Daily Brief

Cybersecurity researchers identified vulnerabilities in the TETRA radio protocol, affecting its end-to-end encryption, making it susceptible to replay and brute-force attacks. The vulnerabilities, named 2TETRA:2BURST, were disclosed at the Black Hat USA conference, impacting law enforcement, military, and critical infrastructure users. The flaws allow for packet injection attacks, enabling potential interception and manipulation of radio communications, particularly in data-carrying networks. Specific vulnerabilities, such as CVE-2025-52940 and CVE-2025-52941, could lead to confusion among users and compromise communication integrity. While no active exploitation has been reported, patches are limited, with some fixes expected by the third quarter of 2025. ETSI clarified that the E2EE mechanism in TETRA radios is not part of its standard, advising users to consider alternative encryption solutions. The discovery also includes flaws in Sepura SC20 radios, allowing unauthorized code execution, necessitating enhanced key management practices. Organizations using TETRA networks should assess their configurations and implement mitigations to safeguard against these vulnerabilities.

At Black Hat, experts discussed AI's current advantage for cybersecurity defense, though this may shift as attackers advance their AI capabilities. Mikko Hyppönen of WithSecure noted AI's role in discovering vulnerabilities, with two dozen found in 2025, but warned of increasing AI use by hackers. Nicole Perlroth highlighted potential future advantages for offensive AI applications, amid a significant cybersecurity workforce shortage in the US. AI tools are currently used to support human-led red teaming exercises, but their independent effectiveness remains limited and prone to errors. DARPA's AI Cyber Challenge demonstrated AI's potential in vulnerability detection and patching, with 54 vulnerabilities identified and 43 patched by a winning US-South Korean team. AI's proficiency in spotting SQL vulnerabilities offers hope for addressing common security flaws, though its impact on job markets remains debated. Industry leaders emphasize AI as a tool to augment human skills rather than replace them, with human ingenuity still crucial in cybersecurity operations.

Cybercriminals are leveraging Microsoft 365 applications, notably OneNote, to conduct "native phishing" attacks, exploiting trusted tools to bypass traditional security defenses. Attackers utilize compromised Microsoft 365 accounts to distribute malicious links via built-in file-sharing features, making phishing attempts appear legitimate and reducing detection. Recent incidents show attackers using OneNote to embed phishing URLs, leading victims to convincing fake login pages created with AI-powered no-code platforms like Flazio. This method has resulted in a high success rate, as victims often unknowingly enter credentials into fraudulent sites mimicking legitimate company portals. The use of AI and no-code platforms allows threat actors to swiftly create and deploy phishing sites, increasing the efficiency and reach of their campaigns. Organizations are advised to enhance security measures by monitoring user activities and educating employees on identifying phishing attempts to mitigate risks. Varonis offers tools for real-time monitoring and incident response, helping organizations detect and respond to phishing campaigns effectively.

Wikimedia Foundation lost its initial legal challenge against the UK's Online Safety Act, which aims to enforce stricter regulations on digital platforms. The Foundation argued that the Act's Category 1 criteria are overly broad, potentially grouping Wikipedia with social media and adult content sites. The court dismissed Wikimedia's four grounds for challenge but allowed judicial reviews on two points concerning user impact and regulatory reasoning. Ofcom has yet to decide if Wikipedia qualifies as a Category 1 service, which would impose significant operational changes, including identity verification measures. Wikimedia expressed concerns that Category 1 classification could compromise user privacy and expose contributors to risks like data breaches and legal actions. The court's ruling emphasized Ofcom's responsibility to protect Wikipedia's operational integrity and suggested potential legislative amendments if necessary. The UK government views the court's decision as a step forward in implementing the Online Safety Act to enhance online security.

A critical flaw in Erlang/OTP SSH, CVE-2025-32433, is being actively exploited, affecting OT firewalls and posing significant risks to operational technology networks. Approximately 70% of exploit detections are linked to OT networks, with attackers leveraging the vulnerability to execute arbitrary code without credentials. The vulnerability, with a CVSS score of 10.0, was patched in April 2025, but remains a target due to its severe impact on encrypted communications and command execution. U.S. CISA added this flaw to its Known Exploited Vulnerabilities catalog in June 2025, acknowledging its active exploitation and potential threat to critical infrastructure. Attackers have primarily targeted sectors such as healthcare, agriculture, media, and high technology across multiple countries, including the U.S., Canada, and India. Exploitation often involves using reverse shells for unauthorized remote access, indicating a sophisticated approach to compromising network security. The widespread exposure of this flaw underscores the need for immediate patching and enhanced security measures in vulnerable sectors to mitigate potential breaches.

