Daily Brief

Two 17-year-olds were arrested in Bishop's Stortford for their involvement in a ransomware attack on Kido nurseries, targeting sensitive data of over 1,000 children. The cybercrime group, Radiant Group, leaked children's photos and addresses on the dark web after breaching Kido's systems, seeking to extort the nursery chain. The attack exploited a software service, Famly, although no breach of Famly's security infrastructure was confirmed, according to its CEO. The Metropolitan Police and UK NCSC have been actively investigating, with significant progress marked by these arrests. This incident is part of a broader trend of teenagers in the UK being linked to high-profile cyberattacks, raising concerns about youth involvement in cybercrime. The breach has raised alarms about data security in educational institutions, emphasizing the need for robust cybersecurity measures. Authorities continue efforts to bring all responsible parties to justice, ensuring community reassurance and enhanced cyber resilience.

Attackers exploited stolen OAuth tokens to access Google Workspace mailboxes via Drift integrations, bypassing traditional security measures and highlighting the risks of delegated access. Google responded swiftly by revoking the compromised tokens and disabling the affected integration, demonstrating the importance of rapid incident response capabilities. The incident reflects a broader trend where attackers prioritize token theft over endpoint breaches, leveraging legitimate access to conduct high-volume data exfiltration. Material Security emphasizes a shift towards resilience and containment, advocating for robust detection and response strategies across cloud environments. The event underscores the need for comprehensive OAuth governance, including inventory management, scope tightening, and proactive revocation of risky app permissions. Organizations are advised to enhance identity security beyond MFA, focusing on phishing-resistant authentication and monitoring for suspicious account behaviors. The incident serves as a reminder that securing the perimeter is insufficient; protecting the content and assuming breaches will occur are critical to minimizing impact.

Cybersecurity firm Huntress identified a campaign by suspected Chinese hackers using the Nezha tool to deploy Gh0st RAT malware, targeting over 100 machines primarily in Taiwan, Japan, South Korea, and Hong Kong. The attackers utilized a technique known as log poisoning to plant a web shell on vulnerable web servers, gaining control through the ANTSWORD tool. Initial access was achieved via a publicly exposed phpMyAdmin panel, where attackers executed SQL commands to drop a PHP web shell, exploiting general query logging features. The Nezha agent facilitated remote command execution, allowing the deployment of PowerShell scripts to bypass Microsoft Defender Antivirus and launch Gh0st RAT. The operation's dashboard, intriguingly run in Russian, listed victims globally, including in the U.S., U.K., and several Asian and European countries. This incident illustrates the increasing abuse of publicly available tools by threat actors, leveraging them for low-cost, deniable, and often undetected attacks. Organizations are reminded to secure publicly exposed interfaces and monitor for unusual activities, particularly those involving open-source tools.

Germany has announced its opposition to the EU's proposed "Chat Control" regulations, which would mandate scanning of private communications for child sexual abuse material. The regulations would require communication platforms to implement AI-powered content filters, potentially compromising end-to-end encryption and user privacy. Germany's stance is pivotal, as its population size significantly influences the EU's legislative process, likely preventing the regulations from passing. Privacy-focused organizations, including Signal and Tuta Mail, have threatened to exit the EU market if the regulations are enacted, citing privacy and security concerns. Critics argue that the regulations could lead to mass surveillance, undermining digital privacy and security, and posing risks to activists, journalists, and other vulnerable groups. The opposition from Germany and other countries forms a blocking minority, crucial for halting the legislation, which requires a qualified majority to pass. The debate emphasizes the ongoing tension between privacy rights and regulatory efforts to combat illegal content online.

LockBit, Qilin, and DragonForce have announced a strategic alliance to enhance their ransomware capabilities, potentially increasing the frequency and sophistication of attacks. This coalition aims to share techniques, resources, and infrastructure, bolstering each group's operational strength and expanding their reach. The resurgence of LockBit, following its previous takedown, is marked by the release of LockBit 5.0, targeting Windows, Linux, and ESXi systems. Qilin, a leading ransomware group, has been particularly active, with over 200 victims in Q3 2025, predominantly targeting North American organizations. The alliance may lead to a surge in attacks on critical infrastructure and sectors previously deemed low risk, posing significant threats to global cybersecurity. A notable trend is the expansion of ransomware attacks to countries like Egypt, Thailand, and Colombia, as threat actors seek to evade law enforcement in traditional hotspots. The professional, scientific, and technical services sectors have been heavily impacted, with over 375 victims, highlighting the broadening scope of ransomware activities.

