Daily Brief

Over 80,000 Microsoft Entra ID accounts at various organizations worldwide were targeted using password-spraying attacks. The attacks were orchestrated through the TeamFiltration pentesting framework, a tool designed for large-scale intrusion attempts. The threat actor, identified as UNK_SneakyStrike, initiated the campaign in December and peaked activity on January 8 with 16,500 accounts attacked in one day. Researchers from Proofpoint discovered the campaign and linked the malicious activity to specific tools and tactics used by UNK_SneakyStrike. TeamFiltration was instrumental in account enumeration, credential spraying, and exploiting Microsoft Teams API via "sacrificial" accounts. The attackers primarily used AWS servers and targeted IP addresses predominantly in the United States, Ireland, and the UK. Proofpoint recommends organizations enhance security measures such as enabling multi-factor authentication, enforcing OAuth 2.0, and using conditional access policies. The indicators of compromise and specific detection rules suggested by researchers include blocking certain IPs and monitoring for unique user agent strings associated with TeamFiltration.

Cybersecurity researchers have unveiled a novel attack, TokenBreak, which bypasses AI content moderation by altering a single character in a text. TokenBreak targets large language models (LLMs) by manipulating text tokenization, enabling the transmission of content that should be blocked. The attack uses slight modifications to words (e.g., "finstructions" for "instructions") which confuse AI without losing clarity for human readers. This technique capitalizes on the AI's statistical analysis of token relationships but does not trip its detection mechanisms, thereby not flagging the input as malicious. While effective against LLMs using BPE (Byte Pair Encoding) or WordPiece tokenization, the technique does not work against models utilizing Unigram tokenization. Researchers suggest defending against TokenBreak by opting for Unigram tokenizers, incorporating training with bypass scenarios, and aligning tokenization with model logic. The recent discovery adds to concerns about AI vulnerabilities, including the exploitation of Model Context Protocol and the Yearbook Attack tricking AIs into unsuitable responses.

Microsoft has launched a new feature in Edge for secure password deployment tailored for enterprise use. This functionality is designed to prevent unauthorized access and the inadvertent sharing of passwords in corporate environments. The feature is integrated into Microsoft Edge for Business and is available to users with Microsoft 365 Business Premium, E3, and E5 subscriptions. Secure password deployment involves encrypted sharing of passwords among specified users, enhancing security and compliance with Zero Trust principles. Managed passwords are automatically filled in on websites via Edge, and cannot be edited or exported to ensure security. The deployment and management of these passwords are controlled through the Microsoft 365 admin center, where admins can set and update access policies. Microsoft emphasizes the integration of its Information Protection SDK with Edge to extend data protection all the way to user endpoints. This move by Microsoft aims to streamline password management and bolster security measures for organizations.

Microsoft has introduced a new feature in Edge for securely sharing passwords within enterprise scenarios, now generally available to Microsoft Edge for Business users. The feature, known as secure password deployment, enhances security by minimizing risks related to unintentional password sharing among unintended recipients. Secure password deployment is available with Microsoft 365 Business Premium, E3, and E5 subscriptions and demands an Edge admin or Global admin role to configure. Through this feature, encrypted passwords can be deployed to specific user groups and automatically filled in on corresponding websites, promoting a secure auto-login experience. Administrators control the management and distribution of credentials through policies using the Microsoft Edge management service within the Microsoft 365 admin center. The feature extends Microsoft's data protection capabilities to endpoint security, with passwords encrypted by Microsoft Information Protection SDK and integrated with Entra identities for compliance adherence. Despite these security measures, passwords can be accessed through developer tools, though access can be restricted by admins using specific policies.

AI agents include non-human identities such as API keys, service accounts, and OAuth tokens, which operate silently. These AI-created identities, while powerful, often lack proper security measures, posing significant risks. Attackers have already started exploiting these vulnerabilities to gain access to critical systems. Traditional identity and access management tools are ineffective against threats posed by AI impersonation of users. The webinar led by Jonathan Sander focuses on identifying and securing these invisible AI identities. Security leaders, CTOs, DevOps leads, and AI development teams are the primary audience, emphasizing the urgency of securing such systems. The session aims to provide actionable insights and strategies to mitigate risks associated with AI identities in business environments.

