Tech Segment: MITM Automation + Security News – Josh Bressers – PSW #904

Paul Asadoorian

1. The Handheld Linux Platform Kit Is “Capable of Practically Anything,” Its Creators Promise
2. Linux Process Injection via Seccomp Notify
3. Linux adds PCIe encryption to help secure cloud servers
4. Critical Vulnerabilities in RUT22GW Industrial LTE Cellular Routers
5. p-e-w/heretic: Fully automatic censorship removal for language models
6. Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ – Krebs on Security
7. Stop Betting on the “Future”: Why Your Architecture Needs an Undo Button
8. PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
9. Hacking the Meatmeet BBQ Probe

   *"insecure BLE functionality in the Meatmeet BBQ Probe to control and compromise the device. It walks through BLE command abuse, unauthenticated OTA updates, and a custom “BLE BBQ botnet” firmware." - While not practical (though the botnet idea is promising), this checks some boxes for me when it comes to the common mistake made with IoT products:

   • BLE - When not implemented correctly, which is most of the time, leaves devices vulnerable to attacks. So common that Apple iPhones still have issues with the "AppleJuice" attacks.
   • MQTT - Anytime you see this, it will be vulnerable
   • OTA updates - Two things I am seeing that are very common: 1) The update protocol is insecure (e.g. HTTPS without actually checking certificates or just using HTTP) and 2) No firmware/software signature verification
10. Is Your Android TV Streaming Box Part of a Botnet? – Krebs on Security

    Something we missed on this article from last week: *"Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network." - Essentially the Chinese are distributing Android TV boxes and putting proxy servers on them, then charging access to a large botnet of TV boxes that are being used to commit fraud, crime, and, get this, used by AI agents to scrape websites because its harder to block and prevent thousands of residential IP addresses. Go figure.

11. LOLPROX – Living off the Hypervisor

    "LOLPROX is a Proxmox “living off the hypervisor” technique set that shows how an attacker with Proxmox host access can quietly pivot into guest VMs, move laterally, and persist by abusing completely legitimate Proxmox and QEMU features rather than dropping obvious malware or using noisy exploits." - Time to make sure we are hardening our Proxmox instances. Now I really need to create a Proxmox environment, though I think I may jump straight to Ludus. Defensive recommendations are here: https://blog.zsec.uk/lolprox-defend/ - If you use Proxmox you must read both of these articles and take some actions.

12. Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down again

    "The author describes React2Shell (CVE‑2025‑55182 and related issues in React Server Components/Next.js) as a real, unauthenticated RCE bug that can and is being exploited, but emphasizes it is only reachable in relatively specific server‑side configurations rather than every React front‑end on the internet. The piece criticizes media, vendors, and some practitioners for treating it like a universal “Log4Shell 2.0” event, which leads to panic, misstatements about scope, and rushed changes that break applications or generate noise instead of risk‑driven response." - Eh, I still think this is a big deal. I'd be curious to know just how many vulnerable targets are out there today, I think it may be "a lot". There are about 205 Github repositories dedicated to this vulnerability, some are scripts that check for the vulnerability, others are exploits. Meaning, there is plenty of weaponization happening.

13. Intellexa’s Prolific Zero-Day Exploits Continue

    "Over the past several years, Intellexa has solidified its position as one of, if not the most, prolific spyware vendors exploiting zero-day vulnerabilities against mobile browsers. Despite the consistent efforts of security researchers and platform vendors to identify and patch these flaws, Intellexa repeatedly demonstrates an ability to procure or develop new zero-day exploits, quickly adapting and continuing operations for their customers." - This is a great reason to keep your phone up-to-date, though 0-day is heavily used your only other option is lockdown mode, if that even helps you here?

    • Intellexa's primary product is the "Predator" spyware, which can infect mobile devices through "zero-click" and "one-click" attacks to access sensitive data like location, messages, photos, and microphone records. It is often compared to the NSO Group's Pegasus spyware.
    • The Intellexa Consortium operates as a complex, decentralized web of companies based in various countries, including Greece, Ireland, North Macedonia, and Hungary. This structure helps them evade regulation and oversight.
    • The consortium was founded by Tal Jonathan Dilian, a former Israeli military intelligence officer who has been personally sanctioned by the U.S. Department of the Treasury. Clients and Targets Intellexa has marketed its products to state-sponsored actors and governments, including some with poor human rights records. Past targets have been found in countries like Egypt, Greece, and Pakistan.
    • Sanctions and Controversy: The U.S. government has actively targeted Intellexa with sanctions since 2023, adding key entities and individuals to the Department of Commerce's Entity List and the Treasury's Specially Designated Nationals (SDN) list. Despite this, recent reports suggest the company continues to operate and use new zero-day vulnerabilities to keep its spyware effective.
14. Critical Advisory: Remote Code Execution in Next.js (CVE-2025-66478) with Working Exploit

    Nuclei templates for detecting this.

15. Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation

    Just a thought: If vendors are making a big deal about the results they can be downplayed by those that did not participate. For example, some vendors dropped out of the MITRE ATT&CK evaluations. For those that did participate they could say "Look at how great we are!". However, the ones that did not participate can say "They only did great because we didn't participate". Tin foil hat thinking out loud here, but I am speculating this is why some vendors will not participate, just to unfold some marketing schemes.

