles, revealing a significant privacy concern for users who rely on Instagram's privacy settings. The vulnerability was linked to Instagram's backend failing to check authorization before delivering responses, rather than a CDN caching issue as initially suggested by Meta. Meta addressed the flaw shortly after Banga's report, yet classified it as "not applicable," arguing the issue was unreproducible, despite the exploit ceasing to function post-report. Banga's disclosure process extended beyond the standard 90-day window, emphasizing transparency over reward, yet Meta's response lacked acknowledgment of the root cause. The incident raises questions about Meta's vulnerability management and response practices, highlighting the importance of thorough root cause analysis in cybersecurity. This case underscores the need for robust authorization checks and continuous monitoring to prevent similar data leaks in the future.

A security researcher identified a flaw in Instagram's private profiles, revealing unauthorized access to private photos through server responses. The issue involved private photo links embedded in HTML responses, accessible to unauthenticated users on certain mobile devices. Meta addressed the vulnerability after the researcher's report, but later deemed it "not applicable," citing irreproducibility. The researcher disputed Meta's classification, attributing the issue to a server-side authorization failure rather than CDN caching. Despite Meta's closure of the case, the exploit ceased to function, though the root cause remains unconfirmed. The incident raises concerns about Meta's vulnerability handling and transparency, as the flaw's potential exploitation duration is unknown. The researcher's public disclosure aimed to ensure transparency, foregoing any potential bounty for the reported vulnerability.

HarfangLab identified a cyber campaign, RedKitten, linked to Iranian interests, targeting NGOs and activists documenting human rights abuses amid Iran's recent unrest. The campaign leverages GitHub, Google Drive, and Telegram for malware configuration, payload retrieval, and command-and-control operations, complicating traditional tracking efforts. Attack vectors include macro-laced Excel files in 7-Zip archives, exploiting emotional distress by purporting to contain information on missing protesters. The malware, SloppyMIO, employs steganography to retrieve configurations and supports multiple modules for executing commands and exfiltrating data. Evidence suggests the use of large language models to generate VBA code, indicating advanced tooling orchestration by the threat actors. The campaign's infrastructure choices expose operational security challenges, despite hindering conventional tracking methods. Recent phishing activities linked to Iranian actors target WhatsApp and Gmail credentials, affecting diverse individuals, including academics and officials. These developments follow a significant leak of information on the Iranian hacking group Charming Kitten, revealing operational details and personnel.

Mandiant has detected ShinyHunters using voice phishing to capture SSO credentials and MFA codes, targeting SaaS platforms for data theft and extortion. The group employs fake credential harvesting sites mimicking legitimate companies, aiming to access sensitive data and internal communications. Mandiant tracks these activities under clusters UNC6661, UNC6671, and UNC6240, noting potential evolution in tactics or mimicry of past strategies. The threat actors are expanding their target range across cloud platforms, seeking more sensitive data for extortion purposes. Recent tactics include harassment of victim personnel, indicating an escalation in extortion methods. Google advises adopting phishing-resistant MFA solutions, such as FIDO2 security keys, to counteract social engineering threats. The incidents underscore the effectiveness of social engineering rather than exploiting security vulnerabilities in vendor products.

CERT Polska reported coordinated cyber attacks on over 30 wind and solar farms, a manufacturing company, and a major heat and power plant in Poland. The attacks, attributed to the Russian-linked group Static Tundra, aimed to disrupt operations but failed to impact electricity production or heat supply. Attackers accessed internal networks of energy facilities, deploying wiper malware, damaging firmware, and deleting system files; however, wiper detonation attempts were unsuccessful. The manufacturing sector attack exploited a vulnerable Fortinet device, with attackers using PowerShell-based LazyWiper malware to irreversibly overwrite files. DynoWiper malware variants were deployed on energy facility systems, lacking persistence mechanisms or command-and-control capabilities, indicating a focus on immediate disruption. The attackers gained unauthorized access using static accounts without two-factor authentication, employing Tor nodes and compromised IP addresses for obfuscation. The incidents underscore the importance of securing critical infrastructure against state-sponsored cyber threats and implementing robust authentication measures.

Ivanti has addressed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product, identified as CVE-2026-1281 and CVE-2026-1340, both allowing unauthenticated remote code execution. These vulnerabilities carry a CVSS score of 9.8, indicating severe risk, with threat actors actively exploiting them in the wild, prompting urgent patching actions. The vulnerabilities do not affect other Ivanti products, including cloud solutions, limiting the scope of potential impact to EPMM users. Exploitation can lead to unauthorized access, lateral movement within networks, and potential exposure of sensitive data, including personal and device information. Ivanti advises organizations to monitor Apache access logs for suspicious activity and to restore from backups if compromise is detected, as cleaning systems may not be effective. Security experts emphasize the need for rapid response and infrastructure review, especially for high-value industries utilizing EPMM, to mitigate ongoing risks. Organizations are urged to apply available patches immediately and consider comprehensive incident response measures to address potential breaches.

TRM Labs reported a 145% increase in illegal cryptocurrency flows in 2025, totaling $158 billion, reversing a previous three-year decline. Despite the increase in volume, the share of illicit activity in total on-chain volume slightly decreased from 1.3% in 2024 to 1.2% in 2025. Hacks, scams, and ransomware were primary contributors, with $2.87 billion lost in 150 hacking incidents, including a major $1.46 billion breach at Bybit by North Korean hackers. Scam activities reached $35 billion, dominated by investment scams, with AI tools enhancing the sophistication and reach of these fraudulent schemes. Ransomware-related cryptocurrency inflows remained high, though more victims resisted paying ransoms, despite a record number of victims on extortion portals. The ecosystem saw significant fragmentation with 161 active ransomware strains and 93 new variants, while laundering tactics shifted from mixers to increased bridge usage and cross-chain routing.

A significant data breach at TriZetto Provider Solutions compromised the personal health information of over 700,000 individuals across multiple U.S. states, including Oregon, Massachusetts, and California. The breach, discovered nearly a year after its occurrence in November 2024, involved unauthorized access to sensitive patient data, though no financial information was stolen. Cognizant, TriZetto's parent company, faces multiple class action lawsuits due to the breach, reflecting ongoing concerns about its cybersecurity practices. TriZetto detected suspicious activity on October 2, 2025, and subsequently engaged Mandiant and law enforcement to investigate and mitigate the breach. Affected healthcare providers are notifying impacted patients, assuring them that there is no current evidence of misuse such as medical fraud or identity theft. This incident follows a previous legal challenge against Cognizant by Clorox, highlighting potential vulnerabilities in its security protocols and leading to significant financial and reputational risks. The breach underscores the critical need for robust cybersecurity measures in protecting sensitive healthcare data from unauthorized access and potential exploitation.