Daily Brief

OpenAI has discontinued a feature that allowed ChatGPT conversations to be indexed by search engines, addressing privacy concerns. The decision came after discovering that users were sharing sensitive information through indexed chats, despite warnings. Dane Stuckey, CISO of OpenAI, labeled the feature as a harmful experiment and affirmed the removal of the search-indexing option. Efforts are underway to remove already indexed contents from search engines, with changes to be fully implemented by tomorrow morning. This feature rollback mirrors a similar privacy issue encountered by Venmo, highlighting ongoing privacy challenges in tech innovations. The exposure was not by default; users had to actively opt-in to make their chats discoverable via a shareable link. Search engines like Bing and DuckDuckGo still show thousands of results, indicating a partial success in the ongoing purge of indexed chats. OpenAI continues to face privacy-related challenges, including legal demands to retain customer data, posing conflicts with user privacy commitments.

Microsoft's AI app Recall, designed to capture PC screenshots for later retrieval, frequently fails to filter sensitive information despite claims of improved security. Tests reveal that Recall can still capture and store credit card details, passwords, and even social security numbers, presenting a significant privacy risk. Despite Microsoft enhancing security measures, such as encryption and requiring Windows Hello for access, Recall’s sensitive data filter is not consistently reliable. Recall poses particular risks to vulnerable users, as it can inadvertently capture sensitive web browsing details that could be used against them by others with access to their device. Security experts and privacy advocates express concern over the app's functionality, which could potentially be bypassed or exploited by cybercriminals. Microsoft faces criticism for promoting Recall during the Windows setup process on new PCs, emphasizing the tension between user convenience and security risks. Calls for further improvements and user feedback underline ongoing vulnerabilities and challenges in securing personal data within such applications.

China's CNCERT/CC accuses US spies of using a Microsoft Exchange zero-day exploit to access data from a major Chinese military enterprise. The attack reportedly lasted from July 2022 to July 2023, targeting over 50 devices within the enterprise’s intranet. CNCERT/CC claims these cyberattacks are increasingly covert and pose a serious threat to national security. The US allegedly used remote access techniques and multiple covert channels to steal defense-related data including military product designs. Additional allegations include the exploitation of electronic file system bugs to compromise another Chinese military industry enterprise in the communications and satellite sectors. Over 300 devices were reportedly affected in this second attack, with sensitive data being extracted by searching for keywords like 'military network.' Claims of US espionage follow reports from US entities accusing Chinese groups of similar incursions into American systems.

SonicWall firewall devices have been increasingly compromised by Akira ransomware attacks since late July, likely exploiting an unknown vulnerability. Akira ransomware, which emerged in March 2023, has affected over 300 organizations and secured over $42 million in ransoms from 250 victims. High-profile victims of Akira include major firms and institutions such as Nissan, Hitachi, and Stanford University. Arctic Wolf Labs noted that the ransomware intrusions often began via unauthorized SonicWall SSL VPN connections. Potential entry points for the attackers could include zero-day vulnerabilities or credential theft through brute force and dictionary attacks. The attackers utilized virtual private server hosting to disguise their VPN authentication efforts. SonicWall advised customers to disable SSL VPN services temporarily and enhance security measures while awaiting patches. A separate security advisory was issued recently urging customers to patch SMA 100 appliances against a critical vulnerability, signaling ongoing security challenges for SonicWall.

Pi-hole, a network-level ad blocker, announced that a security flaw in the GiveWP WordPress plugin led to the exposure of donor names and email addresses. The leak occurred through the donation form on Pi-hole's website, making personal donor data visible in the page’s source code without authentication. The affected data did not include financial details as these are processed separately by Stripe and PayPal, and the Pi-hole software product was not compromised. The data breach impacted nearly 30,000 donors, with information about the breach added to the 'Have I Been Pwned' notification service. GiveWP responded to the security report by releasing a patch within hours, but Pi-hole criticized the delay and their initial handling of the issue. Pi-hole has apologized to donors and acknowledged the potential damage to its reputation, stressing accountability although the vulnerability was unexpected. Despite the patch, Pi-hole highlighted ongoing concerns over the plugin developer’s acknowledgment of the flaw's potential impact on donor privacy.

