rulesbot@community.emergingthreats.net
//
References:
community.emergingthreats.net
Emerging Threats has released a significant ruleset update, v10950, aimed at bolstering network security and threat detection. The update includes 73 new open rules and 136 new pro rules, totaling 209 enhancements to the existing security framework. These rules are designed to address a wide spectrum of threats, ranging from general malware to web application-specific vulnerabilities and hunting activities, enabling organizations to strengthen their defenses against an evolving threat landscape. The release date for this update is June 13, 2025.
Among the key targets of this update is the Predator spyware, which remains a persistent threat despite US sanctions. The ruleset includes specific signatures to detect DNS queries associated with Predator spyware domains, such as gilfonts .com, zipzone .io, and numerous others. This highlights the ongoing efforts to identify and neutralize the infrastructure used by Intellexa, the maker of Predator, even as they attempt to evade detection through new servers and domains. This focus underscores the importance of continuous monitoring and adaptation in the face of sophisticated surveillance tools. In addition to addressing the Predator spyware, the ruleset update also tackles a critical vulnerability in Fortinet Admin APIs, specifically a Stack-based Buffer Overflow in the AuthHash Cookie, identified as CVE-2025-32756. This rule aims to protect against potential exploits targeting this weakness in Fortinet systems. Furthermore, the update incorporates rules for hunting SQL Database Version Discovery, enhancing the ability to proactively identify and address potential vulnerabilities within network environments. This comprehensive approach ensures a multi-layered defense against various attack vectors. Recommended read:
References :
Pierluigi Paganini@securityaffairs.com
//
OpenAI is actively combating the misuse of its AI tools, including ChatGPT, by malicious groups from countries like China, Russia, and Iran. The company recently banned multiple ChatGPT accounts linked to these threat actors, who were exploiting the platform for illicit activities. These banned accounts were involved in assisting with malware development, automating social media activities to spread disinformation, and conducting research on sensitive topics such as U.S. satellite communications technologies.
OpenAI's actions highlight the diverse ways in which malicious actors are attempting to leverage AI for their campaigns. Chinese groups used AI to generate fake comments and articles on platforms like TikTok and X, posing as real users to spread disinformation and influence public opinion. North Korean actors used AI to craft fake resumes and job applications in an attempt to secure remote IT jobs and potentially steal data. Russian groups employed AI to develop malware and plan cyberattacks, aiming to compromise systems and exfiltrate sensitive information. The report also details specific operations like ScopeCreep, where a Russian-speaking threat actor used ChatGPT to develop and refine Windows malware. They also use AI to debug code in multiple languages and setup their command and control infrastructure. This malware was designed to escalate privileges, establish stealthy persistence, and exfiltrate sensitive data while evading detection. OpenAI's swift response and the details revealed in its report demonstrate the ongoing battle against the misuse of AI and the proactive measures being taken to safeguard its platforms. Recommended read:
References :
Pierluigi Paganini@securityaffairs.com
//
OpenAI is facing scrutiny over its ChatGPT user logs due to a recent court order mandating the indefinite retention of all chat data, including deleted conversations. This directive stems from a lawsuit filed by The New York Times and other news organizations, who allege that ChatGPT has been used to generate copyrighted news articles. The plaintiffs believe that even deleted chats could contain evidence of infringing outputs. OpenAI, while complying with the order, is appealing the decision, citing concerns about user privacy and potential conflicts with data privacy regulations like the EU's GDPR. The company emphasizes that this retention policy does not affect ChatGPT Enterprise or ChatGPT Edu customers, nor users with a Zero Data Retention agreement.
Sam Altman, CEO of OpenAI, has advocated for what he terms "AI privilege," suggesting that interactions with AI should be afforded the same privacy protections as communications with professionals like lawyers or doctors. This stance comes as OpenAI faces criticism for not disclosing to users that deleted and temporary chat logs were being preserved since mid-May in response to the court order. Altman argues that retaining user chats compromises their privacy, which OpenAI considers a core principle. He fears that this legal precedent could lead to a future where all AI conversations are recorded and accessible, potentially chilling free expression and innovation. In addition to privacy concerns, OpenAI has identified and addressed malicious campaigns leveraging ChatGPT for nefarious purposes. These activities include the creation of fake IT worker resumes, the dissemination of misinformation, and assistance in cyber operations. OpenAI has banned accounts linked to ten such campaigns, including those potentially associated with North Korean IT worker schemes, Beijing-backed cyber operatives, and Russian malware distributors. These malicious actors utilized ChatGPT to craft application materials, auto-generate resumes, and even develop multi-stage malware. OpenAI is actively working to combat these abuses and safeguard its platform from being exploited for malicious activities. Recommended read:
References :
Brian Fagioli@BetaNews
//
Microsoft is significantly expanding its cybersecurity support for European governments, providing a free security program specifically designed to combat AI-based cyberattacks. This initiative reflects Microsoft's commitment to bolstering the digital defenses of European nations. Furthermore, the company is actively addressing concerns related to competition within the European market, demonstrating a willingness to adapt to regulatory requirements and user preferences.
