Daily Brief

A high-risk vulnerability in LangChain's LangSmith platform, identified as AgentSmith, could allow attackers to steal sensitive data like API keys and user inputs. The flaw, carrying a CVSS score of 8.8, enabled unauthorized interception of communications between users and malicious agents configured with a proxy server. Attackers could deploy malicious agents on LangChain Hub, which users could then interact with, unknowingly routing data through the attackers' server. Compromised information may include OpenAI API keys and user prompts, leading to potential unauthorized model access, data breaches, and significant financial impacts. Following responsible disclosure and swift action by LangChain, the vulnerability was patched to prevent data interception and added warnings for potential proxy misuse. The security lapse had potential long-term effects, including legal liabilities and reputational harm for affected organizations due to unauthorized access to proprietary data and intellectual property. Separate reporting highlighted the emergence of new 'WormGPT' variants, demonstrating ongoing threats in the cybercrime arena linked to generative AI tools.

Security researchers at watchTowr uncovered multiple pre-authentication vulnerabilities in Sitecore CMS, prominently used by leading global companies. Three of the seven discovered vulnerabilities were publicly disclosed, allowing for full system control when chained together. One critical vulnerability involved hardcoded internal passwords, notably an internal account set with the password "b", which was brute-forced in just three seconds. Another vulnerability included a path traversal flaw in the ZIP unpacking mechanism, leading to remote code execution (RCE) when combined with the aforementioned password issue. A third disclosed vulnerability involved an unrestricted file upload flaw, also leading to RCE when exploited. Despite advisements against modifying default credentials, Sitecore's stance and documentation encouraged users to keep default settings, complicating security practices. These vulnerabilities were discovered in the most recent version of Sitecore at the time of the report, with patches only recently released for some issues. Over 22,000 Sitecore instances were found to be exposed, increasing the criticality of addressing these vulnerabilities in deployed environments.

Instagram ads fraudulently impersonating Canadian banks like BMO and EQ Bank have been targeting users with phishing scams and investment fraud. The ads misuse official bank branding and AI-generated deepfake videos to lure victims to phishing sites seeking personal and banking information. An example highlighted includes an ad for "Eq Marketing" that directs users to a counterfeit website, mimicking EQ Bank’s branding to collect banking credentials. Another scam ad features a fake "BMO Belski" story, misusing the name of BMO’s Chief Investment Strategist to attract potential investors to a fraudulent WhatsApp group. Scammers deploy ads via Facebook pages with follower counts likely bolstered by bots, utilizing the platform's pass-through capabilities to Instagram to avoid direct detection. Despite being reported, the fraudulent ads continued to appear on Instagram, prompting involvement from BMO and EQ Bank, and reaching out to Meta for further action. Meta has pledged to investigate and remove fraudulent content, while EQ Bank has already begun proactive measures on social media platforms to tackle these high-fidelity scams. These incidents highlight the importance of user vigilance on social media advertising and the necessity of verifying the authenticity of promotional claims through official channels.

Veeam issued security updates to address multiple vulnerabilities in their Backup & Replication software, including a critical RCE flaw. The RCE vulnerability, identified as CVE-2025-23121, affects systems integrated into domain environments and is exploitable by authenticated domain users. This flaw was specifically prevalent in Veeam Backup & Replication version 12 and later until it was resolved in the latest release, version 12.3.2.3617. Following insecure practices, many enterprises have integrated their backup servers into a Windows domain rather than following Veeam's advice to use separate Active Directory Forests and dual-factor authentication for admin accounts. Ransomware groups like Cuba and FIN7 have historically exploited similar Veeam vulnerabilities to facilitate data theft and hinder recovery by deleting backups prior to ransomware deployment. Veeam's backup solutions are widely used globally, including by 82% of Fortune 500 companies and 74% of the Global 2,000, making these vulnerabilities significant in scale and impact.