Cybersecurity researchers at Aim Labs identified a severe vulnerability in the Cursor AI code editor, enabling remote code execution. The flaw, tracked as CVE-2025-54135 with a CVSS score of 8.6, was patched in the software's version 1.3 released on July 29, 2025. Attackers could exploit this vulnerability by injecting malicious data through a Slack MCP server, leading to automatic command execution without user confirmation. Exploits could allow attackers to execute code, deploy ransomware, steal data, and manipulate AI behavior. The vulnerability stemmed from the automatic execution feature of MCP server entries, which did not require user approval to run potentially malicious payloads. Cursor has responded by updating their security features, moving from a denylist approach to an allowlist to control executable commands more securely. Additional attacks exploiting similar vulnerabilities in GitHub README.md file parsing were disclosed, showcasing methods for stealing sensitive information like API keys and SSH credentials. Other coding platforms, such as Google's Gemini CLI, have also been targeted with similar security flaws, highlighting an industry-wide need for enhanced security measures in developmental tools.

A staff member at Everglades Correctional Institution mistakenly emailed inmates with contact details of visitors, causing security concerns. The leaked information included names, email addresses, and phone numbers of visitors. Families of inmates express fears of potential extortion threats following the leak. Several affected individuals were notified by the prison about the data breach. This incident adds to the series of similar data breaches through email by official sources in recent years including a significant leak by the Police Service of Northern Ireland. The Florida Department of Corrections has not responded to inquiries regarding the incident. Victims impacted by the breach, like those with past stalking experiences, are particularly worried about their safety.

Cybersecurity researchers uncovered a new series of attacks using fake Microsoft OAuth applications for credential phishing and account takeovers. Phishing emails impersonate legitimate companies like Adobe and RingCentral, urging users to click on malicious links leading to fake OAuth consent pages. These attacks employ phishing kits like Tycoon and ODx that can bypass multi-factor authentication, tricking users into divulging credentials and MFA codes. Despite the appearance of legitimacy, the permissions requested by these fake applications serve mainly to facilitate further stages of the attack, including redirects to fake Microsoft account authentication pages using adversary-in-the-middle techniques. Over the past year, these techniques have led to nearly 3,000 attempted compromises across more than 900 Microsoft 365 environments. Microsoft is responding by tightening security measures, including disabling legacy authentication and requiring admin consent for new third-party apps. Proofpoint warns of the increasing sophistication in attack chains designed to evade detection and gain unauthorized access, predicting this method will become the criminal industry standard.

Cursor IDE's AI-agent can execute code with developer privileges due to the CurXecute vulnerability, identified as CVE-2025-54135. Attackers can trigger malicious commands in Cursor by injecting harmful prompts, potentially leading to ransomware and data theft. CurXecute vulnerability is compared to the EchoLeak vulnerability in Microsoft 365 CoPilot, which also allowed data theft without user interaction. Cursor's integration with MCP protocol exposes it to security risks from untrusted external data, potentially rewriting critical configuration files. Successful exploitation allows attackers to run arbitrary commands or manipulate the AI's behavior, significantly impacting both project integrity and security. Aim Security disclosed the vulnerability to Cursor, which prompted a swift response with a patch released in Cursor version 1.3. Users are urged to update to the latest version of Cursor to mitigate risk associated with this and other known vulnerabilities.

Malicious npm package, @kodane/patch-manager, used AI to disguise as a node utility, draining Solana funds from over 1,500 victims before its removal. Developed by an unknown user under the pseudonym "Kodane" and uploaded on July 28, 2025, the package claimed to optimize Node.js application performance. The package executed a post-installation script that hid its payload in system directories, linked to a command-and-control server to coordinate its actions. This malware specifically targeted cryptocurrency wallets on compromised machines, automatically transferring funds to a hardcoded Solana wallet address. Safety, a software supply chain security firm, identified and disclosed the malicious nature of the npm package. Features suggestive of AI involvement include the use of descriptive comments, emojis, and a README.md consistent with outputs from Anthropic's Claude AI. The incident underscores rising concerns about using AI tools to develop sophisticated and convincing malware in software supply chains.