GitLab released updates to rectify multiple serious vulnerabilities in its DevSecOps platform. Key issues patched include an account takeover vulnerability through HTML injection and a missing authorization flaw allowing injection of malicious CI/CD jobs. Affected GitLab versions were promptly updated to 18.0.2, 17.11.4, and 17.10.8, impacting both community and enterprise editions. GitLab.com has already been updated to the patched versions, while dedicated customers require no actions. The vulnerabilities, if exploited, could allow attackers to perform actions as a legitimate user or disrupt service through a denial of service (DoS) attack. GitLab emphasizes the immediate upgrade of all self-managed installations to secure sensitive data, noting that over 30 million users and 50% of Fortune 100 companies use their platform.

A new "zero-click" AI vulnerability found in Microsoft 365 Copilot allows data exfiltration without user interaction. Identified by Aim Security, the flaw, named EchoLeak, exploits the large language model's (LLM) Scope Violation and leads to unintended data breaches. EchoLeak could enable attackers to exfiltrate sensitive data without detection, leveraging AI to process commands that appear benign. Microsoft has issued a patch for the vulnerability (CVE-2025-32711), which carries a high severity score of 9.3, adding it to the June 2025 Patch Tuesday updates. Relatedly, CyberArk outlined a new type of attack called "Full-Schema Poisoning," impacting the Model Context Protocol (MCP) and potentially leading to broader security breaches. GitHub's integration issues with MCP could allow attackers to hijack user agents and leak data from private repositories. The growing reliance on MCP across different platforms increases the attack surface, exposing enterprises to new kinds of vulnerabilities like DNS rebinding. Experts recommend strengthening permissions and continuously auditing interactions within systems to mitigate such emerging cyber threats.

Non-human identities (NHIs) like service accounts and API keys are now significantly outnumbering human users, creating large security vulnerabilities. 70% of valid secrets found in public repositories remain active for three years, risking breaches in major organizations such as the U.S. Department of Treasury and Toyota. Secrets and credentials are often scattered across various systems and environments, making traditional perimeters ineffective for modern security demands. Increased usage of AI and cloud services is complicating the management of NHIs, leading to proliferation of orphaned credentials and over-privileged accounts. Traditional secrets managers are insufficient; despite their secure storage capabilities, they fail to manage the full lifecycle governance of NHIs. GitGuardian’s NHI security platform offers solutions such as automated discovery, continuous monitoring, and integrated remediation to tackle these issues effectively. Organizations must adopt unified IAM strategies that encompass both NHIs and human identities to reduce security risks and ensure regulatory compliance.

Cybercriminals infiltrated NHS Professionals’ systems in May 2024, stealing its Active Directory database. Attackers exploited a compromised Citrix account to gain domain admin access and moved laterally using RDP and SMB share access. Deloitte's incident report highlights that the attackers likely exfiltrated the Active Directory database and engaged in further malicious activity. NHS Professionals engaged in immediate remedial actions, including password resets and disabling drive mapping, but many recommended security measures remain incomplete. The lack of multi-factor authentication and endpoint detection were major security gaps that allowed prolonged unauthorized access. Deloitte’s investigation suggested that ransomware deployment could have been the attackers’ goal, though this was not achieved. NHSP stated that they found no evidence of data compromise, although Deloitte's report suggested data theft likely occurred. Ongoing security improvements are recommended to bolster NHS Professionals’ cyber resilience and operational effectiveness in line with national standards.

Fog ransomware hackers employed a mix of open-source penetration testing tools and legitimate software, notably Syteca, for monitoring employee activities. Compromised VPN credentials were initially used to infiltrate networks, alongside tactics such as "pass-the-hash" to escalate privileges and disable security mechanisms. The attack targeted a financial institution in Asia, with researchers identifying the use of atypical tools not commonly observed in previous ransomware incidents. Among the tools used were Syteca for keystroke and screen monitoring, Stowaway for covert communications, and SMBExec for lateral movements. GC2, an open-source tool used for C2 activities via Google Sheets or Microsoft SharePoint, was also deployed and is a method previously linked to APT41, a known Chinese threat group. Other utilities like 7-Zip, MegaSync, and FreeFileSync were used for data preparation and exfiltration. Symantec's documentation reveals these unusual toolsets could significantly help in avoiding detection by traditional security systems. The insights include indicators of compromise which could aid organizations in bolstering defenses against such sophisticated ransomware tactics.

ConnectWise is set to rotate code signing certificates for ScreenConnect, ConnectWise Automate, and their RMM solutions due to security vulnerabilities highlighted by third-party research. The identified issue involves how ScreenConnect manages configuration data in portions of the installer that remain unsigned, which could potentially create insecure design patterns. The company is issuing new certificates and releasing an update to improve the management of configuration data in ScreenConnect, with all digital certificate revocations slated for completion by June 13. Despite the identified concerns, ConnectWise confirmed there was no compromise of its systems or existing certificates. Users of on-premise versions need to update to the newest builds and ensure all agents are updated before the specified cutoff to prevent service interruptions. The adjustments to certificate management and product hardening are being accelerated, following recently disclosed breaches involving suspected nation-state actors using CVE-2025-3935 for ViewState code injection attacks. The breaches underline the increasing use of legitimate RMM software by attackers to facilitate stealthy, persistent access through 'living-off-the-land' techniques.

Proofpoint identified a cyberattack, codenamed UNK_SneakyStrike, using the TeamFiltration tool to target Microsoft Entra ID accounts. More than 80,000 user accounts across various organizational cloud tenants have been affected since December 2024. The attackers utilized Microsoft Teams API and AWS servers across different regions for user enumeration and password spraying. TeamFiltration, an open-source penetration tool introduced at DEF CON in August 2022, was used for account takeovers and data exfiltration. Attack tactics included extensive password spraying, exfiltrating data, uploading malicious files to Microsoft OneDrive, and gaining persistent account access. The primary sources of the attacks were traced back to IP addresses in the United States (42%), Ireland (11%), and Great Britain (8%). The attack strategy involved targeting all user accounts in smaller cloud tenants and selected subsets in larger tenants, exploiting the tool's advanced targeting capabilities.

Cybercriminals have developed a fake installer for the Chinese AI model DeepSeek-R1, embedding a new malware called "BrowserVenom." BrowserVenom redirects browser traffic through a server controlled by attackers, enabling data theft including credentials, financial information, and sensitive documents. The phishing campaign uses a website that mimics the legitimate DeepSeek homepage to distribute the malware, exploiting AI and chatbot interest. The campaign has affected users in multiple countries including Brazil, India, and South Africa, among others, and continues to pose a global threat. Kaspersky Labs identified the campaign which involves deceptive domains and search engine advertisements to lure victims. The malware only infects users with admin privileges, installing a hardcoded certificate and proxy server to intercept and monitor web traffic. Google has responded by suspending the advertiser's account involved in promoting the malicious site through top search result ads.

A novel method named 'SmartAttack' uses smartwatches to exfiltrate data from air-gapped systems through covert ultrasonic signals. Air-gapped environments, typically found in sensitive and secure areas, aim to prevent data breaches by being physically isolated from other networks. Despite such security measures, systems are still at risk from insider threats such as rogue employees or compromised supply chain elements. SmartAttack operates by infecting a system with malware that can then transmit data via ultrasonic sounds, undetectable by human ears, to a nearby smartwatch. The smartwatch interprets these signals to extract binary data, which can then be transmitted out of the secure environment using standard wireless communications. Factors influencing the effectiveness of SmartAttack include the type of smartwatch microphone, the orientation of the watch, and the range from the emitting source. Recommended mitigations include banning the use of smartwatches in secure settings, eliminating speakers on secure systems, or employing ultrasonic jamming techniques.

Erie Insurance and Erie Indemnity Company reported a cyberattack causing recent platform outages and business disruptions. The attack was first detected on Saturday, June 7, 2025, as unusual network activity. Following the detection, immediate actions were taken to protect systems and data, including activating incident response protocols. The incident has led to significant customer service issues, with difficulties logging into accounts and delays in processing claims and paperwork. Erie is collaborating with law enforcement and cybersecurity experts to conduct a comprehensive forensic analysis to understand the full scope of the attack. Despite the cyberattack, Erie Insurance has assured customers that it will not request payments via call or email during this outage period. The company has provided alternative contact methods for customers needing to initiate claims or require assistance. The nature, scope, and full impact of the cyber incident are still under investigation, and no details have been disclosed about whether this involved ransomware or data theft.