A series of vulnerabilities in Sitecore Experience Platform (XP) can lead to remote code execution (RCE) by exploiting a hardcoded password, "b," for an internal user account. The exploit chain involves three distinct vulnerabilities, starting with unauthorized authentication access through a backdoor login path. Attackers can gain an authenticated session by bypassing Sitecore's backend login checks, leading to subsequent exploitation steps. The second vulnerability exploited is a "Zip Slip" flaw within Sitecore’s Upload Wizard, allowing the execution of originally restricted paths. Potential attackers can upload malicious files, including web shells, directly into the webroot of the server, enabling further remote code execution. If the Sitecore PowerShell Extensions (SPE) module is installed, a third vulnerability allows arbitrary file uploads to any specified path, circumventing security controls. Over 22,000 Sitecore instances are publicly exposed, posing substantial security risks, especially to sectors like banking and global enterprises. Patches were released in May 2025 with detailed CVE publications delayed until June 17, 2025, urging immediate updates to mitigate potential exploitation risks.

Agentic AI systems function autonomously, adapting and acting with minimal human intervention, raising new cybersecurity challenges. These AI agents require complex identity and access management as they hold similar privileges within systems as human users do. Traditional identity and access management frameworks are inadequate for these dynamic, decision-making machines, necessitating new security models. Machine identities are being targeted by threat actors, exploiting AI's capabilities to mimic human identities and manipulate autonomous decisions. Organizations must adopt identity-first security strategies, treating AI agents as privileged entities and embedding strict controls and surveillance throughout the AI lifecycle. Delinea suggests a structured approach, including mapping AI agents’ access, aligning their privileges with specific tasks, and monitoring their activity with robust encryption and real-time logging. Swift action in redefining identity security frameworks and integrating advanced protections is essential to guard against evolving security threats and keep pace with technological advancements.

The UK Information Commissioner's Office (ICO) fined 23andMe £2.31 million for failing to secure sensitive genetic and personal data. A credential stuffing attack compromised the data of approximately 4.1 million people in the UK and Germany, including 1 million Ashkenazi Jews. The breach, undetected from April to September 2023, led to the unauthorized release of data on platforms like Reddit and BreachForums. Post-breach, 23andMe enhanced security measures, including mandatory two-factor authentication and forced password resets. The ICO considered 23andMe's cooperative behavior before finalizing the penalty, which aligns with their Data Protection Fining Guidance. 23andMe, amid financial troubles and bankruptcy, settled a related lawsuit for $30 million in September 2024.

Uzado Inc., a Canadian IT service provider, leverages a Tines Pages AI-powered workflow to automate IT ticket responses. The automated system allows employees to submit IT issues via a form, automating responses and directing tickets to appropriate IT personnel. This system is designed to handle repetitive and simple tickets such as password resets, reducing manual workload for IT teams. The AI workflow automatically resolves about 10% of total tickets, allowing IT staff to focus on more complex issues. Users benefit from faster resolutions and prefer the AI-guided troubleshooting process to traditional methods. The guide includes detailed steps for deploying the AI workflow in various IT environments, including optional tool integrations for broader functionality. The solution aims to enhance both operational efficiency and security postures, adapting to the fast-paced changes in IT threats.

The UK's Information Commissioner's Office (ICO) fined 23andMe £2.31 million for a significant data breach exposing the genetic data of nearly 7 million users. The breach was uncovered after a joint investigation by the ICO and the Office of the Privacy Commissioner of Canada, focusing on security lapses at 23andMe. Attackers used credential-stuffing techniques from April to September 2023, directly affecting approximately 14,000 accounts but leading to wider exposure due to the DNA Relatives feature. Sensitive data, including personal, familial, and health information of 155,592 UK residents was compromised, with overall impacted users around 6.9 million. 23andMe acknowledged the breach five months after it began, and it was delayed in implementing preventative measures until nearly a year after initial findings. 23andMe has filed for Chapter 11 bankruptcy, raising questions about its ability to pay the fine; however, the ICO expects compliance with enforcement actions. Enhanced security and privacy measures have been promised by TTAM Research Institute, which is set to acquire 23andMe.

Email hosting provider Cock.li confirmed a data breach impacting over one million user records. The breach exploited old vulnerabilities in the now-retired Roundcube webmail platform. Detailed user information from 1,023,800 accounts and contact entries for 93,000 additional users were exposed. Cock.li, known for its privacy-focused services, is used by various groups including cybersecurity professionals and cybercriminals. Sensitive user data was offered for sale online, but passwords, email content, and IP addresses remained secure. Cock.li has discontinued the use of Roundcube due to security vulnerabilities and is considering alternatives. All users active since 2016 are urged to reset their passwords and will be directly notified if their third-party contact information was compromised. The breach provides valuable data for researchers into the activities and affiliation of users, especially prevalent cybercriminal groups.

