CTO at NCSC Summary: week ending August 31st
Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally...
Welcome to the weekly highlights and analysis of the blueteamsec Lemmy (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note…
In the high-level this week:
UK and allies expose China-based technology companies for enabling global cyber campaign against critical networks - NCSC UK and allies attribute - “Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally, with a cluster of activity observed in the UK.”
The Telecommunications Security Code of Practice are robust mitigations
A Crossroads for UK Cyber Strategy - RUSI think tank - “A new National Cyber Strategy should instead set out a positive, compelling vision to protects consumers, secure the technologies of future growth and fix the persistent market failures that damage national resilience.”
Perspectives on the Next UK National Cyber Strategy - RUSI think tank part deux
The Personal Information Protection Commission votes to impose sanctions on SK Telecom for its personal information leak. - PIPC South Korea announce - “a fine of 134.791 billion won and a penalty of 9.6 million won were imposed for violation of safety measures and breach of leak notification requirements.” - or £71 million to you and me.
ENISA to operate the EU Cyber Reserve - European Commission announces - “The European Commission has signed an agreement with ENISA, the European Union Agency for Cybersecurity for the operation and administration of the EU Cybersecurity Reserve. The Commission will contribute €36 million from the Digital Europe Programme (DEP) to the functioning of this new initiative under the Cyber Solidarity Act to boost the cyber resilience of the EU and its Member States and - under certain conditions - third countries associated to DEP.”
Less than half of Belgian companies use the most basic security measures! - Centre for CyberSecurity Belgium quantifies - “While 70% of the organisations surveyed say they consider it somewhat to very likely that they will soon be targeted by cybercriminals, only 46.4% have actually implemented 2FA.”
Cybersecurity Hiring Modernization Act - Rep. Nancy Mace introduced to Congress - “To amend title 5, United States Code, to limit the use of educational requirements or qualifications in evaluating candidates for certain cybersecurity positions in the competitive service, and for other purposes.”
Putin’s New Cyber Empire - Foreign Affairs reports - “Since the April 2024 meeting in St. Petersburg, Positive Technologies has continued to expand its international reach. In December, the company signed a distribution agreement with Mideast Communication Systems in Cairo, gaining a strategic launch pad for its services in Africa and the Middle East—particularly in Egypt and Saudi Arabia.”
ASIC Corporate Plan - Australian Securities & Investments Commission publishes - “We will promote good practices for managing cyber and operational risks among ASIC’s regulated population. Our focus will be on geopolitical risks, incident response and internal communications, increasing the engagement and resilience of regulated entities, and cross-agency collaboration”
2025 Minimum Elements for a Software Bill of Materials (SBOM) - CISA announce - “CISA is requesting public comment on its updated guidance on Software Bill of Materials (SBOM) to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage software risk more effectively”
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense - Cyber Snoop reports - “What we’re doing in the Google Threat Intelligence Group is intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation,” she said at the Center for Cybersecurity Policy and Law event, where she called for partners in the project. “We have to get from a reactive position to a proactive one … if we’re going to make a difference right now.”
Reporting on/from China
Taiwan traces Chinese hackers selling stolen data to trafficking ring - Focus Taiwan reports - “Prosecutors said CrazyHunter consisted of two Chinese men, surnamed Luo (羅) and Xu (徐), who sold stolen data to a trafficking ring that included a Chinese man surnamed Zhao (趙) and two Taiwanese nationals surnamed Liu (劉) and Cheng (鄭).”
Shanghai launches Robotaxi service linking Disney Resort and airport - China Daily reports - “On Friday, L4 Robotaxis began paid public operations in Shanghai's Lin-gang Special Area, with 58 designated stops covering tourist attractions, commercial centers, residential communities and transport hubs.”
China considering yuan-backed stablecoins to boost global currency usage, sources say - Reuters reports - “The plan is expected to include targets for usage of the Chinese currency in the global markets and outline the responsibilities of domestic regulators, they said, adding that the roadmap will also include guidelines for risk prevention.”