Cybersecurity firm Profero successfully decrypted DarkBit ransomware, allowing a victim to recover files without paying the demanded ransom of 80 Bitcoin. The attack targeted multiple VMware ESXi servers, believed to be retaliation for 2023 drone strikes in Iran, linking the incident to geopolitical tensions. DarkBit, posing as pro-Iranian hacktivists, included anti-Israel statements in ransom notes, aligning with tactics associated with Iranian state-sponsored group MuddyWater. Profero identified low entropy in DarkBit's key generation, enabling them to reduce the keyspace and recover decryption keys through high-performance computing. The attackers focused on operational disruption rather than financial gain, launching an influence campaign to damage the victim's reputation. Profero's innovative approach exploited the sparse nature of VMDK files, allowing significant data recovery without full decryption. The case illustrates the importance of analyzing malware encryption methods to develop recovery strategies, offering future victims potential assistance through Profero.

Intel CEO Lip-Bu Tan is set to meet with the White House following President Trump's call for his resignation, amid concerns over Tan's alleged connections to Chinese semiconductor firms. The meeting will likely address Intel's role in supporting US government interests, as the company commits to advancing national and economic security. Intel has faced challenges, including potential layoffs and halted expansion projects in Europe, as it struggles to maintain its technological edge. Former Intel CEO Craig Barrett criticized Tan's strategy of delaying investment in new technology until securing customer commitments, emphasizing the need for leadership in innovation. The US government considers imposing up to 100% tariffs on imported semiconductors, potentially benefiting Intel by encouraging domestic purchases. Nvidia and AMD may resume sales in China by paying a 15% license fee to the US government, highlighting the complex trade dynamics affecting the semiconductor industry. Tan's engagement with the Trump administration seeks to clarify misinformation and align Intel's efforts with the President’s America First agenda.

The rise of AI-powered deepfakes poses significant fraud risks, with Deloitte estimating potential costs of up to $40 billion in the US by 2027. Deepfake technology has advanced, enabling realistic impersonations, challenging current authentication methods, and raising concerns across industries, particularly in finance. Anti-deepfake detection tools are improving, achieving approximately 90% accuracy, yet the remaining margin still presents substantial opportunities for fraudulent activities. Financial institutions face increased vulnerability due to electronic document reliance, with deepfakes potentially facilitating large-scale identity fraud. Emerging detection tools focus on metadata analysis and edge inconsistencies, though challenges remain in identifying sophisticated voice deepfakes. The FBI and other agencies emphasize non-technical countermeasures, advising verification of sources and scrutiny of voice inconsistencies. Generative Adversarial Networks (GANs) enhance deepfake realism, posing ongoing challenges for detection efforts and increasing fraud success rates.

The U.S. Department of Justice charged four Ghanaian nationals for their involvement in a fraud ring responsible for over $100 million in losses through romance scams and business email compromise. Defendants Isaac Oduro Boateng, Inusah Ahmed, Derrick Van Yeboah, and Patrick Kwame Asare were extradited to the U.S. and face multiple charges, including wire fraud and money laundering. The fraud ring, based in Ghana, targeted vulnerable individuals and companies across the U.S. from 2016 to May 2023, using deceptive tactics to steal funds. Scammers used fake romantic relationships to deceive older individuals, convincing them to transfer money to U.S.-based middlemen who laundered the funds. Business email compromise attacks involved spoofed email accounts to impersonate company employees, tricking businesses into unauthorized wire transfers. The extradition and charges highlight international cooperation in combating cybercrime and holding perpetrators accountable for large-scale financial fraud. The case underscores the importance of vigilance in email communications and verifying financial transactions to prevent similar scams.

Trend Micro disclosed critical vulnerabilities in its Apex One Management Console, identified as CVE-2025-54948 and CVE-2025-54987, both rated 9.4 on the CVSS scale. These vulnerabilities involve command injection and remote code execution, posing significant risks if exploited by attackers. Trend Micro has observed at least one instance of active exploitation in the wild, prompting urgent mitigation measures. Temporary mitigations have been released by Trend Micro to address these flaws, with users advised to implement them immediately. The vulnerabilities highlight the importance of regular patching and monitoring to prevent unauthorized access and potential data breaches. Organizations using Apex One must prioritize updating their systems to safeguard against these critical security threats.