Researchers have identified a phishing campaign by Silver Fox APT targeting Taiwanese users with HoldingHands RAT and Gh0stCringe malware. The campaign uses phishing emails mimicking Taiwan's National Taxation Bureau, delivering malware via PDF or ZIP files. Both malware strains, HoldingHands and Gh0stCringe, derive from the widely used Gh0st RAT, often employed by Chinese hacking groups. Phishing lures include government or business-related topics like taxes, invoices, and pensions, urging recipients to open malicious attachments. The multi-stage attack involves shellcode loaders decrypting and executing encrypted shellcode, using legitimate executables for DLL side-loading. Malware capabilities include anti-VM, privilege escalation, command-and-control communications, and modules for file management and remote desktop access. Continuous evolution in malware and distribution tactics has been noted across different campaigns by the threat group.

Scattered Spider, a notorious cybercrime group, is now focusing on the U.S. insurance sector, exploiting IT support teams through advanced social engineering. Previously involved in operations against U.K. and U.S. retailers, this shift marks a targeted strategy on a new vertical—insurance. Scattered Spider has reportedly collaborated with the DragonForce ransomware cartel, enhancing their intrusion capabilities. Tactics include impersonating employees and deceiving help desk teams to bypass multi-factor authentication systems. The group’s proficiency in English and cultural fluency heightens the effectiveness of their phishing and phone-based attacks. Google’s Threat Intelligence Group warns that insurance companies need to significantly tighten security measures, implementing improved authentication protocols and training for help desk personnel. Enhancing identity control, setting access limits, and educating IT support on security practices are recommended to mitigate these threats.

Active Directory (AD) service accounts, often forgotten and unmonitored, pose significant security risks due to practices like non-expiring passwords and minimal oversight. These service accounts can become gateways for attackers to access enterprise networks, escalate privileges, and move laterally, increasing the impact of breaches. The article highlights the importance of visibility and regular reviews of service accounts to mitigate risks and manage privileges effectively. A botnet exploiting over 130,000 Microsoft 365 service accounts in 2024 underlines the necessity to update authentication measures and enforce multi-factor authentication. Privilege creep in service accounts can inadvertently grant attackers access to critical systems, emphasizing the need for constant access reevaluation. Best practices include enforcing least privilege, using managed accounts, regular auditing, and applying strong password policies to enhance security. Automated tools like Specops Password Auditor aid in proactive AD service account management by identifying vulnerabilities and enforcing security policies. The combination of manual best practices and automated tools is essential for effectively securing AD environments against potential cyber threats.

Security researchers identified three critical vulnerabilities in Sitecore Experience Platform (XP) that allow pre-authenticated remote code execution. The vulnerabilities involve a default user account with a hard-coded password of "b," allowing unauthorized API access. Attackers can exploit these vulnerabilities by uploading specially crafted ZIP files to execute arbitrary code. The issues appear from Sitecore version 10.1 onwards—using a pre-configured user database with the vulnerable settings. Current versions of Sitecore that shipped with the default account's weak password have a significant potential impact on industries like banking and airlines. Previously identified vulnerabilities in older versions of Sitecore are already under active exploitation. Sitecore users must update their installations with the latest patches to mitigate these extensive security risks immediately.

Ransomware attacks are now targeting backup systems to prevent recovery and increase ransom likelihood. Attackers use tactics such as disabling backup agents, deleting snapshots, and encrypting backup data. Common weaknesses include inadequate separation of backup environments and reliance on a single cloud provider. The article recommends the 3-2-1-1-0 backup strategy: three copies of data, two different media, one offsite copy, one immutable copy, and zero errors. Emphasizes using image-based backups, hardened backup appliances, and regular verification to enhance backup integrity. Cloud-based backups should be segmented with separate authentication systems and multi-factor authentication (MFA) for increased security. The article highlights Datto BCDR solutions for securing backups and ensuring recoverability even during severe ransomware attacks. It encourages organizations to evaluate and strengthen backup strategies to ensure data resilience against ransomware threats.