AI
Detecting and countering misuse of AI: August 2025 - Anthropic discloses - “We identified and investigated a sophisticated Chinese threat actor who systematically leveraged Claude to enhance cyber operations targeting Vietnamese critical infrastructure. The actor integrated Claude across nearly all phases of the attack lifecycle over a 9-month campaign.”
Phishing Emails Are Now Aimed at Users and AI Defenses - Anurag details - "Clearly written in the style of Grok, Gemini or ChatGPT style prompts, this section has nothing to do with luring the users. Instead, it is an AI prompt-injection attempt"
Cybercriminals Abuse AI Website Creation App For Phishing - Proofpoint details - “Cybercriminals are increasingly using an AI-generated website builder called Lovable to create and host credential phishing, malware, and fraud websites.”
Logit-Gap Steering: A New Frontier in Understanding and Probing LLM Safety - Tony Li and Hongliang Liu detail - ”Our research introduces a critical concept: the refusal-affirmation logit gap. This refers to the idea that the training process isn’t actually eliminating the potential for a harmful response – it’s just making it less likely. There remains potential for an attacker to “close the gap,” and uncover a harmful response after all.”
Building a sovereign AI chip design industry in the UK - Council for Science and Technology publishes - “Fortunately, with the right investment and capabilities in place, the UK could create a meaningful AI chip design industry. We have strong AI and design expertise and creativity in our universities”
Incident Analysis for AI Agents - Harvard University publish and highlight the core is observability which is widely understood in cyber - ”We also identify specific information that could help clarify which factors are relevant to a given incident: activity logs, system documentation and access, and information about the tools an agent uses. We provide recommendations for
1) what information incident reports should include and 2
) what information developers and deployers should retain and make available to incident investigators upon request.”
Exclusive: Nvidia working on new AI chip for China that outperforms the H20, sources say - Reuters reports - “The new chip, tentatively known as the B30A, will use a single-die design likely to deliver half the raw computing power of the more sophisticated dual-die configuration in Nvidia's flagship B300 accelerator card, the sources said.”
Tech company Humain to launch Allam, first Saudi-developed Arabic AI model - Arab News reports - “Developers say it can converse in classical Arabic and Saudi, Egyptian, Jordanian and Lebanese dialects, understands cultural and political nuances”
Cyber proliferation
WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware - Tech Crunch report - “It’s not immediately clear who, or which spyware vendor, is behind the attacks.”
Bounty Hunting
Chinese National Sentenced to Prison for Deploying Destructive Computer Code on Ohio-based Company’s Global Network - U.S. Attorneys Northern District of Ohio announce - “The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,”
U.S.-ROK-Japan Joint Statement on DPRK Information Technology Workers - US Department of State publish - “our three countries have taken coordinated actions to disrupt the North Korean IT worker threat. Today, Japan issues an update to its previous alert to provide detailed information on new tradecraft used by North Korean IT workers and advises private sector entities to mitigate the risk of inadvertently hiring, supporting, or outsourcing work to North Korean IT workers. The United States is designating four entities and individuals furthering North Korean IT worker schemes, including in Russia, Laos, and China. The Republic of Korea issued advisories on North Korean IT worker activities to help companies avoid being targeted or victimized.”
Treasury Sanctions Fraud Network Funding DPRK Weapons Programs - US Department of the Treasury announce - “The DPRK utilizes IT workers to generate revenue for its illicit weapons of mass destruction and ballistic missile programs, in violation of U.S. and United Nations sanctions. The teams of IT workers typically use fraudulent documents, stolen identities, and false personas to deliberately obfuscate their identities and infiltrate legitimate companies, including in the United States and allied countries.”
No reflections this week other than you can see there is a lot going on..
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Friday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
Amazon disrupts watering hole campaign by Russia’s APT29
Amazon AWS detail this alleged Russian campaign which is noteworthy for the use of watering holes and selective traffic redirection.
The current campaign shows their continued focus on credential harvesting and intelligence collection, with refinements to their technical approach, and demonstrates an evolution in APT29’s tradecraft through their ability to:
Compromise legitimate websites and initially inject obfuscated JavaScript
Rapidly adapt infrastructure when faced with disruption
On new infrastructure, adjust from use of JavaScript redirects to server-side redirects
https://aws.amazon.com/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/
Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments
Chinese analysis of this alleged Russian campaign which is noteworthy in part of using edge CDN compute of western firms in its campaign delivery.