Weak passwords continue to cause significant financial losses annually, with many breaches preventable through better password management practices. Attackers often exploit simple login credentials, leading to increased security incidents and operational challenges for IT teams. The Hacker News and Specops Software are hosting a webinar titled "Cybersecurity Nightmares: Tales from the Password Graveyard" to address these issues. The session will cover real-world password breach examples and the shortcomings of traditional password policies. Attendees will learn about new tools designed to prevent attacks and enhance security without complicating user experience. Specops Software aims to help IT teams improve security measures while maintaining productivity and reducing user friction. The webinar offers a strategic action plan for IT leaders to mitigate password-related risks effectively.

A severe vulnerability in Figma's MCP server, CVE-2025-53967, allowed remote code execution through command injection, posing significant risks to developers. The flaw stemmed from unsanitized user input in command-line strings, enabling attackers to inject arbitrary system commands. Exploitation could occur via indirect prompt injection, especially impacting AI-driven coding tools like Cursor integrated with Figma. Imperva reported the vulnerability as a "design oversight," emphasizing the need for secure coding practices in AI development environments. The vulnerability was addressed in version 0.6.3 of figma-developer-mcp, released on September 29, 2025, with recommendations to avoid using child_process.exec with untrusted inputs. This incident serves as a reminder of the potential security pitfalls in AI development tools and the importance of keeping security measures aligned with technological advancements. Concurrently, FireTail disclosed a separate vulnerability in Google's Gemini AI, highlighting the ongoing challenges in securing AI-integrated enterprise platforms.

OpenAI identified and disrupted three clusters of cybercriminals using ChatGPT for malware development, involving actors from Russia, North Korea, and China. Russian threat actors leveraged ChatGPT to refine a remote access trojan, employing multiple accounts to develop and troubleshoot components for credential theft. North Korean activities involved using ChatGPT for malware and command-and-control development, targeting South Korean diplomatic missions with spear-phishing campaigns. Chinese hackers utilized the AI tool to enhance phishing campaigns targeting investment firms, focusing on the Taiwanese semiconductor sector. OpenAI's intervention blocked accounts used for scam and influence operations, preventing misuse of AI for social media manipulation and phishing content generation. The findings reveal threat actors' adaptation to evade detection, such as altering text indicators that suggest AI-generated content. OpenAI's actions underscore the ongoing challenge of AI tools being exploited for malicious purposes, highlighting the need for continuous monitoring and response.

Salesforce confirmed it will not pay ransom demands following extensive data theft attacks impacting its customers, warning of potential data leaks by threat actors. Threat actors, identified as "Scattered Lapsus$ Hunters," targeted 39 companies, including major brands like FedEx, Disney, and Google, threatening to release nearly 1 billion stolen records. The data was exfiltrated during two separate campaigns, initiated through social engineering and OAuth token exploitation, affecting Salesforce instances and customer environments. The first campaign involved impersonation tactics to connect malicious applications to Salesforce, enabling database theft and subsequent extortion attempts. The second campaign leveraged stolen OAuth tokens to access CRM environments, focusing on extracting sensitive information like credentials and API tokens. The data leak site used for extortion was reportedly seized by the FBI, with the domain now under control, suggesting law enforcement intervention. Salesforce's stance against ransom payments underscores the importance of robust incident response and highlights the ongoing risk of supply chain vulnerabilities.

Docker has announced unlimited access to its Hardened Images catalog, providing secure software bundles to startups and SMBs at an affordable rate. The catalog offers container images verified to be free of known vulnerabilities, ensuring near-zero CVEs for development teams. Hardened Images are built from source code with continuous upstream patches, reducing security risks by eliminating unnecessary components. Docker's partnership with SRLabs ensures images are signed, rootless by default, and free from high-severity breakout issues. A seven-day patch Service Level Agreement ensures timely updates when new vulnerabilities are identified, maintaining robust security standards. The catalog includes a variety of images for AI, databases, and more, with FedRAMP-ready variants meeting U.S. federal security standards. This initiative could significantly enhance security across the Docker ecosystem, promoting safer container deployment practices.

