Read Time: 8 minutes

Brought to you by:

Howdy friends!

Did a bunch of planning this week for end of year. I’ll be speaking at CyberMarketingCon in December, and throwing a Vulnerable U party after the con. If you’re in town for it, let me know and I’ll get you the info and registration link.

Some of the smartest people I know are messing with Claude Skills and Plugins this week, I haven’t gotten to get my hands on it but I feel like it is a major unlock from talking to a few people. Seems like it can really level up some of you who are Claude Code users. Let me know if you’re ahead of the curve here and what you’ve seen with it all. I’ll get my hands on it eventually and share what I see.

ICYMI

🖊️ Something I wrote: I tried Vibe Hunting (AI Assisted Threat Hunting)*

🎧️ Something I heard: PewDiePie Says STOP. Using AI

🎤 Something I said: These AI browsers are out of control

🔖 Something I read: Backyard APT: A Raccoon Story

*Sponsor

Vulnerable News

CHAT CONTROL 2.0 THROUGH THE BACK DOOR – Breyer warns: “The EU is playing us for fools – now they’re scanning our texts and banning teens!”

The EU just can’t stop trying to read all of our information. The war against privacy and encryption just keeps going. After several countries including Germany and the Netherlands shot down the original mass surveillance proposal, Brussels is apparently trying to sneak it back through with some creative rewording. The new version drops explicit scanning requirements but introduces a lovely loophole where providers must take "all appropriate risk mitigation measures" - which could still force WhatsApp and others to scan everything, including encrypted messages.

<billy mays voice> But wait, there's more! The updated proposal goes beyond just scanning photos and videos - now they want AI algorithms scanning your actual text messages for "suspicious keywords." Breyer's pointing out the obvious: no AI can tell the difference between flirting and grooming, so expect a flood of false positives and innocent people getting flagged. Oh, and as a bonus, they're throwing in mandatory age verification (goodbye anonymous communication) and banning anyone under 16 from pretty much every platform with chat features. The Danish Council Presidency is apparently trying to ram this through in a closed-door meeting, so if you're in the EU, might be time to bug your representatives. (read more)

When AI codes, who’s guarding the vibe?*

AI can spin up code in seconds, but speed means nothing if it isn’t secure. A new Legit Security study shows 73% of security pros agree: protecting AI-generated code and vibe coding is mission-critical.

Introducing VibeGuard, the industry’s first solution built to secure AI’s creations from the very first line. Legit’s VibeGuard Resource Hub has the goods—data sheets, videos, and more—so you can see what AppSec looks like when AI does the typing.

*Sponsored

Congressional Budget Office Hacked - Considered an “active threat”

Operation Endgame: Police reveal takedowns of three key cybercrime tools

Operation Endgame just wrapped up another big win against cybercriminals, taking down three major tools that were wreaking havoc. This latest phase targeted the Rhadamanthys infostealer, VenomRAT remote access trojan, and Elysium botnet - hitting infrastructure that had infected hundreds of thousands of computers and stolen millions of credentials. The international coalition of 11 countries managed to arrest the main suspect behind VenomRAT in Greece and raided 11 locations while seizing over 1,000 servers globally.

The scope of this thing is pretty wild - they found the main suspect had access to over 100,000 crypto wallets potentially worth millions of euros, plus 2 million compromised email addresses and 7.4 million stolen passwords. If you're wondering whether you got caught up in this mess, you can check your email on haveibeenpwned.com or politie.nl/checkyourhack. Law enforcement even put up those classic seizure banners on the criminals' websites and are asking for tips to track down more players in the operation. (read more)

Disrupting the first reported AI-orchestrated cyber espionage campaign

Super late addition to the newsletter. I had already scheduled this to go out and spotted this and couldn’t leave it out. Anthropic put out a very transparent report about a cyberattack they caught using their Claude platform.

They’re saying this is the first AI-orchestrated cyber-espionage campaign, run by a Chinese state-sponsored group they’re calling GTG-1002 (great. another naming convention). The actor used Claude Code plus Model Context Protocol (MCP) tools as an autonomous attack framework: Claude handled 80–90% of the grunt work like recon, vuln discovery, exploit dev, lateral movement, and data triage. Did all that across ~30 targets, including major tech firms and government agencies, while humans mostly sat in a supervisory role approving key escalation steps.

The report is super interesting for two reasons: first, this is the first documented agentic AI intrusion where the model didn’t just advise but actually ran large chunks of the operation, at speeds humans can’t match. Second, it shows both the power and the limits of current systems, such as when Claude sometimes hallucinates “wins” like bogus creds, forcing operators to validate everything.

