Daily Brief

A new "zero-click" AI vulnerability found in Microsoft 365 Copilot allows data exfiltration without user interaction. Identified by Aim Security, the flaw, named EchoLeak, exploits the large language model's (LLM) Scope Violation and leads to unintended data breaches. EchoLeak could enable attackers to exfiltrate sensitive data without detection, leveraging AI to process commands that appear benign. Microsoft has issued a patch for the vulnerability (CVE-2025-32711), which carries a high severity score of 9.3, adding it to the June 2025 Patch Tuesday updates. Relatedly, CyberArk outlined a new type of attack called "Full-Schema Poisoning," impacting the Model Context Protocol (MCP) and potentially leading to broader security breaches. GitHub's integration issues with MCP could allow attackers to hijack user agents and leak data from private repositories. The growing reliance on MCP across different platforms increases the attack surface, exposing enterprises to new kinds of vulnerabilities like DNS rebinding. Experts recommend strengthening permissions and continuously auditing interactions within systems to mitigate such emerging cyber threats.

Non-human identities (NHIs) like service accounts and API keys are now significantly outnumbering human users, creating large security vulnerabilities. 70% of valid secrets found in public repositories remain active for three years, risking breaches in major organizations such as the U.S. Department of Treasury and Toyota. Secrets and credentials are often scattered across various systems and environments, making traditional perimeters ineffective for modern security demands. Increased usage of AI and cloud services is complicating the management of NHIs, leading to proliferation of orphaned credentials and over-privileged accounts. Traditional secrets managers are insufficient; despite their secure storage capabilities, they fail to manage the full lifecycle governance of NHIs. GitGuardian’s NHI security platform offers solutions such as automated discovery, continuous monitoring, and integrated remediation to tackle these issues effectively. Organizations must adopt unified IAM strategies that encompass both NHIs and human identities to reduce security risks and ensure regulatory compliance.

Cybercriminals infiltrated NHS Professionals’ systems in May 2024, stealing its Active Directory database. Attackers exploited a compromised Citrix account to gain domain admin access and moved laterally using RDP and SMB share access. Deloitte's incident report highlights that the attackers likely exfiltrated the Active Directory database and engaged in further malicious activity. NHS Professionals engaged in immediate remedial actions, including password resets and disabling drive mapping, but many recommended security measures remain incomplete. The lack of multi-factor authentication and endpoint detection were major security gaps that allowed prolonged unauthorized access. Deloitte’s investigation suggested that ransomware deployment could have been the attackers’ goal, though this was not achieved. NHSP stated that they found no evidence of data compromise, although Deloitte's report suggested data theft likely occurred. Ongoing security improvements are recommended to bolster NHS Professionals’ cyber resilience and operational effectiveness in line with national standards.

Fog ransomware hackers employed a mix of open-source penetration testing tools and legitimate software, notably Syteca, for monitoring employee activities. Compromised VPN credentials were initially used to infiltrate networks, alongside tactics such as "pass-the-hash" to escalate privileges and disable security mechanisms. The attack targeted a financial institution in Asia, with researchers identifying the use of atypical tools not commonly observed in previous ransomware incidents. Among the tools used were Syteca for keystroke and screen monitoring, Stowaway for covert communications, and SMBExec for lateral movements. GC2, an open-source tool used for C2 activities via Google Sheets or Microsoft SharePoint, was also deployed and is a method previously linked to APT41, a known Chinese threat group. Other utilities like 7-Zip, MegaSync, and FreeFileSync were used for data preparation and exfiltration. Symantec's documentation reveals these unusual toolsets could significantly help in avoiding detection by traditional security systems. The insights include indicators of compromise which could aid organizations in bolstering defenses against such sophisticated ransomware tactics.

ConnectWise is set to rotate code signing certificates for ScreenConnect, ConnectWise Automate, and their RMM solutions due to security vulnerabilities highlighted by third-party research. The identified issue involves how ScreenConnect manages configuration data in portions of the installer that remain unsigned, which could potentially create insecure design patterns. The company is issuing new certificates and releasing an update to improve the management of configuration data in ScreenConnect, with all digital certificate revocations slated for completion by June 13. Despite the identified concerns, ConnectWise confirmed there was no compromise of its systems or existing certificates. Users of on-premise versions need to update to the newest builds and ensure all agents are updated before the specified cutoff to prevent service interruptions. The adjustments to certificate management and product hardening are being accelerated, following recently disclosed breaches involving suspected nation-state actors using CVE-2025-3935 for ViewState code injection attacks. The breaches underline the increasing use of legitimate RMM software by attackers to facilitate stealthy, persistent access through 'living-off-the-land' techniques.