16. Amber The Programming Language

    This is a language that compiles to Bash scripts. Kinda weird, but also kinda cool. In the end though if its still Bash, you're just adding another layer. Someone said "If your Bash script is more than 50 lines long you should write it in a real language". I'm on board with this even though I just presented a 660 line bash script. But hey, it works!

17. Shelf Life Extended: Hacking E-Waste Tags Into Conference Badges

    Sick badge concept: "a hardware hacking project that repurposes discarded electronic shelf labels into customizable conference badges for the Phreaknic 26 event. It also previews plans to build on this approach for next year’s badge with more advanced features. The project takes e‑waste digital price tags whose non‑replaceable batteries are dead and turns them into inexpensive name badges for a hacker conference. The hacker behind the badge sourced about 100 ZBD 55c-RB labels cheaply on eBay and salvaged the displays and driver PCBs from their plastic housings. The original batteries were removed cleanly, leaving a reusable display plus controller board. Programming pads on the PCB happened to match the spacing of a DE9 connector, so pogo pins in a serial shell were used as a quick programming jig, first driven by a TI CC Debugger and later upgraded to use an ESP32 for hostless firmware flashing."

18. CVE-2025-13654: Stack Buffer Overflow in Duc via Integer Underflow

    'This vulnerability is a stack-based buffer overflow in Duc’s libduc library caused by an unsigned integer underflow in a bounds check. It enables out-of-bounds stack reads that can lead to denial of service and potential information disclosure." - What's also interesting here is that this was reported via CERT (though unsigned integer underflow is also interesting). Rather than reach out to the team of 22 open-source developers who work on this utlitity, the researcher reached out to CERT, who then contacted the project and a VINCE was filed. This is working as intended and should be a path for security researchers who are not a CNA or do not work for a CNA and cannot issue your own CVEs. It also has the characteristic of the downstream affect, and I believe the VINCE should track the Linux distros and whether or not they are affected and have or have not patched.

Sam Bowne

1. Block all AI browsers for the foreseeable future: Gartner

   Lazy users could have agents complete mandatory infosec training, and browsers might be tricked into visiting phishing websites. Credentials and data could be compromised. AI browsers are just too dangerous to use without first conducting risk assessments--you’ll end up with a long list of prohibited use cases, and the job of monitoring an AI browser fleet to enforce the resulting policies.

2. Google Chrome adds new security layer for Gemini AI agentic browsing

   User Alignment Critic is a separate LLM model isolated from untrusted content that acts as a "high-trust system component." There are other security features, and bounty payments of up to $20,000 for anyone who can break the new system.

3. Microsoft has a problem: nobody wants to buy or use its shoddy AI products — as Google’s AI growth begins to outpace Copilot products

   Microsoft has cut forecasts and sales goals for its Azure AI products across the board, owing to a complete lack of demand. Microsoft Copilot's backend partner OpenAI issued a "code red" situation. ChatGPT has fallen behind Google Gemini in problem solving, and Nano Banana image generation has outpaced OpenAI's own DALLE by leaps and bounds. OpenAI is still the clear market leader in search, but there are serious questions about its business model and dangerous levels of debt. Research shows that agentic AI tools require human intervention at a frequency ratio that makes them cost ineffective.

4. Home Office kept police facial recognition flaws to itself, UK data watchdog fumes

   The algorithm was best at identifying Asian subjects, with a 98 percent success rate. White subjects were correctly identified 91 percent of the time, and Black subjects in 87 percent of cases.

5. Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

   Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, among others. Of these, 24 have been assigned CVE identifiers.

6. Ex-teen hackers warn parents are clueless as children steal ‘millions’

   Children as young as seven are being referred to Britain's national cybercrime intervention programme. Former hackers jailed for stealing millions warn parents it's easier than ever for children to fall down the rabbit hole – and the first step is often gaming.

7. Russian police bust bank-account hacking gang that used NFCGate-based malware

   The malicious mobile application was distributed through WhatsApp and Telegram and disguised as software from legitimate banks. Victims were first contacted by phone and persuaded to install a fraudulent banking app. During the fake “authorization” process, they were instructed to hold their bank card to the back of their smartphone and enter their PIN — a step that allowed attackers to harvest card credentials and withdraw funds from ATMs anywhere in the country without the cardholder’s involvement.

8. ‘Atoms for Algorithms:’ The Trump Administration’s Top Nuclear Scientists Think AI Can Replace Humans in Power Plants

   A presentation at the International Atomic Energy Agency unveiled Big Tech’s vision of an AI and nuclear fueled future. He described a world where nuclear powered AI designs, builds, and even runs the nuclear power plants they’ll need to sustain them. But experts find these claims, made by one of the top nuclear scientists working for the Trump administration, to be concerning and potentially dangerous. “I’m worried about potential serious accidents, which could be caused by small mistakes made by AI systems that cascade. Or humans losing the know-how and safety culture to act as required.”

9. UK intelligence warns AI ‘prompt injection’ attacks might never go away

   The issue is fundamental to how large language models work by treating text as a sequence of tokens to predict, making them susceptible to confusing user content for a command. There's no known way to mitigate prompt injection, which makes it worse than SQL injection.

10. CISA: Mobile Communications Best Practice Guidance

    The usual stuff, including "use encryption and 2FA", "update software", etc., plus "Don't use a personal VPN--it increases your attack surface."