Gamaredon group has upgraded its attack chain, with key evolutions reflected in the dynamic cloud-based migration of its C2 infrastructure and the targeted delivery of cloud storage tools. The group continued to conduct high-intensity intelligence theft activities targeting Ukrainian government departments in 2025.
…
During the payload delivery phase, the attack chain uses a dual-path distribution strategy to build a dynamic attack surface through Cloudflare Workers:
Belarus-Linked DSLRoot Proxy Network Deploys Hardware in U.S. Residences, Including Military Homes
Infrawatch detail a proxy network which is being built in the US through people willingly deploying kit in their homes on behalf of an allegedly Belarussian outfit.
Unlike typical providers that scale via mobile SDKs, DSLRoot deploys dedicated hardware into American residences, creating persistent managed access to U.S. home networks. The network predominantly uses IP space from CenturyLink (Lumen) and Frontier.
Attribution analysis identifies the operator as a Belarusian national with residential presence in Minsk and Moscow. DSLRoot is estimated to operate roughly 300 active hardware devices across 20+ U.S. states. The operator’s presence in Belarus and Moscow is a geographic factor of note, given the deployment of residential proxy hardware in the U.S.
https://infrawatch.app/blog/dslroot-us-proxy-investigation
ShadowSilk: A Cross-Border Binary Union for Data Exfiltration
Nikita Rostovcev and Sergei Turner detail what appears complex on multiple fronts. Suspect this will be analysed by others over the coming weeks and months and further insight.
ShadowSilk has been active since at least 2023, and remains active as of July 2025.
The group’s primary focus lies in targeting government organizations for the purpose of data exfiltration.
Over 35 victims, primarily in the government sector of Central Asia, have been identified during the course of Group-IB’s analysis.
Analysis reveals that the group uses infrastructure and tools historically linked to YoroTrooper.
ShadowSilk consists of two sub-groups and has Chinese and Russian speaking operators. The exact depth and nature of cooperation of these two sub groups remains still uncertain as of the publishing of this research.
ShadowSilk uses a diverse toolkit which includes public exploits, penetration-testing tools, and web panels for managing infected devices. The panels are known to have been acquired via darkweb forums.
At some point a fraction of data known to be ShadowSilk’s possession appeared for sale on one of the dark web forums, which had never previously appeared in public.
https://www.group-ib.com/blog/shadowsilk/
Reporting on China
How Spur Uncovered a Chinese Proxy and VPN Service Used in an APT Campaign
Spur detail infrastructure of a alleged Chinese proxy and VPN service which has been allegedly used by an APT group. The tangled nature of the Chinese eco-system appears every more intertwined.
So, we can conclude the Singapore IP address reportedly used by this threat actor belongs to this service, WgetCloud. Whether or not they purchased a subscription or acquired this particular Trojan proxy through other means is unknown. This highlights the broader risk of APT proxy infrastructure blending into commercial offerings.
https://spur.us/how-spur-uncovered-a-chinese-proxy-and-vpn-service-used-in-an-apt-campaign/
PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
Patrick Whitsell details an alleged Chinese campaign which shows a degree of sophistication and technical operation which is noteworthy for those likely of interest to this group.
[We] identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).
The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
Nick Dai and Pierre Lee and detail a campaign which targets alleged victims of alleged Chinese interest. It also shows the risks stemming from lapsed domains in the software update eco-system.
The TAOTH campaign leveraged an abandoned Sogou Zhuyin IME update server and spear-phishing operations to deliver multiple malware families—including TOSHIS, C6DOOR, DESFY, and GTELAM—primarily targeting users across Eastern Asia.
Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login pages, to distribute malware and collect sensitive information.
The campaign’s victimology and decoy documents reveal a focus on high-value targets, including dissidents, journalists, researchers, and technology/business leaders in China, Taiwan, Hong Kong, Japan, South Korea, and overseas Taiwanese communities.
Infrastructure and tool analysis link TAOTH to previously documented threat activity, showing shared C&C infrastructure, malware variants, and tactics indicative of a single, persistent attacker group with a focus on reconnaissance, espionage, and email abuse.