Google has decided not to address an ASCII smuggling vulnerability in its Gemini AI assistant, which can manipulate the AI into providing false information or altering its behavior. ASCII smuggling uses special characters to introduce invisible payloads, exploiting the gap between user-visible content and machine-readable data in large-language models. Security researcher Viktor Markopoulos demonstrated the attack's effectiveness on AI tools like Gemini, DeepSeek, and Grok, while others like ChatGPT and Microsoft CoPilot remain secure. The vulnerability poses a significant risk due to Gemini's integration with Google Workspace, potentially allowing attackers to embed hidden instructions in Calendar invites or emails. Google dismissed the issue as a non-security bug, suggesting it requires social engineering to exploit, but the potential for autonomous data extraction remains a concern. Other tech companies, such as Amazon, have issued guidance on Unicode character smuggling, indicating varying industry perspectives on the threat. The findings were reported to Google on September 18, yet the company has not provided further clarification or changes in its security approach.

Google's AI assistant, Gemini, is vulnerable to ASCII smuggling, which can manipulate its behavior and deliver false information to users. ASCII smuggling uses special Unicode characters to introduce hidden payloads, creating a gap between visible and machine-readable content. The vulnerability poses increased risks as Gemini, an agentic AI tool, accesses sensitive data and performs tasks autonomously. Security researcher Viktor Markopoulos found Gemini, DeepSeek, and Grok susceptible, while Claude, ChatGPT, and Microsoft CoPilot remain secure. Google dismissed the issue as non-critical, viewing it as a potential social engineering exploit rather than a security bug. The vulnerability could allow attackers to embed hidden commands in Google Workspace, leading to identity spoofing and unauthorized data extraction. Amazon has issued security guidance on Unicode character smuggling, contrasting Google's stance on the issue.

A LayerX study reveals that 45% of enterprise employees use generative AI tools, with 77% copying data into chatbots, risking data leakage and compliance issues. The report notes that 22% of data pasted into AI tools includes sensitive PII or PCI information, often from unmanaged personal accounts, creating significant blind spots. Approximately 40% of file uploads to AI platforms contain PII/PCI data, with 39% originating from non-corporate accounts, complicating data governance. High-profile incidents, such as Samsung's temporary ban on ChatGPT, underscore potential geopolitical, regulatory, and compliance challenges posed by AI data leaks. ChatGPT has become the dominant AI tool in enterprises, used by over 90% of employees, surpassing alternatives like Google Gemini and Microsoft Copilot. The rapid adoption of AI tools in enterprises prompts calls for enhanced security measures, such as enforcing Single Sign-On (SSO) for better data flow visibility. LayerX's client base includes global enterprises across financial services, healthcare, and technology sectors, emphasizing the widespread nature of this security challenge.

DraftKings, a major sports betting company, reported a breach affecting an undisclosed number of customer accounts due to credential stuffing attacks. Attackers accessed limited customer data, including names, addresses, and partial payment card details, but did not obtain sensitive information like full financial account numbers. Credential stuffing involves using stolen credentials from other platforms to access accounts, a tactic that exploits password reuse among users. In response, DraftKings is mandating password resets and multifactor authentication for affected accounts to enhance security measures. Customers are advised to change passwords, monitor financial accounts, and consider credit freezes and fraud alerts as precautionary steps. The FBI has long warned about the rising threat of credential stuffing, driven by the availability of leaked credentials and automated hacking tools. DraftKings previously experienced a similar attack in November 2022, resulting in significant financial losses and subsequent customer reimbursements.

The Clop ransomware group exploited a zero-day vulnerability in Oracle E-Business Suite to execute data theft attacks since early August, as reported by CrowdStrike. Identified as CVE-2025-61882, the flaw allows unauthenticated remote code execution through a low-complexity attack, posing significant risks to unpatched systems. Security researchers discovered that the vulnerability involves a chain that can be exploited with a single HTTP request, raising the threat level. CrowdStrike noted potential involvement of multiple threat actors, including GRACEFUL SPIDER, in exploiting this vulnerability for data theft and extortion. Oracle has issued a patch and strongly advises customers to apply it immediately to mitigate ongoing exploitation risks. Clop has been contacting executives for ransom, threatening to leak sensitive data allegedly stolen from affected Oracle systems. The U.S. State Department offers a $10 million reward for information linking Clop's activities to foreign governments, highlighting the severity of these attacks. This incident underscores the critical need for timely patch management and vigilance against zero-day vulnerabilities in enterprise environments.