Proofpoint identified a cyberattack, codenamed UNK_SneakyStrike, using the TeamFiltration tool to target Microsoft Entra ID accounts. More than 80,000 user accounts across various organizational cloud tenants have been affected since December 2024. The attackers utilized Microsoft Teams API and AWS servers across different regions for user enumeration and password spraying. TeamFiltration, an open-source penetration tool introduced at DEF CON in August 2022, was used for account takeovers and data exfiltration. Attack tactics included extensive password spraying, exfiltrating data, uploading malicious files to Microsoft OneDrive, and gaining persistent account access. The primary sources of the attacks were traced back to IP addresses in the United States (42%), Ireland (11%), and Great Britain (8%). The attack strategy involved targeting all user accounts in smaller cloud tenants and selected subsets in larger tenants, exploiting the tool's advanced targeting capabilities.

Cybercriminals have developed a fake installer for the Chinese AI model DeepSeek-R1, embedding a new malware called "BrowserVenom." BrowserVenom redirects browser traffic through a server controlled by attackers, enabling data theft including credentials, financial information, and sensitive documents. The phishing campaign uses a website that mimics the legitimate DeepSeek homepage to distribute the malware, exploiting AI and chatbot interest. The campaign has affected users in multiple countries including Brazil, India, and South Africa, among others, and continues to pose a global threat. Kaspersky Labs identified the campaign which involves deceptive domains and search engine advertisements to lure victims. The malware only infects users with admin privileges, installing a hardcoded certificate and proxy server to intercept and monitor web traffic. Google has responded by suspending the advertiser's account involved in promoting the malicious site through top search result ads.

A novel method named 'SmartAttack' uses smartwatches to exfiltrate data from air-gapped systems through covert ultrasonic signals. Air-gapped environments, typically found in sensitive and secure areas, aim to prevent data breaches by being physically isolated from other networks. Despite such security measures, systems are still at risk from insider threats such as rogue employees or compromised supply chain elements. SmartAttack operates by infecting a system with malware that can then transmit data via ultrasonic sounds, undetectable by human ears, to a nearby smartwatch. The smartwatch interprets these signals to extract binary data, which can then be transmitted out of the secure environment using standard wireless communications. Factors influencing the effectiveness of SmartAttack include the type of smartwatch microphone, the orientation of the watch, and the range from the emitting source. Recommended mitigations include banning the use of smartwatches in secure settings, eliminating speakers on secure systems, or employing ultrasonic jamming techniques.

Erie Insurance and Erie Indemnity Company reported a cyberattack causing recent platform outages and business disruptions. The attack was first detected on Saturday, June 7, 2025, as unusual network activity. Following the detection, immediate actions were taken to protect systems and data, including activating incident response protocols. The incident has led to significant customer service issues, with difficulties logging into accounts and delays in processing claims and paperwork. Erie is collaborating with law enforcement and cybersecurity experts to conduct a comprehensive forensic analysis to understand the full scope of the attack. Despite the cyberattack, Erie Insurance has assured customers that it will not request payments via call or email during this outage period. The company has provided alternative contact methods for customers needing to initiate claims or require assistance. The nature, scope, and full impact of the cyber incident are still under investigation, and no details have been disclosed about whether this involved ransomware or data theft.

FIN6, previously known for credit card theft and point-of-sale attacks, now engages in sophisticated phishing attacks targeting job recruiters via LinkedIn and Indeed. The cybercriminal group uses fake job-seeker profiles to lure recruiters to malicious websites hosted on AWS, disguised as personal portfolios. Recruiters are tricked into downloading a ZIP file containing the More_eggs malware, a JavaScript-based backdoor that facilitates remote command execution, credential theft, and further malware delivery. More_eggs operates primarily in memory, posing detection challenges due to its ability to evade standard security measures. The domains used for the fake portfolios are registered anonymously and leverage privacy features from GoDaddy, complicating efforts to track and shut down the malicious sites. Additional layers of deception include non-hyperlinked emails and CAPTCHA walls that screen out automated scanners, enhancing the success rate of the phishing campaign. DomainTools has identified and published indicators of compromise to aid in the detection and analysis of this campaign, highlighting the ongoing threat from FIN6 through less conventional vectors. Despite the article's humorous comment on recruiters, it underscores the serious nature of such targeted phishing scams and the vulnerabilities they exploit.