Guess what Anthropic says is the best solution to this? Defenders should be using Claude too of course! - Ok kind of tongue in cheek, but kudos on the transparency and they obviously say they stepped up their guardrails and defenses for this kind of thing.

Just wild that we keep reading “This crazy dangerous thing happened using our model!” from the makers of the models. (read more)

Thousands of Domains Target Hotel Guests in Massive Phishing Campaign

Russian cybercriminals are running a massive travel phishing scam that's impressively thorough and depressingly effective. They've registered over 4,300 domains since the start of the year, all designed to trick travelers into handing over credit card info for fake hotel reservations. The operation uses a phishing kit that customizes pages based on unique URL parameters - so the same malicious site can impersonate Airbnb, Booking.com, or specific luxury hotels depending on how you got there. They even translated everything into 43 languages and built fake chat support that pops up to guide victims through the scam.

What's particularly clever (and scary) is how they validate the stolen card data in real-time and attempt to immediately process charges while victims are still on the page. The domains follow predictable patterns with words like "cardverify," "guestcheck," and "confirmation" mixed with actual hotel names. On March 20 alone, they registered 511 new domains in a single day. (read more)

When GPTs Call Home: Exploiting SSRF in ChatGPT’s Custom Actions

Nice find here from bug hunter Jacob Krut who turned his "hacker spidey sense" into a solid SSRF bug in ChatGPT's Custom Actions feature. While building a custom GPT, he realized the Actions feature lets you define external APIs for the bot to call - and that immediately screamed SSRF potential. The vulnerability was in how the system handled user-provided URLs for external API interactions - basically no proper validation meant you could craft requests to internal Azure services. Krut managed to query the Azure Instance Metadata Service and grab access tokens that could theoretically give you a foothold into OpenAI's cloud setup. (read more)

ICS phishing: Stopping a surge of malicious calendar attacks*

A surge of ICS-based phishing attacks is exploiting Microsoft 365 and Google Workspace calendar behavior to bypass traditional defenses. We break down real-world samples, attacker tactics, and how Sublime now auto-removes malicious calendar events to prevent hidden compromise paths. (read more)

*Sponsored

Google Sues to Disrupt Chinese SMS Phishing Triad

Good one from Krebs as usual. Google just filed a RICO lawsuit against a Chinese phishing operation called "Lighthouse" that's been absolutely crushing it in the scam game. I’m sure you’ve gotten the fake toll texts. This is the crew. Their phishing setup has got a whole enterprise going with over 300 staff worldwide, complete with developer teams, spammers, data brokers, and cash-out crews. They get victims to enter payment info, then trick them into providing one-time codes that let the scammers add those cards to mobile wallets they control.

They're now spinning up fake e-commerce sites and advertising them through Google Ads (paid for with stolen cards, naturally). Most of these operations are hosted on just two Chinese providers - Tencent and Alibaba - which could be leverage points for future disruption. The lawsuit might temporarily scatter the Lighthouse crew, but with tens of thousands of Chinese-speaking actors in this space and the money being too good, they'll probably just rebrand and keep rolling. (read more)

Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover

The extension store malware continues. Socket caught a nasty Chrome extension called "Safery: Ethereum Wallet" that just steals your crypto. Instead of the usual phone-home approach, this thing encodes your seed phrase into fake Sui addresses and then sends tiny microtransactions to those addresses from a hardcoded threat actor wallet. To anyone watching the blockchain, it just looks like normal tiny transactions, but the recipient addresses actually contain your entire mnemonic encoded as hex.

Aaaaand wouldn’t you guess it? This extension is sitting pretty at #4 in Chrome Web Store search results for "Ethereum Wallet," right next to legit options like MetaMask. It does everything a normal wallet should do - creates accounts, shows balances, sends ETH - so users have no idea their seed phrase just got beamed out via the Sui blockchain every time they import a wallet. Socket's trying to get Google to pull it down, but the technique is clever enough that we'll probably see copycats across other chains soon. (read more)

CISA warns of WatchGuard firewall flaw exploited in attacks

I guess KEV is still getting some funding for now, just got an alert that the WatchGuard Firebox vulnerability (CVE-2025-9242) is getting hammered in the wild. It’s a critical RCE flaw affects firewalls running Fireware OS versions 11.x through 2025.1, and while WatchGuard patched it back in September, they didn't flag it as actively exploited until late October. Federal agencies have until December 3rd to get their act together and patch up.