Microsoft is collaborating with CrowdStrike to harmonize cyber threat attribution. This partnership aims to establish a unified system for identifying and tracking cyber threat actors across different security platforms, which is designed to accelerate response times and strengthen global cyber defenses. The collaborative effort seeks to bridge the gaps created by differing naming systems for threat actors, creating a "Rosetta Stone" for cyber threat intelligence. This mapping will allow security teams to make informed decisions more quickly, correlate threat intelligence across sources, and disrupt malicious activity before it inflicts damage. In response to Europe’s Digital Markets Act (DMA), Microsoft is making changes to the user experience within the European Economic Area. The company will reduce the frequency with which it prompts users to switch to Edge as their default browser. This change is intended to address complaints from rival browser makers and others who felt that Microsoft was unfairly pushing its own products. Europeans will also find it easier to uninstall the Windows Store and sideline Bing, offering greater control over their digital environment and aligning with the principles of the DMA, which aims to promote competition and user choice in the digital market. Recommended read:
References :
@blog.checkpoint.com
//
References:
Check Point Blog
, www.kaspersky.com
,
Ransomware attacks have surged in 2025, evolving into more sophisticated and dangerous threats than ever before. What started as simple file encryption schemes has morphed into full-blown extortion ecosystems. These modern attacks now involve data exfiltration, public shaming of victims, and even DDoS attacks, marking a significant escalation in cybercriminal tactics. According to Check Point Research, the first quarter of 2025 saw a record-breaking 2,289 victims published on data leak sites, representing a staggering 126% year-over-year increase, demonstrating the growing threat volume and the evolving tactics employed by attackers.
The rise of Ransomware-as-a-Service (RaaS) has also significantly contributed to the increased threat landscape. Check Point's 2024 Annual Ransomware Report revealed that 46 new ransomware groups emerged in that year alone, a 48% increase compared to the previous year. These groups offer ready-made ransomware kits, lowering the barrier to entry for cybercriminals and enabling a wider range of actors to launch attacks. Experts are particularly concerned about the potential for "triple extortion" models, which combine DDoS attacks, public leak threats, and direct harassment of customers or partners to pressure victims into paying ransoms. In addition to the increasing sophistication of ransomware itself, cybercriminals are also abusing legitimate tools to blend in with compromised environments. The Cactus ransomware gang, for example, has been known to direct victims to initiate Microsoft Quick Assist remote access sessions, even assisting them with the installation of the program. With Anti-Ransomware Day being on May 12, organizations are urged to prioritize proactive defenses, incident response planning, and employee awareness training to mitigate the growing risk of ransomware attacks in 2025 and beyond. Recommended read:
References :
@cloud.google.com
//
Google's Threat Intelligence Group (GTIG) has released its annual review of zero-day exploits, revealing a concerning shift towards enterprise-targeted attacks in 2024. The report highlights a persistent rise in zero-day exploitation, with 75 vulnerabilities actively exploited in the wild. While this number represents a decrease from the 98 exploits observed in 2023, it remains higher than the 63 recorded in 2022, indicating a continued upward trend. The GTIG's analysis divides these vulnerabilities into two main categories: end-user platforms and products, and enterprise-focused technologies such as security software and appliances.
Of the 75 zero-day exploits tracked in 2024, a significant 44% targeted enterprise products. This indicates a strategic shift from attackers who are increasingly recognizing the value in compromising systems that house sensitive data. In contrast, the exploitation of browsers and mobile devices has decreased, falling by about a third and half, respectively. This shift towards enterprise technologies suggests that attackers are focusing on more lucrative targets that offer greater potential rewards. The GTIG report also notes that exploit chains made up of multiple zero-day vulnerabilities continue to be almost exclusively used to target mobile devices. Government-backed hackers and commercial surveillance vendors (CSVs) are the primary actors behind many of these exploits. The GTIG report indicates that governments like China and North Korea, along with spyware makers, are responsible for the most recorded zero-days in 2024. Specifically, at least 23 zero-day exploits were linked to government-backed hackers, with 10 directly attributed to governments including five linked to China and five to North Korea. Additionally, spyware makers and surveillance enablers were responsible for eight exploits, suggesting that the industry will continue to grow as long as government customers continue to request and pay for these services. Recommended read:
References :
|