- Vulnerable U
- Posts
- 🎓️ Vulnerable U | #128
🎓️ Vulnerable U | #128
Tons of blackhat research coming out, Microsoft Exchange major vulnerability, DaVita data breach, Federal court filing system breach, and much more!
Matt Johansen
August 08, 2025
Read Time: 8 minutes
Hey all -
I’m in Vegas right now at BlackHat/DEFCON - I’m very tired as I’ve been booked with events from 7am till late at night all week. But, the show must go on!
A conversation I had today that I think you’d all laugh at: Do you want to know what hacking in the 90s felt like? Go hack AI stuff - it’s all so vulnerable it’s never been easy to find bugs.
I ran my first Vulnerable U meetup today at Blackhat so thank you all who came down to that and said hi. It means so much to me.
Upgrade to Vulnerable U Premium
If this newsletter saves you time or sharpens your briefings, consider going paid. Your support keeps this work independent and focused on practitioner-first reporting.
Become a Premium member → Here
Thank you to those who have upgraded already. Paid members make this possible. We’ll be launching the premium content soon and your support means the world to me and my team.
ICYMI
🖊️ Something I wrote: “With bootstrapping you need to be careful to not be timid when it’s time to be bold” - Haroon Meer
🎧️ Something I heard: Theo’s video on GPT-5 - So I've had gpt-5 for a bit now...
🎤 Something I said: Google Gemini CLI’s first Zero Day
🔖 Something I read: My plane book - Mistborn: Alloy of Law
Vulnerable News
Microsoft is warning about a nasty Exchange vulnerability that's got CISA pretty worried. CVE-2025-53786 hits hybrid Exchange deployments where you've got on-prem servers talking to Exchange Online. They share the same service principal, so if an attacker gets admin access to your on-prem box, they can potentially escalate privileges in your cloud environment without leaving much of a trail. CISA's calling this a potential "total domain compromise" scenario.
The good news is Microsoft hasn't seen it exploited in the wild yet, but they've tagged it as "Exploitation More Likely" because someone could probably write reliable exploit code. There are mitigation steps available - hotfixes, configuration changes, and some cleanup work if you're running or used to run hybrid setups. (read more)
Super cool BlackHat talk about North Korean IT workers, and honestly, it's wild how organized these guys are. They obtained gigabytes of internal data showing spreadsheets that would make any project manager cry tears of joy - detailed tracking of job applications, budgets, equipment inventories, and earnings across 12 different groups. Workers pulling in $250-600 million annually for Kim Jong Un's weapons programs, all while meticulously logging every laptop serial number and monitor models.
Despite being under constant surveillance and forced to work 14+ hour days, there's still some humanity in there. The leaked Slack channels show them celebrating birthdays, planning volleyball tournaments, and playing Counter-Strike between scam sessions. They're using Google, GitHub, and Slack like any other remote workers, just with fake identities and a side of weapons funding. (read more)
Researchers at Zenity just showed off some nasty prompt injection attacks against major enterprise AI assistants at BlackHat. They managed to hijack ChatGPT (via Google Drive integration), Copilot Studio, Cursor, Gemini, and Salesforce Einstein using specially crafted instructions hidden in files, tickets, or cases. The scariest example was getting ChatGPT to automatically search a victim's Google Drive for API keys and exfiltrate them just by sharing a malicious file - no user interaction required beyond the initial processing request.
The attacks get creative depending on the platform. With Copilot Studio, they could grab entire CRMs from customer service bots. Cursor users got owned through malicious Jira tickets that harvested credentials. Salesforce Einstein could be tricked into rerouting all customer emails through attacker-controlled servers. While ChatGPT and Copilot Studio got patched, some vendors initially marked the others as "won't fix" - though Google and Salesforce have since provided updates claiming they've addressed the issues. (read more)
Researchers at BlackHat with some good nightmare fuel for enterprise security teams. They found 14 zero-day vulnerabilities across HashiCorp Vault and CyberArk Conjur - the secret management platforms that literally hold all the keys to the kingdom. Systems that store every password, API key, and certificate an organization has. The Conjur bugs could be chained together for unauthenticated remote code execution, while the Vault issues allowed everything from auth bypass to privilege escalation.
Some of these vulnerabilities had been sitting there for years. Imagine explaining to your board that an attacker just ransomwared your entire vault and now holds every secret in your organization hostage. Both vendors have patched their respective issues, so if you're running either platform, time to hit that update button. The researchers from Cyata make a interesting point though - maybe it's time to start thinking beyond static secrets entirely and move toward behavior-based authorization models. (read more)
Socket's threat research team found a particularly nasty supply chain attack targeting WhatsApp developers. Two npm packages (naya-flore and nvlore-hsc) are masquerading as legitimate WhatsApp socket libraries but pack a remote-controlled kill switch. They fetch a phone number whitelist from GitHub, and if your number isn't on the approved list, they execute rm -rf * and nuke your entire directory. Over 1,100 downloads in a month before getting caught.
