Daily Brief

LinkedIn announced it will begin scraping data from users in the EU, EEA, Switzerland, Canada, and Hong Kong for AI training starting November 3, 2025. This expansion removes previous exemptions, including those for the UK, allowing LinkedIn to use profile details and public posts for AI model development. Private messages are excluded from data collection due to past legal challenges, although LinkedIn will share data with Microsoft and its subsidiaries. Users have the option to opt out of data sharing and AI training through LinkedIn's settings, with specific toggles available under Data Privacy and Advertising Data. The change aims to enhance personalized advertising across Microsoft's network, using LinkedIn profile, feed activity, and ad engagement data. Users worldwide, except those in newly affected regions, have already experienced data scraping for AI purposes, though affiliate advertising is a new addition. The update raises privacy concerns, urging users to act within the seven-day window to adjust settings and protect personal data from potential breaches.

A vulnerability in ChatGPT Atlas browser allows attackers to inject persistent malicious instructions into the AI's memory, posing significant security risks. The exploit leverages a cross-site request forgery (CSRF) flaw, enabling unauthorized code execution and potential control over user accounts and systems. ChatGPT's memory feature, designed for personalized interactions, can be corrupted to persistently store harmful instructions across devices and sessions. Attackers can execute privilege escalations, data exfiltration, and other malicious actions by exploiting tainted memory, bypassing typical security measures. LayerX Security's research indicates that ChatGPT Atlas lacks robust anti-phishing controls, leaving users significantly more vulnerable than traditional browsers. Comparisons show ChatGPT Atlas and similar browsers stop a lower percentage of web vulnerabilities than Google Chrome and Microsoft Edge. The development highlights the need for enterprises to treat AI browsers as critical infrastructure due to their growing role in productivity and potential security threats.

Intruder's 2025 Exposure Management Index analyzes data from over 3,000 organizations, focusing on vulnerability response across various industries and company sizes. High-severity vulnerabilities have increased by nearly 20% year-on-year, intensifying pressure on security teams without corresponding increases in resources. Generative AI is facilitating faster exploitation of both new and unpatched older vulnerabilities, complicating defense efforts. Despite challenges, 89% of critical vulnerabilities were fixed within 30 days in 2025, up from 75% in 2024, driven by heightened executive awareness. Smaller companies continue to remediate vulnerabilities faster than larger ones, though the gap is narrowing as both improve response times. The report emphasizes the need for streamlined processes and effective tools to mitigate delays in larger organizations. The study also examines the role of European regulations and the impact of AI on the threat landscape, urging organizations to adapt quickly.

NeuralTrust researchers discovered a vulnerability in OpenAI's Atlas browser, where malicious prompts disguised as URLs can be executed as trusted user commands. The issue arises from Atlas's omnibox, which fails to differentiate between legitimate URLs and natural-language commands, leading to potential exploitation. Attackers can craft malformed URLs that, when pasted into the omnibox, are treated as trusted prompts, bypassing safety checks. Examples of potential misuse include phishing attacks and unauthorized file deletions, leveraging social engineering tactics to trick users into pasting malicious links. OpenAI has not yet responded to these findings, but NeuralTrust suggests mitigation strategies, such as treating omnibox inputs as untrusted by default. This vulnerability reflects a broader challenge in agentic browsers, where the boundary between user intent and untrusted content is not strictly enforced. Organizations using Atlas should remain vigilant and consider implementing recommended security measures to prevent exploitation of this flaw.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for U.S. government agencies to patch a critical Windows Server Update Services (WSUS) vulnerability, tracked as CVE-2025-59287. This vulnerability is a remote code execution flaw that allows attackers to gain SYSTEM privileges on Windows servers configured with the WSUS Server role. Microsoft has released out-of-band security updates to address this issue, urging IT administrators to implement these patches immediately to mitigate potential threats. Cybersecurity firms Huntress and Eye Security have reported active exploitation attempts, with attackers targeting exposed WSUS instances using default ports 8530/TCP and 8531/TCP. CISA's directive, part of Binding Operational Directive 22-01, requires federal agencies to patch this vulnerability by November 14th to prevent unauthorized access and potential breaches. Organizations are advised to disable the WSUS Server role on vulnerable systems if immediate patching is not possible, removing the attack vector until updates can be applied. The Shadowserver group is monitoring over 2,800 WSUS instances online, emphasizing the widespread exposure and urgency for remediation. This incident reinforces the critical need for timely patch management and vigilance against emerging threats to maintain cybersecurity integrity.

X, formerly Twitter, announced a mandatory re-enrollment of security keys by November 10, initially causing security breach speculation. The re-enrollment is necessary due to the transition from the twitter.com domain to x.com, not due to any security incident. Only Yubikeys and passkeys are affected, while other 2FA methods like authenticator apps remain unchanged. Physical security keys are currently linked to the twitter.com domain and must be re-registered to function with x.com. This move aligns with X's broader strategy to phase out the Twitter domain and embrace passwordless authentication. The shift to passkeys is part of a larger industry trend towards enhanced security and reduced reliance on traditional passwords. While passkeys enhance security against phishing, they do not address software vulnerabilities or insider threats. The change reflects ongoing efforts by major tech companies to promote more secure, passwordless authentication methods.

Microsoft issued an out-of-band security update to address a critical WSUS vulnerability, CVE-2025-59287, which is actively being exploited in the wild. This flaw, with a CVSS score of 9.8, allows remote code execution, posing significant risks to Windows Server Update Service environments. Attackers are deploying a .NET executable and Base64-encoded PowerShell payload to execute arbitrary commands on compromised systems. Organizations are urged to apply the patch immediately to prevent potential breaches and maintain operational integrity. The rapid exploitation of this vulnerability underscores the necessity for timely patch management and proactive security measures. The incident serves as a reminder of the critical importance of maintaining robust update and vulnerability management processes. Security teams should prioritize reviewing and updating their systems to mitigate risks associated with newly discovered vulnerabilities.

Former CISA Director Jen Easterly suggests AI could drastically reduce cybersecurity threats by swiftly identifying and fixing software vulnerabilities, potentially diminishing the need for traditional security teams. Easterly emphasizes the root issue is not cybersecurity itself but the poor quality of software, often prioritized for speed and cost over security, leading to widespread vulnerabilities. AI advancements empower both attackers and defenders, enabling more sophisticated malware but also offering tools for rapid vulnerability detection and mitigation. CISA's AI action plan aims to leverage AI for enhanced detection, countermeasures, and ensuring software is secure by design, potentially shifting the advantage to defenders. Easterly advocates for demystifying hackers, suggesting that common vulnerabilities remain the primary tools for cyber threats, rather than advanced cyber weapons. The White House AI Action Plan supports secure-by-design principles, emphasizing security as a priority in AI system development, aligning with Easterly's views on software risk reduction. Businesses are encouraged to demand higher security standards from software vendors, leveraging secure-by-design principles internally and with suppliers to mitigate risks.

Qilin ransomware group, also known as Agenda, has targeted over 40 victims monthly in 2025, with peak activity in August and September affecting 84 victims each month. Primary targets include manufacturing, professional services, and wholesale trade sectors, impacting countries like the U.S., Canada, the U.K., France, and Germany. The group employs a ransomware-as-a-service (RaaS) model, leveraging leaked credentials for initial access and utilizing tools like Mimikatz for credential harvesting. Qilin's attack strategy includes the use of legitimate tools such as Cyberduck and AnyDesk to mask activities and facilitate data exfiltration and remote access. Recent attacks feature a Linux ransomware variant deployed on Windows systems, utilizing the BYOVD technique to bypass security measures and compromise backup systems. The group has adapted to modern infrastructure by targeting hyperconverged platforms like Nutanix AHV, indicating a shift beyond traditional VMware environments. Organizations are advised to enhance monitoring of remote access tools and strengthen credential management to mitigate risks associated with such sophisticated ransomware campaigns.

OpenAI's Atlas browser, integrated with ChatGPT, is vulnerable to prompt injection attacks, allowing malicious prompts disguised as URLs to execute harmful commands. Attackers exploit the browser's omnibox, which misinterprets crafted URLs as trusted user input, potentially leading users to phishing sites or executing commands like file deletion. The vulnerability stems from insufficient validation of user inputs, making the browser susceptible to executing unintended actions based on manipulated prompts. Security researchers warn that malicious extensions can spoof AI sidebars, tricking users into downloading malware or exfiltrating data through manipulated browser interfaces. OpenAI acknowledges the challenge of prompt injection, implementing red-teaming, model training, and safety measures, yet considers it an unresolved security issue. The broader AI browser industry, including Perplexity, is adopting multi-layered defenses against prompt injection, recognizing it as a critical security challenge. The ongoing threat requires continuous innovation in security strategies to protect against sophisticated attacks targeting AI decision-making processes.