Shadowserver was tracking over 75,000 vulnerable Firebox appliances worldwide, though that's dropped to around 54,000 as folks slowly patch. Most of the vulnerable boxes are sitting in Europe and North America. This is becoming a familiar pattern with firewall vulns - remember the Akira gang going after SonicWall devices, or that previous WatchGuard bug CISA had to order agencies to patch back in 2022? These network edge devices are basically catnip for threat actors, so don't sleep on this one. (read more)

Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon

Amazon's honeypot network caught something interesting - a threat actor was actively exploiting two critical vulnerabilities as zero-days weeks before patches dropped. CitrixBleed 2 (CVE-2025-5777) hitting NetScaler ADC/Gateway systems and a perfect 10.0 CVSS Cisco ISE bug (CVE-2025-20337) that allows unauthenticated remote code execution with root privileges. Both nasty bugs, both being actively exploited in the wild before anyone knew they existed.

Amazon's analysis suggests this was the work of a highly resourced group with either serious vulnerability research chops or access to non-public vulnerability intelligence. They're not touching attribution, but given the technical sophistication and zero-day access, this screams nation-state level capabilities. (read more)

British government unveils long-awaited landmark cybersecurity bill

The long-awaited UK Cyber Security and Resilience Bill is out after four years of development hell and multiple delays. This thing was supposedly "ready" back in 2022 under Rishi Sunak but never actually made it to Parliament. Now it's here, aiming to beef up cybersecurity standards across critical infrastructure - energy, transport, healthcare, water, and a bunch of digital providers that weren't covered before.

The numbers are pretty crazy: cyberattacks are costing the UK economy £14.7 billion annually (about 0.5% of GDP), while implementing this new law will only cost businesses around £590 million. They're also expanding the net to catch supply chain companies and managed service providers - think SolarWinds-style attacks where one compromised vendor can wreck thousands of customers. The new incident reporting requirements are tighter too: 24-hour reporting for significant incidents, full report within 72 hours. Enforcement doesn't kick in until 2027, so there's plenty of time for more delays if history repeats itself. (read more)

Russia imposes 24-hour mobile internet blackout for travelers returning home

Russia's rolling out some pretty wild mobile internet restrictions, claiming they need to stop Ukrainian drones from using Russian SIM cards for navigation. Now when you return to Russia from abroad, your mobile internet gets cut for 24 hours until you prove you're human with a captcha or phone call. Border regions are getting hit especially hard since phones automatically hop onto foreign networks. The whole thing started after they already imposed similar blackouts for people entering with foreign SIM cards.

The Kremlin's also pushing to give the FSB direct shutdown powers over telecoms, and some regions like Ulyanovsk are keeping restrictions in place until the war ends. Digital rights groups are calling BS, pointing out that most military drones don't actually need mobile internet to function. Government services and major Russian platforms like Yandex stay online during these blackouts, which makes the whole "drone defense" story feel more like theater than actual security measures. (read more)

From Google: Private AI Compute: our next step in building private and helpful AI

This is honestly huge and I didn’t see it coming. Google's rolling out Private AI Compute, which is their attempt to have their cake and eat it too - getting the power of cloud-based Gemini models while claiming your data stays private. The pitch is that they've built these "Titanium Intelligence Enclaves" running on their custom TPUs that create a sealed environment where supposedly not even Google can peek at your data. It's launching first on Pixel 10 phones to power features like better Magic Cue suggestions and multi-language transcription summaries.

The technical approach is interesting - they're using remote attestation and encryption to create what they call a "trusted boundary" between your device and their cloud infrastructure. But let's be real, this is Google we're talking about, and "trust us, we can't see your data" is a pretty big ask when their entire business model revolves around data collection. The proof will be in independent security audits and whether this actually delivers meaningfully better AI experiences without the privacy trade-offs. For now, it's a clever marketing play to address growing privacy concerns while keeping users hooked on cloud-powered AI features. (read more)

Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’

Australia's spy chief Mike Burgess is calling out authoritarian regimes - specifically naming China's Salt Typhoon and Volt Typhoon groups - for positioning themselves to conduct "high-impact sabotage" against critical infrastructure. He specifically was talking about how we’re not just looking at data theft anymore. These groups are pre-positioning in telecom networks, power grids, and water systems with the intent to cause actual physical disruption when the time comes.

Burgess really hammered home the business side of this too, telling corporate boards they can't "PowerPoint their way out of this risk." He pointed to recent telecom outages in Australia that contributed to three deaths as a taste of what nation-state sabotage could look like. His message to executives was blunt - if you know the risks and vulnerabilities exist, there's no excuse for not addressing them. The threat actors have moved from "steal and meddle" to being willing to "pull the trigger on higher-harm activities," calling for the days of treating cybersecurity as an IT problem are officially over. (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay