Read Time: 10 minutes

Brought to you by:

Howdy friends!

I’ve realized this week that as of next week I have something major or a trip every week between now and mid December. It is a nutty Q4 over here. In a good way, but I’m exhausted just thinking about it.

Also my body and soul are so ready for it to be fall. I need a 50 something degree morning and a cup of coffee badly. Give me my hoodies back please.

My house has been fighting off fevers this week and has thrown a few things out of whack, but if you haven’t yet - you’re going to want to upgrade to VulnU Premium. The next few interviews are so solid.

ICYMI

🖊️ Something I wrote: A former TOR operator is in and out of jail. His wife has been posting footage of the Marshalls coming to the house and messing with them and their dog.

🎧️ Something I heard: Watching these tech YouTubers live code locked in a house together. I love this kind of stuff. Hacker house when?

🎤 Something I said: I got to talk to Feross, founder of Socket all about what they were seeing with all this npm malware and the worm. Nobody had a better view of it than him. Great convo.

🔖 Something I read: The Arcanum AI Security Resource Hub - formerly paywalled awesomeness from Jhaddix.

Vulnerable News

As many as 2 million Cisco devices affected by actively exploited 0-day

Cisco's having a rough day with CVE-2025-20352, a 0-day that's actively being exploited in the wild. This stack overflow bug in their SNMP handling affects all supported versions of IOS and IOS XE, potentially hitting up to 2 million devices. The vulnerability can crash systems or, with the right privileges, give attackers root access - which is worse than admin access on these boxes.

The kicker here is that Shodan shows over 2 million SNMP interfaces exposed directly to the internet, which is basically asking for trouble. Attack requires a read-only community string (often defaults that admins never change) and for RCE you need higher privileges, but once you're in, you own the device completely. Cisco's pushed patches and recommends limiting SNMP access to trusted users only. Classic case of "SNMP stands for Security's Not My Problem" coming back to bite everyone. (read more)

Scaling security without scaling headcount using Intruder*

When you’re a 3 person security team responsible for a national retail chain, you have to work efficiently.

River Island’s InfoSec Officer knew they needed a solution that was effective and easy to trust. With Intruder’s unified exposure management platform, they turned do more with less into a reality:

• No more blind spots or second-guessing what’s exposed

• No more scrambles when new threats drop

• No more blockers - teams fix fast without InfoSec

• Reports so clear, the CIO cancels 1:1s

Read the Case Study.

*Sponsored

That Secret Service SIM farm story is bogus

AI vs. AI: Detecting an AI-obfuscated phishing campaign

Microsoft caught something interesting - a phishing campaign using AI-generated code to hide its malware in SVG files. The attackers got creative, using business jargon like "revenue" and "operations" to encode their malicious payload, and even included a fake business dashboard as a decoy.

I reached out to Microsoft asking how this was new and different. Obfuscation has been around a long time, and I wouldn’t say the AI generated code is sophisticated, I’d say it might be evidence of the opposite.

I got a quote back from Sherrod DeGrippo on this one: “Threat actors are now using AI to obfuscate their phishing attacks. They’re hiding malicious code inside files that look like a normal PDF. What’s interesting here is that the code was so weird and over engineered that Microsoft’s AI defenses noticed it and shut it down. This is the new reality : AI vs AI, right in your email inbox.  The threat actor hid malicious code inside a file that looked like a PDF, but was actually a scriptable image. Remember, this kind of social engineering, whether it uses AI or not, will play on your emotions, add urgency, and leverage habit to get you to do something you wouldn’t normally do.” (read more)

From Risk to Resilience, Join Elevate NYC*

Sometimes the best defense is a better view. Get into the action with live demos, hard-won lessons, and human risk management strategies you can use right away. Join Mimecast’s Elevate in NYC, Oct 22–24.

Register for FREE today.

*Sponsored

Unofficial Postmark MCP npm silently stole users' emails

This one has everything! An actual malicious MCP server in the wild, we’ve been talking hypotheticals for a while. Oh and also another malicious npm package!

The npm package was masquerading as the official Postmark MCP client. After maintaining a perfect clone through 15 versions, the attacker slipped in a single line of code in v1.0.16 that forwarded all email communications to their external domain. The package racked up 1,500 downloads during its week-long availability, potentially exposing thousands of emails containing sensitive info like 2FA codes and password resets.

This hits on a broader issue with MCP servers (if you’re unfamiliar, they’re basically APIs but used for AI assistant integrations) running with high privileges but minimal oversight. If you've been using postmark-mcp from npm, time to rip it out and rotate those creds. (read more)

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

BRICKSTORM malware guidance from Google is solid, and even comes with a free tool to scan for it. John Hultquist said he expects a ton of people to find them lingering on their network with this tool since they are finding an AVERAGE of nearly 400 days dwell time when they find it.

The actors, linked to China, are targeting legal services, SaaS providers, and tech companies - likely for both espionage and to establish pivot points for downstream victim access. The reason it's stealthy is that it targets appliances that don't support EDR tools, particularly those in VMware infrastructure.

The attackers are deploying a sophisticated toolkit including the BRICKSTORM backdoor (with SOCKS proxy capabilities), BRICKSTEAL credential stealer, and custom droppers - all while generating minimal security telemetry. They're particularly fond of compromising vCenter servers to clone VMs containing sensitive data like domain controllers and password vaults. The tooling shows active development, with new versions including delayed execution timers and improved obfuscation. Mandiant dropped a scanner tool to help hunt for compromises, but given the actors never reuse C2 domains or malware samples, detection requires focusing on TTPs rather than IOCs. (read more)

Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

Wild times we're living in. There's an app called Neon Mobile sitting at #2 in Apple's social networking charts that literally pays people to record their phone calls so it can sell the audio to AI companies. We're talking 30 cents per minute when calling other Neon users, up to $30 a day for regular calls. The app claims it only records your side of conversations to dodge wiretapping laws, but their terms of service grant them pretty much unlimited rights to do whatever they want with your voice data.

The legal wonks are rightfully freaked out about this one. Voice recordings can be used for deepfake fraud, and once that data gets sold to AI companies, there's no telling where it ends up or how it gets used. The founder Alex Kiam operates out of a New York apartment and apparently got funding from Upfront Ventures. What's really mind-boggling is that people are actually using this thing - it jumped from #476 to #2 in just a few days. Us security/privacy people really are in a bubble compared to genpop who would do this for a few bucks. (read more)

Alleged Scattered Spider member turns self in to Las Vegas police

Another Scattered Spider member is in custody - this time a juvenile who turned themselves in to Las Vegas police for their role in the MGM and Caesars casino attacks from last fall. The suspect is facing multiple charges including extortion and computer crimes, with prosecutors pushing to try them as an adult. The MGM attack alone caused $100M in damages and compromised millions of customer and employee records. Prosecutors think he's sitting on $1.8M in Bitcoin they haven't been able to locate yet.

(as I was writing this, I read they were released to their parents and not allowed to touch the Internet or leave CLark County.)

This arrest follows a string of recent law enforcement wins against the group, including last week's arrest of a UK national tied to 120+ Scattered Spider attacks and another 17-year-old nabbed in the UK for the MGM incident. The group hasn't slowed down though - they've since hit airlines, insurance companies, retailers, and most recently Jaguar Land Rover. But the steady stream of arrests shows the heat is definitely on. (read more)

PyPI urges users to reset credentials after new phishing attacks

Ayyyyy its not npm! Now we have PyPi dealing with a phishing campaign. This time using pypi-mirror[.]org to trick Python devs into "verifying" their accounts. The Python Software Foundation is warning that threat actors are sending emails threatening account suspension to steal credentials. This follows a similar campaign from July that used pypj[.]org, suggesting an ongoing pattern targeting the Python package ecosystem. (read more)

Inside the Jaguar Land Rover hack: stalled smart factories, outsourced cybersecurity and supply chain woes

JLR's been completely knocked offline for three weeks now after a cyber attack hit in late August, and they still can't get their factories back up and running. The hack shut down production across the UK, Slovakia, Brazil and India - turns out their "smart factory where everything is connected" philosophy became their biggest weakness when they couldn't isolate any systems to contain the breach. They'd outsourced their cybersecurity to Tata Consultancy Services under an £800m deal, and TCS has some interesting connections to other recent UK hacks at M&S and Co-op.

The fallout's getting messy though. JLR's burning through potentially £900m in cash this month alone. Their supply chain is a different story. With over 700 suppliers making 30,000 parts for each luxury car, some smaller companies are facing existential threats. There's chatter about Scattered Spider being behind this one, and someone on Telegram was posting screenshots of JLR's internal systems before the channel got nuked. Government's in daily contact but so far no bailout - just watching to see which suppliers might collapse and delay the eventual restart even further. (read more)

CISA says hackers breached federal agency using GeoServer exploit

CISA just dropped details on a federal agency breach that's a textbook case of why you don't sleep on patches. Attackers exploited CVE-2024-36401, a critical RCE bug in GeoServer that was patched back in June. Attacks started July 9th, just weeks after proof-of-concept exploits hit the internet, and the bad guys were inside a federal agency by July 11th. They stayed quiet for three weeks, moving laterally and dropping web shells like China Chopper before an EDR tool finally caught them. (read more)

Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware

Who said Macs can’t get malware?! This infostealer campaign is using fake GitHub repos to impersonate legitimate software downloads. The attackers are gaming SEO to get their malicious sites to show up at the top of search results for popular software like LastPass, 1Password, trading apps, and tons of other legit companies. When victims click through, they get redirected through a chain of sites that eventually trick them into running a terminal command that downloads the Atomic stealer malware.

The scope of this thing is massive, click the blog to see the list. Kudos to LastPass intel and thanks for dropping a list of IOCs that includes fake repos for over 100 different companies, from password managers to trading platforms to productivity tools.

The attack chain is pretty slick: fake GitHub page → secondary redirect site → base64 encoded download command → Atomic stealer payload. LastPass got their impersonating repos taken down quickly, but this looks like a whack-a-mole situation where new ones keep popping up. Hope Google and GitHub can help nuke the SEO malvertising and hosting parts here. (read more)

UK police arrest man over hack that affected European airports

That was fast. I didn’t even get to talk in the newsletter since last week about this since it happened last weekend. But ransomware hit Collins Aerospace and made all the major EU airports slow to a crawl with their check in systems down. I heard reports of them handwriting boarding passes. Reminds me of the time they had to break out those manual credit card carbon paper machines at DEFCON.

British police nabbed a guy in his 40s over the ransomware attack. The suspect got released on conditional bail, and the NCA's keeping details close to their chest since the investigation is still fresh.

What's interesting is that no ransomware group has stepped up to claim this one yet, which is pretty unusual since these crews typically love bragging about their hits on dark web leak sites. Berlin airport's warning it could be several more days before they get their systems properly sorted, which is never what you want to hear when planning travel. (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay