AI: The new trigger word. Or is it Robots? – PSW #894

Larry Pesce

1. Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak
2. Improving Risk Management Decisions with SBOM Data
3. Security Flaw Turns Unitree Robots Into Botnets
4. Bin4ry/UniPwn
5. I Saved a PNG Image To A Bird
6. Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say
7. S0lidStat3/dendrite: Dendrite – A body camera direction finding hardhat
8. The vulnerability that killed FreeWifi_Secure – 7h30th3r0n3
9. Legacy Vulnerabilities in Wireless Firmware: The Lingering Threat of the Pixie Dust Exploit
10. Please Unstalk Me: Understanding Stalking with Bluetooth Trackers and Democratizing Anti-Stalking Protection

Lee Neely

1. UK government to be guarantor for Jaguar Land Rover loan as it recovers from cyberattack

   The British government announced it is underwriting a loan for auto manufacturer Jaguar Land Rover (JLR) as the company and its supply chain attempt to recover from the disruption caused by a cyberattack earlier this month. JLR itself is responsible for repaying the £1.5 billion ($2 billion) five-year loan from an unnamed commercial bank, but the lender has received a guarantee that the British government would step in if JLR fails to repay it.

2. Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown

   The UK Government has announced that it will guarantee a £1.5 billion (US$2.01 billion) commercial bank loan to Jaguar Land Rover (JLR) through the Export Development Guarantee (EDG) "to give certainty to its supply chain" while JLR's production lines remain shut down and its large network of suppliers have been cut off in the wake of a debilitating cyberattack.

   Reports are the attack is costing JLR about $67-94 million USD per day, and the attack started August 31st., so they are motivated to restart operations as soon as possible.  The loan heck of a statement of support and precident from the UK Government. They are leveraging the UK EDG to underwrite the loan, which is a support mechanism designed to help UK companies who sell overseas. Hopefully other UK companies who fall into this category will be able to avail themselves of a similar option in a timely fashion.

3. Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

   GTIG) has observed a backdoor malware campaign in which threat actors tracked as "UNC5221 and closely related, suspected China-nexus threat clusters," maintained long-term access to various US organizations' systems, exploiting vulnerable network appliances that did not support endpoint detection and response (EDR) tools. The intrusions notably targeted US "legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology [providers]" often employed by governments and large companies, and the average period of undetected access was 393 days. GTIG notes that logs were seldom retained long enough to help determine an initial access vector apart from a "focus on compromising perimeter and remote access infrastructure," especially VMware vCenter and ESXi hosts.

   We've all run appliances of one flavor or another which cannot run our EDR tool.  Having tools such as Mandiant's BRICKSTORM scanner, which doesn't require YARA, can be helpful with these.

   Consider storing logs offline, leverage a data lake if you have one, for 18 or more months. Maybe a good time to review NIST SP 800-92 and M-21-31 for ideas on how to improve your logging processes

4. Exclusive: Neon takes down app after exposing users’ phone numbers, call recordings, and transcripts

   The recently-launched Neon call-recording app has been taken down, following a report from TechCrunch that logged-in users were able "to access the phone numbers, call recordings, and transcripts of any other user." Neon pays users who allow them to record their phone calls; Neon then sells the data to AI companies to be used in training their models.

   Access controls continue to challenge service providers. Recording of sessions and using AI driven transcription is a common solution, and it can be a real time saver later on, making this extremely attractive to implement. Understand (and verify) what  data is collected, where it is going to be stored and who can access it.

5. Teens arrested by Dutch police reportedly suspected of spying for Russia

   Authorities in the Netherlands have arrested two teenagers in connection with suspected espionage on behalf of Russia. According to the authorities, the two individuals were recruited via Telegram by a hacker with Russian ties; one of the teenagers allegedly walked past Europol, Eurojust, and the Canadian embassy carrying a Wi-Fi sniffer. The individuals appeared before a magistrate judge on September 25; one is still in police custody, the other is under house arrest.

   Don't assume an APT only uses uses agents their ethnic origin, recruiting locals for espionage is a tried and true tradition. When carrying/using tools like a Wi-Fi or Cellular sniffers or access points, make sure that you understand the legal ramifications, weather transmitting, recieving or de-authorizing, your cybersecurity research may be their crime and it's not guaranteed to end well, particularly if a government or foreign entity comes into play.

6. XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

   Microsoft Threat Intelligence has observed "limited attacks" involving a new variant of XCSSET, a type of modular malware first observed in 2020 that targets macOS systems by spreading through Xcode projects and executing once an infected project is built, then taking control of a variety of apps and exfiltrating information. The new variant notably monitors the clipboard for signs of copied digital wallet addresses and replaces them "with its own predefined set of wallet addresses," and has components that target Firefox for information theft.

   Mitigations include running the latest macOS and Xcode, run a current EDR which will detect/block XCSSET activity and verifying the integrity of Xcode projectes dowloaded or cloned. Enable threat detection and malicious site protections in bowsers.  Grab the IOCs from the Microsoft blog for your threat hunters.

7. CISA and International Partners: Guidance for Securing OT Systems

   CISA and partner agencies in six countries have published a guidance for securing operational technology (OT) systems. The document, Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture, "defines a principles-based approach for how OT organizations should build, maintain and store their systems understanding. It is aimed at cyber security professionals working in organisations that deploy or operate OT across greenfield and brownfield deployments. Integrators and device manufactures can also use these principles to ensure their solutions enable effective asset and configuration management." The five principles are: define processes for establishing and maintaining the definitive record; establish an OT information security management programme; identify and categorise assets to support informed risk-based decisions; identify and document connectivity within your OT system; and understand and document third-party risks to your OT system. The document was developed by the UK National Cyber Security Centre (NCSC), the Australian Signals Directorate Australian Cyber Security Centre (ASD's ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (Cyber Centre), the US Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Netherlands National Cyber Security Centre (NCSC-NL) and Germany’s Federal Office for Information Security (BSI).

   Read the document, and then engage your OT system owners to do the same. Then have a conversation about how you can document and monitor their environment without disrupting it or lowering their availabilty or security. Fundamentally you need to know what is out there and what it's doing before you can start discussing security.

8. Researchers Say Critical Fortra GoAnywhere MFT Flaw is Under Active Exploit

   Fortra disclosed a critical deserialization of untrusted data vulnerability in their GoAnywhere Managed File Transfer (MFT) software on September 18 and released a patch the same day. Researchers at watchTowr Labs say they have observed "credible evidence" that the vulnerability has been actively exploited in the wild since at least September 10. In their analysis of the issue, researchers at Rapid7 maintain that it "is not just a single deserialization vulnerability, but rather a chain of three separate issues.

   The Fortra vulnerability was one of five vulnerabilities added to the CISA's Known Exploited Vulnerabilities (KEV) catalog on Monday, September 29 with a mitigation due date of October 20.

   If you're running Fortra's GoAnywhere MFT, make sure the patch is applied and that access to the Admin console is not available over the Internet, that is the attack vector. CVE-2025-10035, deserialization of untrusted data flaw, has a "perfect" CVSS score of 10.0. With the continued focus on compromising file transfer systems, don't wait to address this flaw. Fortra's Security bulletin: https://www.fortra.com/security/advisories/product-security/fi-2025-012

9. Security Alert: Malicious ‘postmark-mcp’ npm Package Impersonating Postmark

   Postmark writes that "a malicious actor created a fake package on npm impersonating our name, built trust over 15 versions, then added a backdoor in version 1.0.16 that secretly BCC’d emails to an external server." Researchers at Koi Security have described the malicious npm package as "the world’s first sighting of a real world malicious MCP server." Koi's risk engine "flagged postmark-mcp when version 1.0.16 introduced some suspicious behavior changes." Postmark's true MCP server is published in GitHub, not npm.

   In this case I found out MCP means Model Context Protocol, not Master Control Program - I've watch Tron too many times, and it is a service for sending email via Postmark. Postmark has published the official libraries, SDK and copy of Postmark MCP so you can verify you're running legitimate copies. If you discover you're running the fake package, you should rotate any credentials sent via email as well as your Postmark server API token.

10. Battery blaze at South Korean state data center

    A fire at a government data center in Daejeon, South Korea, has disrupted the availability of hundreds of online government services, including a mobile identification system used by travelers and online postal and tax services. It took firefighters nearly 24 hours to extinguish the blaze at the National Information Resources Service (NIRS). The fire appears to have been caused by a lithium-ion battery explosion at the data center's backup power system.

    Thermal runaway, which happens when a battery short-circuits and heats uncontrollably, is a concern with newer battery systems. While larger backup power systems have added fire suppression for this scenario, UPS units typically don't.  In this case the NIRS team had moved 2/3 of the batteries and was in the process of shutting down the last set when the fire they were working to prevent occurred.  In addition to making sure that you've mitigated battery fire risks, make sure that your emergency power off is connected with your UPS system(s), rack based or otherwise, such that everything is automatically powered off in the event of a fire. Most systems in there don't react well to super heated air, flames or suppressent.

Sam Bowne

1. Google Chrome Password Manager: Automatic AI-based password changes for more security

   Google Chrome's new AI-powered password manager detects weak passwords and will soon offer the "change it for me" option on supported websites. Clicking this option initiates an automated process in which the browser (1) opens the website in the background, (2) generates a new, secure password, (3) saves the new password in the password manager and (4) automatically logs the user back in.

2. Akira ransomware breaching MFA-protected SonicWall VPN accounts

   Researchers suspect that this may be achieved through the use of previously stolen OTP seeds, although the exact method remains unconfirmed. Credentials would have potentially been harvested from devices vulnerable to CVE-2024-40766 and later used by threat actors—even if those same devices were patched.

3. Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads

   The botnet targets SOHO routers, IoT devices, and enterprise apps. Exploiting weak credentials, unsanitized inputs, and old CVEs, the campaign surged 230% in mid-2025, weaponizing compromised devices for cryptomining, DDoS, and enterprise intrusions.

4. ‘Widespread’ breach let hackers steal employee data from FEMA and CBP

   They got in via CitrixBleed2. The hack is also suspected to have later triggered the dismissal of two dozen Federal Emergency Management Agency technology employees. FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility.”

5. Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

   The location of a tag, its MAC address, and a unique ID are sent unencrypted to Tile’s servers, where the researchers believe this information is stored in cleartext, giving Tile the ability to track the location of tags and their owners, even though the company claims it does not have this capability. The researchers also found that Tile’s anti-stalking protection can be easily undermined if a stalker enables an anti-theft feature that Tile offers with its tags. Additionally, someone could falsely frame a Tile owner for stalking by recording the unencrypted broadcasts their Tile device makes and replaying these broadcasts in the vicinity of another Tile user, making it seem like the former is stalking the latter.

   The researchers reported their findings to Tile’s parent company, Life360, last November, but they say the company stopped communicating with them in February.

6. Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild

   Two CVEs together provide unauthenticated RCE as root, which was used to modify GRUB and install a firmware bootkit. All successfully compromised devices lack Secure Boot and Trust Anchor technologies, making them vulnerable.

7. Disallow: /security-research? Crypto Phishing Sites’ Failed Attempt to Block Investigators

   Censys identified over 60 cryptocurrency phishing pages impersonating popular hardware wallet brands Trezor and Ledger. Notably, the actor behind the pages attempted to block popular phishing reporting sites from indexing the pages by including endpoints of the phish reporting sites in their own robots.txt file.

8. CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

   Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability. This vulnerability could allow a local attacker to leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025, but my Debian 12's repositories are still serving version 1.9.13p3.

9. F-Droid and Google’s Developer Registration Decree

   Google's interpretation of the European Commission’s Digital Markets Act (DMA) allows them to oversee and control third-party app stores. F-Droid says this will end their project.

10. Cybersecurity AI: Humanoid Robots as Attack Vectors

    The Unitree G1 humanoid acts as a covert surveillance node, sending telemetry every 5 minutes in violation of GDPR. It can also be used for active cyber operations by exploiting vulnerabilities in Bluetooth and hardcoded AES keys.

11. Where Are my Keys?! Ransomware Group Steals AWS Keys to Advance

    Attackers use stolen AWS keys to target AWS control planes, which manage virtual resources. Traditional security tooling, such as Endpoint Detection and Response software (EDR), which you install on endpoints and servers, likely cannot detect attackers interacting with the control plane. It is necessary to ensure that telemetry from your cloud environments’ control plane is collected and monitored to identify these types of attacks.

12. First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails

    MCP essentially allows you to give Claude access to various external systems. This can be files on your computer, an API, a browser, a database, or anything else. We're giving MCP servers god-mode permissions. Tools built by people we've never met. People we have zero way to vet. And our AI assistants? We just... trust them. Completely. Postmark-mcp is downloaded 1,500 times every single week, and integrated into hundreds of developer workflows. Since version 1.0.16, it's been quietly copying every email to the developer's personal server. I'm talking password resets, invoices, internal memos, confidential documents - everything.

13. Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

    A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks. For this attack scenario, the researchers enabled Salesforce's Web-to-Lead feature. This allows external users, like conference attendees or website visitors, to submit customer lead info that integrates directly with the CRM system. The attackers put malicious AI instructions in the lead's description field, telling the Ai to exfiltrate data to a domain which was among the trusted sites, but had expired.