…
Our analysis shows that the attacker took over the abandoned update server and, after registering it, used the domain to host malicious updates since October 2024.
https://www.trendmicro.com/en_us/research/25/h/taoth-campaign.html
From Campus to C2: Tracking a Persistent Chinese Operation Against Vietnamese Universities
Ben and Faraday detail this alleged Chinese operation against Vietnamese universities. Noteworthy for the edge exploitation coupled with poor operational security which allowed the campaign to be discovered.
Evidence suggests the threat actor gained access to these organisations via exploitation of public facing vulnerabilities using Metasploit, uploading Godzilla webshells, or via SQL injection. Upon gaining a foothold, the adversary has been observed deploying Cobalt Strike beacons. Once the beacon is established, the actor has exploited local Windows vulnerabilities for privilege escalation and installed tunneling software for persistent remote access.
https://ctrlaltint3l.github.io/threat%20research/china-vietnam-campaign/
Reporting on North Korea
Dubai, Crypto, Moonstone Sleet, and the Pivot Odyssey
Chollima Group detail the alleged operations of some North Korean operatives. The overlaps with activity is what is of note in this reporting showing alleged links to China etc.
Around this time last year, Microsoft and Kaspersky released two reports on a campaign carried out by a previously unknown North Korean APT Group dubbed 'Moonstone Sleet'. This campaign was especially notable for it's use of a fake crypto game project called
DeTankZoneand the two chained Chromium zero days hosted on it's website.As we continued pivoting deeper into this cluster we identified that many members had previously worked on a huge cryptocurrency project on behalf of a shady company called ICICB (who we believe to be a front), that one of the non-DPRK members of the cluster runs the Chinese cybercrime market FreeCity, and an interesting connection between DeTankZone and an older IT Worker who previously operated out of Tanzania.
https://chollima-group.io/posts/dubai-crypto-moonstonesleet-pivot-odyssey
Reporting on Iran
Iran-Nexus Spear phishing Campaign Masquerades as Omani MFA to Target Global Governments
Dream Group detail this alleged Iranian phishing campaign. Only noteworthy as it has been alleged to be Iranian, the tradecraft on show is rather basic..
Analysis of the Homeland Justice campaign reveals it was multi-wave and operated on a larger scale than initially apparent. From a dataset of 270 emails, 104 unique compromised addresses were leveraged to mask the true origin of the activity. This breadth indicates the campaign extended well beyond a single country and was part of a coordinated regional effort.
The infrastructure and malware were also deployed against specific national institutions during a period when that country was engaged in sensitive ceasefire negotiations with Hamas in 2025, underscoring the geopolitical intent of the operation.
Recipients included embassies, consulates, and international organizations across multiple regions. The lure content consistently referenced urgent MFA communications, conveyed authority, and exploited the common practice of enabling macros to access content, which are the hallmarks of a well-planned espionage operation that deliberately masked attribution
https://dreamgroup.com/blog-cti/
Reporting on Other Actors
ScreenConnect Super Admin Credential Harvesting
Samantha Clarke detail a phishing campaign which is noteworthy due to the victimology. Technical workforce can sometimes be the Achilles heel due to high privileges and over confidence due to their domain understanding.
Low-volume spear phishing operation sending up to 1,000 emails per campaign run
Initial access for potential ransomware deployment
Senior IT professionals and administrators with super admin privileges
Adversary-in-the-middle (AITM) phishing using EvilGinx framework
https://www.mimecast.com/threat-intelligence-hub/screenconnect-super-admin-credential/
Stark Industries Solutions Preempts EU Sanctions
Insikt Group® detail internet shenanigans by this bullet proof hosting company.
the rebranding of Stark Industries operations to “THE.Hosting”, under the control of Dutch entity “WorkTitans B.V.”, and the creation of a new autonomous system, AS209847 (THE), on June 24, 2025. Although the majority of associated infrastructure remains attributable to Stark Industries, these changes likely reflect an attempt to obfuscate ownership and sustain hosting services under new legal and network entities
Discovery
How we find and understand the latent compromises within our environments.