The United Nations introduced the Convention against Cybercrime, marking the first global agreement aimed at combating online crime, with 72 nations signing the treaty. The Convention seeks to enhance international cooperation in cybercrime prevention, focusing on surveillance and cross-border evidence sharing. Human rights organizations, including the Electronic Frontier Foundation and Human Rights Watch, express concerns over potential impacts on free speech and privacy. Cisco has echoed these concerns, indicating the treaty may not adequately protect human rights, posing risks to the rule of law. UN Secretary-General António Guterres emphasized the treaty's potential to overcome barriers in digital evidence sharing, crucial for international justice efforts. The Convention's effectiveness depends on ratification and implementation by signatory nations, which remains a critical next step. While hailed as a milestone for digital safety, the treaty faces scrutiny over balancing security measures with fundamental human rights protections.

Effortless Motors, a car customization company, reported a cyberattack on a transport firm's network, resulting in the disappearance of a customized Range Rover for Shaquille O'Neal. The incident involved a sophisticated criminal operation targeting the transport company responsible for moving the vehicle from Atlanta to Louisiana. Effortless Motors is collaborating with law enforcement and federal agencies to locate the vehicle and pursue the perpetrators. The theft of such a uniquely modified vehicle presents challenges for resale on the black market, potentially complicating the thieves' plans. This event underscores the need for enhanced cybersecurity measures in logistics and transport sectors to prevent similar incidents. The case exemplifies the growing trend of cybercriminals exploiting vulnerabilities in supply chain operations for high-value targets.

Cybercriminals are leveraging the RedTiger tool to create an infostealer targeting Discord accounts, extracting sensitive data including payment information and browser-stored credentials. The malware, based on a Python penetration testing suite, is misused to steal Discord tokens, browser passwords, cryptocurrency wallet data, and game account details. Attackers compile RedTiger's code into standalone binaries, disguising them with gaming or Discord-related names to deceive users. Once installed, the malware extracts and validates Discord tokens, intercepts API calls, and captures sensitive events like logins and purchases. The infostealer archives collected data, uploading it to GoFile for anonymous access, with download links sent to attackers via Discord webhooks. RedTiger employs anti-sandbox techniques and process overloads to evade detection, complicating forensic analysis. Users are advised to avoid downloading unverified executables, revoke compromised tokens, change passwords, and enable multi-factor authentication to mitigate risks.

Researchers at Datadog Security Labs identified a new phishing tactic, CoPhish, leveraging Microsoft Copilot Studio agents to steal OAuth tokens through fraudulent consent requests. The attack exploits the flexibility of Copilot Studio, allowing malicious actors to use legitimate Microsoft domains to deceive users into granting unauthorized access. CoPhish relies on social engineering, targeting both unprivileged users and administrators, with potential to compromise high-privileged roles despite upcoming Microsoft policy changes. Attackers create malicious multi-tenant apps to capture session tokens, exploiting the legitimate appearance of URLs and Microsoft IP addresses to avoid detection. Microsoft plans to address these vulnerabilities in future updates, emphasizing the need for stronger governance and consent policies to prevent misuse. Organizations are advised to restrict administrative privileges, enforce application consent policies, and monitor application creation activities to mitigate risks. Datadog suggests disabling default user application creation and enhancing monitoring of consent events to close security gaps in Microsoft's baseline configurations.

Researchers at Datadog Security Labs discovered a new phishing technique, CoPhish, leveraging Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via trusted Microsoft domains. CoPhish exploits the flexibility of Copilot Studio, allowing attackers to create malicious applications that appear legitimate and trick users into granting access. The attack involves configuring Copilot agents to redirect users to malicious URLs, collecting session tokens without user awareness. Microsoft's response includes plans to address these vulnerabilities in future updates, focusing on hardening governance and consent processes. Current protective measures include limiting administrative privileges, reducing application permissions, and enforcing stringent governance policies. Despite upcoming changes, high-privileged roles remain susceptible to CoPhish attacks, necessitating robust application consent policies. Organizations are advised to disable user application creation defaults and closely monitor application consent activities to mitigate risks.