The attack is beautifully disguised - it's embedded right in the requestPairingCode function that developers would naturally call during WhatsApp bot setup. The function appears to work normally, returns the expected pairing code, then quietly destroys your system if you're not on the whitelist. There's also dormant data exfiltration code ready to activate and a hardcoded GitHub token thrown in for good measure. The packages are published by user "nayflore" and primarily target Indonesian developers based on the whitelisted numbers, but anyone building WhatsApp integrations should audit their dependencies. (read more)
More awesome BlackHat content - researchers hijacked Google's Gemini AI to mess with smart homes. They slipped invisible prompt injections into Google Calendar invites - nothing fancy, just hidden text in English that anyone could write. When someone asked Gemini to summarize their upcoming week, boom - the AI started turning off lights, closing smart shutters, and even controlling connected boilers. The whole thing started with a poisoned calendar invitation, which is both clever and terrifying.
This is part of a bigger collection of 14 different prompt injection attacks the team found against Gemini. What makes this particularly concerning isn't just the smart home takeover - it's the glimpse into a future where AI is integrated into cars, robots, and other physical systems. Google got a heads up on these vulnerabilities earlier this year and says they're taking it "extremely seriously," though there's no evidence of real-world exploitation yet. (read more)
Love to see Men in Women dominated fields…
So there's this new app called TeaOnHer that's basically the male revenge version of Tea (that women's safety app for rating dates). Predictably, it's a dumpster fire on multiple levels. TechCrunch found that the app is leaking users' personal data including driver's licenses and selfies through publicly accessible web links. They've also got the app creator's admin credentials sitting there in plaintext for anyone to stumble across.
The app's sitting at #2 in iOS Lifestyle apps with about 53,000 users, which makes this exposure pretty significant. Beyond the security mess, the content itself is exactly what you'd expect - revenge posts with questionable consent and some pretty nasty commentary. It's like watching someone learn absolutely nothing from Tea's recent database breach that exposed 72,000+ images. The creator, Xavier Lampkin, hasn't responded to TechCrunch's attempts to report the vulnerabilities, so they're going public with limited details to warn users. (read more)
Firefox users got hit hard by a crypto-draining campaign called "GreedyBear" that managed to slip 150 malicious extensions into Mozilla’s extension marketplace. The scammers were clever about it - they'd upload clean extensions impersonating popular wallets like MetaMask and TronLink, rack up fake reviews, then later swap in malicious code that keylogged wallet credentials. Estimates say they drained about $1M from victims before getting shut down.
The attackers weren't just hitting Firefox - they also ran dozens of Russian-speaking piracy sites pushing 500 different malware payloads, plus fake wallet sites all tied to the same C2 server. The code shows clear signs of AI generation, which might be how they scaled so quickly. (read more)
The federal court filing system got absolutely hammered in what sounds like a pretty serious breach. The CM/ECF and PACER systems that handle court documents nationwide were compromised, exposing confidential informant identities and other sensitive case information across multiple states. The Administrative Office of U.S. Courts figured out how bad things were around July 4th, and they're still trying to assess the full damage. They think its nation state work, but so far unsure.
These systems handle sealed indictments, arrest warrants, and witness information - exactly the kind of stuff that could get people killed or help suspects evade capture. The court officials have been pretty tight-lipped, but chief judges in the 8th Circuit got briefed on it last week. Experts have been warning for years that these systems are "outdated, unsustainable due to cyber risks, and require replacement." (read more)
Looks like Perplexity AI is playing fast and loose with basic internet etiquette. Cloudflare just called them out for using stealth bots to crawl websites that explicitly told them to buzz off via robots.txt files. When sites block Perplexity's declared crawlers, the company allegedly switches to undisclosed bots that rotate through different IP addresses and networks to keep scraping content. Tens of thousands of domains and millions of requests per day.
Publishers like Forbes and Wired have already been griping about Perplexity's content practices, with Reddit's CEO calling it "a real pain in the ass" to block them. Cloudflare's response is to de-list Perplexity as a verified bot and added rules to block this stealth crawling. Perplexity's staying quiet on the whole thing, which probably tells you everything you need to know about their stance on respecting website owners' wishes. (read more)
DaVita, one of the largest kidney care providers in the US, just disclosed a ransomware attack that compromised sensitive data of over 1 million patients. While the details are still emerging, this breach is particularly concerning given the healthcare industry's massive footprint and the sensitive nature of kidney care data. We've seen several major healthcare breaches lately, including CommonSpirit and Shields Health, suggesting ransomware groups might be specifically targeting healthcare orgs for maximum impact. (read more)
Miscellaneous mattjay
those clickbaits are getting ridiculous
— goosewin (@dan_goosewin)
6:10 PM • Aug 3, 2025
How'd I do this edition?It's hard doing this in a vacuum. Screaming into a void. Feedback is incredibly valuable to make sure I'm making a newsletter you love getting every week. |
Parting Thoughts:
Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.
Stay safe, Matt Johansen
@mattjay