GraphApiAuditEvents: The new Graph API Logs
Bert-Jan Pals details the new logs available which will facilitate detection.
The new GraphApiAuditEvents table in Advanced Hunting have been in Public Preview since July this year. These valuable logs give new insights into the activities that are performed using the Graph API in your tenant, which makes it a table you definitly want to explore in the upcoming weeks. The GraphApiAuditEvents table is the ‘free’ version of the MicrosoftGraphActivityLogs table that was available in Sentinel. The GraphApiAuditEvents enables more organizations to use these valuable logs without burning their budget.
https://kqlquery.com/posts/graphapiauditevents/
ExternalData - Cert Central, CertReport
Security Aura provides a KQL query which will help surface those binary using known rogue certificates.
This query looks up files involved in DeviceProcessEvents, DeviceFileEvents or DeviceImageLoadEvents from a user's Downloads folder, or a subfolder in %APPDATA% or %LOCALAPPDATA% against the Cert Central/CertReport DB CSV export.
The goal of this query is to identify processes or files that are signed with certs present in Cert Central. The match is made on the Signer field, because multiple certificates can be assigned to a Signer, but not all of them will be in CertReport (e.g.: they haven't been reported yet).
Detecting Velociraptor misuse
Velociraptor provide some indicators so you can detect unexpected execution in environments given recent reporting of its misuse.
In this instance, the threat actor downloaded the Velociraptor binary and, in its configuration file, specified the command-and-control server. After Velociraptor was executed on the compromised asset, it established a communication with the C2 server. Once the communication was established, the threat actor used Velociraptor to perform further actions, such as downloading additional files or executing commands on the compromised asset. While this is not a vulnerability in the tool itself, it can be used for malicious purposes.
..
Each time the binary is launched, the binary logs the command line arguments used into the
Applicationevent log with an event id of1000
https://docs.velociraptor.app/knowledge_base/tips/velocirator_misuse/
this is the reporting on the misuse
Defence
How we proactively defend our environments.
Managing cryptographic keys and secrets
ASD’s ACSC and friends detail what good looks like around cryptographic keys and secrets management.
Organisations should have a comprehensive understanding of the threat environment which will enable them to build a strong Key Management Plan (KMP) to address their own unique environment and all cryptographic material management, enabling positive security outcomes. A KMP should be prepared in the context of both internal and external threats, how compromise can occur, and what can be done to mitigate and respond to any potential threats.
The ASD’s ACSC, the Department of Industry Science and Resources (DISR) and the following international partners provide the recommendations in this guide:
Canadian Centre for Cyber Security (Cyber Centre)
United Kingdom’s National Cyber Security Centre (NCSC-UK)
New Zealand’s National Cyber Security Centre (NCSC-NZ)
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)
Japan National Cybersecurity Office (NCO)
How Token Protection Enhances Conditional Access Policies - Microsoft Entra ID
Microsoft detail how to use this conditional access session control to mitigate replay attacks by using hardware bound tokens.
Token Protection is a Conditional Access session control that attempts to reduce token replay attacks by ensuring only device bound sign-in session tokens, like Primary Refresh Tokens (PRTs), are accepted by Entra ID when applications request access to protected resources.
When a user registers a Windows 10 or later device with Microsoft Entra, a PRT is issued and cryptographically bound to that device. This binding ensures that even if a threat actor steals a token, it can't be used from another device. With Token Protection enforced, Microsoft Entra validates that only these bound sign-in session tokens are used by supported applications.
You can enforce Token Protection policy on Exchange Online, SharePoint Online, and Teams resources. It is supported by many Microsoft 365 native applications. For a comprehensive list of supported applications and resources, please refer to the “Requirements” section
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection
Raising security with organization-wide YubiKey (FIDO2) in Entra ID
Sandra Bedrossian details how they deployed a FIDO2 hardware based authentication solution.
we show how we rolled out organization-wide, passwordless YubiKey (FIDO2) authentication with Microsoft Entra ID—what worked, what didn’t, and what we’d do again. Key takeaways include: why we chose YubiKey over app-based MFA, how we managed Entra ID configuration, our approach to phased enforcement with conditional access, edge cases, onboarding, and more. Whether you’re just evaluating YubiKeys or ready to go all-in, this guide will help you get it right, securely and smoothly.
https://www.huntandhackett.com/blog/raising-security-with-yubikey
XDRStoryParser
Fabian Bader provides a power tool to security operations centres to help understanding.