Security Operations Centers (SOCs) are heavily investing in AI, but often use outdated data that limits AI effectiveness. SOC teams need enriched, context-rich data for AI models to effectively detect and respond to threats. Legacy data, with its lack of granularity and context, generates "data debt," hindering AI's potential within cybersecurity. Attackers are using AI to create adaptive, precise strategies, widening the gap with SOCs using inadequate data. Transitioning to AI-ready data involves structuring and enriching information to feed AI models efficiently. AI-driven detection and response are enhanced by comprehensive, real-time data that captures full event contexts. As AI technology evolves, the quality of data fed into AI systems has become critical to outperform advanced threats. The quality and structure of data are as decisive for AI in cybersecurity as nutrition is for a triathlete's performance.

The Zero Day Initiative announces a $1 million bounty for a zero-click WhatsApp exploit at Pwn2Own Ireland 2025. Meta, alongside Synology and QNAP, sponsors the event scheduled for October 21-24 in Cork, Ireland. Contest targets multiple technologies, including mobile phones, smart home devices, and wearable tech from big brands like Samsung and Apple. This year, the contest introduces expanded attack vectors including USB port exploitation to compromise locked mobile devices. Registration for participants ends on October 16, with the competition order decided by a random drawing. After successful exploits, vendors have a 90-day window to patch vulnerabilities before they are publicly disclosed by the Zero Day Initiative. The previous year's event in Ireland awarded over $1 million for various security vulnerabilities across multiple devices.

A cybercriminal group "UNC2891" used a Raspberry Pi connected to a bank’s network to illegally withdraw money from an ATM in Indonesia. The device, equipped with a 4G modem, facilitated remote access to the bank's network, bypassing security measures like perimeter firewalls. UNC2891 deployed a backdoor, Tinyshell, to maintain persistent control over the network and facilitate the cash theft. Although some of the loot was successfully extracted, the attack was mitigated a few days after the first withdrawal. The attackers also aimed to deploy a rootkit named "Caketap" to spoof authorization messages for further withdrawals. Forensic investigators struggled to trace and address the breach due to advanced obfuscation techniques used by the criminals. The incident highlights the necessity for enhanced network and memory forensics beyond conventional incident response strategies.

Storm-2603, a suspected China-based threat actor, has utilized vulnerabilities in Microsoft SharePoint to deploy ransomware variants including Warlock and LockBit Black. This group employs a diverse toolbox integrating legitimate software and custom malicious tools, utilizing both HTTP and DNS communication protocols via their AK47 C2 framework. Their operations were notably targeting organizations in Latin America and the Asia-Pacific region throughout the first half of 2025. Tools mentioned include masscan, WinPcap, and a custom DNS-commanded backdoor, along with malware execution through cmd.exe. Storm-2603 also uses techniques like BYOVD to bypass security measures by using third-party drivers to disable endpoint defenses. Despite their ransomware deployment, the exact motivation—whether espionage or purely financial—is still undetermined. This group’s approach indicates a blend of APT-level tactics and criminal activities, raising concerns about the evolving sophistication in global cyber threats.

ASIO Director-General Mike Burgess highlighted the risks of Australian defense employees listing sensitive job details on LinkedIn. Foreign intelligence services are intensifying efforts to target Australians involved in defense and intelligence through cyber espionage and other methods. Multiple incidents noted where foreign entities approached Australian defense contractors at events and compromised their systems, leading to intellectual property theft. Over 35,000 Australians with profiles on LinkedIn indicate access to potentially classified information. Despite a decrease in numbers, Burgess expressed concern over the still prevalent over-sharing on professional networks. The Australian Strategic Policy Institute report suggests Australian intelligence is lagging behind in technology updates, impacting their capabilities. Burgess called for improved personal and organizational cybersecurity practices to mitigate espionage risks.