Salesforce has assigned five new CVEs related to the Flexcards and Data Mappers in their CRM system following a security evaluation. Over 20 configuration issues were reported, exposing risks such as unauthorized access and session hijacking; however, only five were considered for CVE labeling. Misconfigurations identified by AppOmni were not classified by Salesforce as CVEs, pushing the responsibility for security fixes onto the customers. These vulnerabilities mainly involve default settings and poor configuration choices by users, which can lead to severe security breaches involving sensitive data access. Salesforce advises customers to rigorously assess and secure their configurations to prevent potential exploitations by attackers. Aaron Costello from AppOmni highlighted the necessity for organizations using Salesforce's industry clouds to enforce field-level security and apply regular updates. The report by Costello also recommended increasing the component permission requirements and using private caching methods to enhance data protection.

A new zero-click AI vulnerability named 'EchoLeak' enables data exfiltration from Microsoft 365 Copilot without user interaction. The flaw, assigned CVE-2025-32711 and rated critical by Microsoft, was reported by Aim Labs researchers and has been addressed server-side. EchoLeak is categorized under a new class of vulnerabilities called 'LLM Scope Violation,' affecting large language models by leaking sensitive data involuntarily. The attack methodology involves a crafted email with a hidden prompt, which when processed by Copilot, inadvertently leaks data via crafted links or images. Microsoft has implemented fixes ensuring no customer impact and confirmed the absence of real-world exploitation of this vulnerability. The incident underscores the potential risks and the need for heightened security measures around AI-integrated systems within enterprise environments. Recommended actions include enhancing prompt injection filters, applying granular input scoping, and configuring RAG engines to block potentially malicious external communications.

Former associates of the Black Basta ransomware group have continued employing phishing and Python scripts in their attacks, adopting methods like Microsoft Teams phishing. ReliaQuest identified significant activity in Teams phishing between February and May 2025, with many attacks originating from compromised onmicrosoft[.]com domains. These threat actors are impersonating legitimate entities and tend to leverage existing remote desktop tools like Quick Assist and AnyDesk to gain deeper access, followed by deploying malicious Python scripts for command-and-control operations. After the Black Basta’s internal communications leak in February, the tactics have largely remained the same, although the original group identity has decreased in visibility. The attackers are speculated to have possibly transitioned to other Ransomware-as-a-Service (RaaS) groups like CACTUS or have integrated into the newly identified BlackLock group and DragonForce ransomware cartel. New Java-based Remote Access Trojans (RATs) are being deployed by these groups, now utilizing cloud file hosting services to disguise command and control traffic and enhance capabilities like file transfer and data theft. Rapidly evolving techniques suggest an increase in the complexity and stealth of future phishing campaigns, likely involving more sophisticated RATs and persistent access strategies.

An APT group, Stealth Falcon, exploited a zero-day RCE vulnerability in Windows WebDav to target Middle Eastern governments and defense entities. The CVE-2025-33053 vulnerability enables remote execution by misusing the directory handling of system executables to run malicious code from WebDAV servers. Microsoft patched the flaw in their latest update following its discovery and detailed analysis by Check Point Research. Attackers leveraged a .url file, disguised as a PDF in phishing emails, to manipulate the working directory of Windows tools and execute malware remotely. The malware installed includes 'Horus Loader' and 'Horus Agent,' sophisticated tools for espionage activities such as system fingerprinting and command execution. Check Point's investigation revealed the inclusion of additional post-exploitation tools like a credential dumper and a passive backdoor, enhancing the attackers' capabilities. Given the sophistication and stealth of the attacks, critical entities are urged to update their systems and monitor or block WebDAV traffic to prevent similar exploits.

Interpol, in collaboration with Asian countries, successfully conducted Operation Secure, arresting 32 individuals linked to infostealer malware. The operation led to the shutdown of 20,000 malicious domains and IP addresses, representing 79% of the targets identified. Authorities seized 41 servers and over 100 GB of data, disrupting numerous cybercrime operations. The multi-country effort involved contributions from 26 nations, focusing on tracking down servers, analyzing intelligence, and executing coordinated takedowns. In Vietnam, police apprehended a group leader, seizing cash, SIM cards, and documents indicating plans to sell corporate accounts. Additional raids in Sri Lanka and Nauru resulted in 14 arrests, with further investigations identifying 40 more victims of the malware. Hong Kong Police played a significant role, analyzing over 1,700 intelligence items and identifying 117 command-and-control servers. More than 216,000 individuals at risk from infostealer malware were notified and advised to take protective actions such as changing passwords and freezing accounts.