The XDR Story Parser helps you to parse attack stories from Microsoft Defender XDR and further work with them outside of the XDR portal.
XDR alert stories are a special JSON format that Microsofts uses in the Defender XDR portal to display a process tree and the alert timeline
https://github.com/f-bader/XDRStoryParser
Salty Seagull: A VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks
Georgios Michail Makrakis, Jeroen Pijpker, Remco Hassing, Rob Loves and Stephen McCombie provide some evidence that there are very few individuals looking for VSATs on the internet.. until now!
In this paper we present Salty Seagull, a honeynet conceived to simulate a VSAT system for ships. This environment mimics the operations of a functional VSAT system onboard and, at the same time, enables a user to interact with it through a Web dashboard and a CLI environment. Furthermore, based on existing vulnerabilities, we purposefully integrate them into our system to increase attacker engagement. We exposed our honeynet for 30 days to the Internet to assess its capability and measured the received interaction. Results show that while numerous generic attacks have been attempted, only one curious attacker with knowledge of the nature of the system and its vulnerabilities managed to access it, without however exploring its full potential.
https://arxiv.org/abs/2508.11325
Deception feature in Microsoft Defender for Endpoint will be retired from public preview
Microsoft appear to be retiring this feature..
The Deception feature in Microsoft Defender for Endpoint will be retired from public preview by October 31, 2025. New onboarding stops August 18, 2025; existing decoys and UI elements will be removed. No admin action is needed, but informing stakeholders and updating documentation is recommended.
https://mc.merill.net/message/MC1137611
Incident Writeups & Disclosures
How they got in and what they did.
Malicious versions of Nx and some supporting plugins were published
Original advisory..
Malicious versions of the
nxpackage, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
Romain Gaucher, Jayson DeLancey and Lewis Ardern give a sense of the impact
At least 1.4k people are learning today that keys, wallets, and credentials were compromised from install of the nx build tool.
https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/
Merav Bar and Rami McCarthy detail further impact..
In a second phase, an attacker used the leaked GitHub tokens from phase one to make victim’s private repositories public. These changes appeared to be driven by a single threaded automation, running between (roughly) August 28 4PM and August 29 2AM UTC. Over 400 users/organizations were impacted in that window, with a total of over 5500 private repositories published publicly.
https://www.wiz.io/blog/s1ngularity-supply-chain-attack
Vulnerability
Our attack surface.
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
Artem and Shivan Kaul Sahib show the first of many challenges from AI agentic browsers..
The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab.
https://brave.com/blog/comet-prompt-injection/
Loophole allows threat actors to claim VS Code extension names
Lucija Valentić details a headache for cyber defence teams..
After discovering a malicious VS Code extension in June, ReversingLabs researchers noticed something odd: the name of the VS Code extension was identical to that of a malicious VS Code extension discovered in March. That shouldn’t be possible, according to VS Code Marketplace’s official documentation. Further investigation led to the discovery of a loophole on the VS Code platform that allowed for the reuse of legitimate, but discontinued VS Code extension names by malicious actors.
https://www.reversinglabs.com/blog/malware-vs-code-extension-names
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424
Citrix security advisory..
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
Offense
Attack capability, techniques and trade-craft.
Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Yuya Chudo highlights the gaps and provides some solutions. to device enrollment challenges.
Method 1: Check-in as different OS
Method 2: Intune enrollment via device token
Method 3: Forging corporate device
If you’re expecting enrollment restrictions to prevent unauthorized device from accessing corporate data as a security measure, you might be relying on them too much. It’s strongly recommended to implement additional layers of defense. The examples are:
Require multifactor authentication for device registration in a Conditional Acccess policy
Block device code flow
Exploitation
What is being exploited..
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Austin Larsen, Matt Lin, Tyler McLellan and Omar ElAhdan highlight the root cause of a number of second order compromises. Highlighting once against the complexity of cloud and challenges around long live authentication tokens.
Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations. We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised.
On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the "Drift Email" integration. On August 9, 2025, a threat actor used these tokens to access email from a very small number of Google Workspace accounts.
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
How AI Agents Find Deep Logic Bugs in Any Codebase
Bernhard Mueller shows a way of the future, although accuracy will need to improve..
Hound is a language-agnostic AI code security auditor that simulates the cognitive processes of human experts. It maps systems as living knowledge graphs, and uses focused, high-quality hypotheses from strong reasoning models to find deep logic bugs across any stack.
..
Early tests of Hound show promising results, but it still needs systematic benchmarking across diverse stacks, protocols, and threat models.
..
To evaluate Hound on Code4rena’s SecondSwap contest, I matched Hound’s hypotheses against the accepted findings in a curated benchmark. Out of 30 expected findings, Hound produced 28 hypotheses and matched 10 of them (true positives), leaving 18 hypotheses that did not correspond to the expected set (false positives relative to the benchmark) and 20 expected items that were missed (false negatives). That translates to a 33.3% detection rate under strict matching. Among the missed items, the severity mix was two high, sixteen medium, and five low.
..
Hound’s core bet is simple: give strong models the same tools expert auditors use — maps, assumptions, teams, and QA — and they’ll uncover deep bugs in any system, not just Solidity.
..
https://github.com/muellerberndt/hound
Optimizing Token Choice for Code Watermarking: A RL Approach
Zhimeng Guo, Huaisheng Zhu, Siyuan Xu, Hangfan Zhang, Teng Xiao and Minhao Cheng demonstrate a use case which is going to be fun to see the counter models which detect and highlight said watermarks / variance.
This strategy ensures that embedded watermarks maintain code functionality while exhibiting subtle yet statistically detectable deviations from typical token distributions. To facilitate policy learning, we devise a comprehensive reward system that seamlessly integrates execution feedback with watermark embedding signals, balancing process-level and outcome-level rewards. Additionally, we employ Gumbel Top-k reparameterization to enable gradient-based optimization of discrete watermarking decisions. Extensive comparative evaluations demonstrate CodeTracer's significant superiority over state-of-the-art baselines in both watermark detectability and the preservation of generated code's functionality.
https://arxiv.org/abs/2508.11925
LLM4Binary
Reverse Engineering: Decompiling Binary Code with Large Language Models
https://github.com/albertan017/LLM4Decompile
this continues to be updated included a June model update:
https://huggingface.co/LLM4Binary/llm4decompile-6.7b-v1.6
and Decompile Bench
2 million binary-source function pairs (condensed from 100 million). Test: HumanEval, MBPP, 60K from GitHub repos released after 2025.
https://huggingface.co/collections/LLM4Binary/decompile-bench-68259091c8d49d0ebd5efda9
MSIXBuilder: MSIX Building Made Easy for Defenders
Michael Haag provides a tool to ensure detection coverage..
MSIXBuilder is a comprehensive PowerShell tool that creates functional MSIX packages with embedded test applications.
https://github.com/MHaggis/MSIXBuilder
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual, quarterly and monthly reports
Nothing overly of note this week
Cyber Risks to Next-Gen Brain-Computer Interfaces: Analysis and Recommendations
Hardware‑Signed C2PA Camera Credentials Strengthen Image Authentication
Curbing the cost of cybersecurity fragmentation: an agenda for harmonisation across the Indo-Pacific
Developing a Transit Cybersecurity Framework Community Profile: Project Update
When to Deceive: A Cross-Layer Stackelberg Game Framework for Strategic Timing of Cyber Deception
Sludge for Good: Slowing and Imposing Costs on Cyber Attackers
Artificial intelligence
Smart Cuts: Enhance Active Learning for Vulnerability Detection by Pruning Hard-to-Learn Data
Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering
AgentArmor: Enforcing Program Analysis on Agent Runtime Trace to Defend Against Prompt Injection
THOR: Secure Transformer Inference with Homomorphic Encryption
Books
Nothing overly of note this week
Events
Fully Homomorphic Encryption Hardware day - September 25th, online
Finally finally the NCSC’s podcast series.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.