Organizations are refining their security strategies to focus on business-critical assets, directly impacting revenue and operations, rather than just technical vulnerabilities. A structured four-step methodology has emerged, enabling organizations to align security efforts with business priorities, resulting in significant efficiency gains. Companies implementing this approach have reported up to a 96% reduction in remediation efforts, enhancing security posture where it is most impactful. Engagements with industry leaders highlight the growing role of CFOs in cybersecurity, emphasizing the need for framing security in terms of business risk management. The methodology fosters a common language between technical teams and business stakeholders, improving decision-making and communication. Security teams are encouraged to integrate business context into prioritization, focusing on assets that, if compromised, would disrupt core business functions. The approach shifts the focus from technical metrics to business outcomes, transforming security from a technical function into a strategic enabler.

Marks and Spencer has reinstated its Click & Collect service following a significant cyberattack that disrupted operations in April, affecting online and in-store services. The attack initially forced M&S to take its internal processes offline, pausing online orders and limiting payment options, impacting customer experience and operational efficiency. Despite most services being restored, some functionalities like online stock checking and international orders remain unavailable, indicating ongoing recovery challenges. The financial impact of the attack is substantial, with M&S forecasting a £300 million loss in profits for the 2025/26 financial year, highlighting the severe economic implications of cyber incidents. The National Crime Agency arrested four individuals, including a minor, suspected of involvement in the attacks on M&S and other UK retailers, though no charges have been filed yet. The attacks are speculated to be linked to the Scattered Spider gang, known for social engineering tactics, underscoring the persistent threat posed by organized cybercriminal groups. Rival retailer Next reported increased sales, attributing part of its success to disruptions faced by competitors like M&S, illustrating competitive vulnerabilities in the retail sector.

Over 29,000 Microsoft Exchange servers remain unpatched against CVE-2025-53786, posing a significant risk of lateral movement and domain compromise in cloud environments. This high-severity flaw allows attackers to escalate privileges by manipulating trusted tokens or API calls, complicating detection efforts. Affected versions include Exchange Server 2016, 2019, and the Subscription Edition in hybrid configurations, with a hotfix released in April 2025. Despite no current evidence of exploitation, the vulnerability is tagged as "Exploitation More Likely," increasing its potential attractiveness to threat actors. The U.S. CISA issued Emergency Directive 25-02, mandating federal agencies to mitigate the vulnerability by updating and securing their Exchange environments. CISA strongly advises all organizations, regardless of sector, to follow federal mitigation steps to protect against potential attacks. The flaw's risks extend globally, with over 7,200 affected IP addresses in the U.S., 6,700 in Germany, and 2,500 in Russia.

The article examines the evolving landscape of job applications, focusing on optimizing CVs for AI-driven recruitment systems that are increasingly prevalent in today's job market. AI recruitment tools often prioritize keyword matching and pattern recognition, prompting candidates to tailor their CVs with specific industry-relevant terms and phrases. Applicants are advised to include comprehensive lists of skills, tools, and certifications to align with AI filters, which may not fully understand context or implied expertise. The article suggests using AI tools to generate multiple CV versions, enhancing the likelihood of passing initial AI screenings by matching specific job descriptions. It acknowledges the biases inherent in AI systems, which can reflect existing industry biases, but argues that AI is not necessarily worse than human recruiters. The piece stresses the importance of maintaining a balance between AI-optimized content and readability for human recruiters, ensuring the CV remains effective across different evaluation methods. The discussion includes potential pitfalls, such as AI hallucinations, where incorrect or exaggerated skills might be inadvertently included, necessitating careful review by the applicant.

Connex Credit Union, a major Connecticut-based financial institution, experienced a data breach affecting 172,000 members, exposing personal and financial information. The breach occurred between June 2 and June 3, 2025, with unauthorized access to sensitive data, including Social Security numbers and account details. Despite the breach, Connex reports no evidence of unauthorized access to members' funds or accounts, but warns of potential phishing scams targeting its members. Connex has issued scam alerts on its website, advising members on how to identify fraudulent communications and urging them to report suspicious activity. The incident is part of a broader trend of data breaches, with groups like ShinyHunters and Scattered Spider targeting high-profile companies across various sectors. This breach underscores the critical need for robust cybersecurity measures and proactive member communication to mitigate the impact of such incidents.