CTO at NCSC Summary: week ending October 26th
Cyber security is business survival...
Welcome to the weekly highlights and analysis of the blueteamsec (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note…
In the high-level this week:
Cyber security is business survival - NCSC UK publishes - “Improving cyber resilience must be a collective endeavour. In our 2025 Annual Review, we have set out why collaboration is at the heart of resilience. We need the joint forces of government and industry to understand the evolving cyber threat landscape and out-compete our opponents.”
Evil Corp - Introducing Evil Corp - BBC podcasts
Ambassador for Cyber Affairs and Critical Technology - Minister for Foreign Affairs, Australia announces - “Today I announce the appointment of Ms Jessica Hunter as Australia’s next Ambassador for Cyber Affairs and Critical Technology.”
The UK must prioritize cybersecurity or be left dangerously exposed - Chatham House opines - “Building genuine cyber resilience requires sustained political commitment, adequate resources, clear regulation and coordinated action across government, industry and international partners. Anything less leaves the UK dangerously exposed.”
Why cyber resilience must be measured, not assumed - World Economic Forum opines - “Threat-led testing schemes such as CBEST and frameworks or methodologies like STAR-FS and MITRE’s ATT&CK Evaluations emphasize adversarial simulation and detection capabilities.” - I would say they go further than that - they provide valuable evidence bases on real world resilience end-to-end i.e. against reconnaissance, intrusion and action on objectives. Regulatory red teaming, beyond actual incidents, are one of the most holistic measures of real world resilience again adversaries.
Preparing for a post-quantum world: Quantum-safe technology - Mastercard publishes - “We believe that what every financial institution should invest in right now, regardless of the timeline for PQC migration that it deems to be ideal, is on cryptographic inventory tools.”
Extortion and ransomware drive over half of cyberattacks - Microsoft analyses - “Just 20 ASNs—only 0.04%— account for more than 80% of malicious password spray activity”
Security of Cables: Commission publishes landmark report and funding for Cable Hubs - European Commission publishes and announces - “Regional Cable Hubs will support the monitoring and detection of threats to submarine cables by aggregating the relevant data and information, develop AI-based threat analysis to set a near real time situational picture and allow faster response in case of incidents.”
DNI Issues First FASCSA Exclusion and Removal Order Against Acronis AG - Mayer|Brown summarises - “On September 15, 2025, the Office of the Director of National Intelligence (“DNI”) published the first exclusion and removal order (“Order”) under the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”).1 The Order prohibits the procurement and use of products and services from Acronis AG (“Acronis”)—a Swiss cybersecurity and data protection technology company—by the Intelligence Community (“IC”)”
How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA - WIRED reports - “The hacked shufflers were programmed to transmit the knowledge of the players’ hands to a remote operator, who then sent that information back to the phone of a player in the game known as a “quarterback” or “driver,” according to prosecutors.”
Reporting on/from China
China’s chilling stolen data plot for everyone in Britain - The Times reports - The NCSC official said these attacks are “primarily nation state-based. It is not easy and it’s not cheap to carry out a harvest now/decrypt later attack and that restricts the potential range of adversaries”.
FCC Moves to Expel Hong Kong Telecom from U.S. Telecom Networks - Federal Communication Commission announces - “Today’s Order continues the FCC’s work of ensuring that CCP-controlled entities that pose national security risks to our country cannot connect to our telecom networks,” said FCC Chairman Brendan Carr
Countering the Digital Silk Road - Center for New American Security think tanks - “the DSR has become increasingly central to China’s broader strategy to challenge and ultimately supplant the U.S.-led digital order, and in doing so, reap potentially vast security, economic, and intelligence advantages.”
China set to boost science funding in pursuit of Nobel ambitions - Nikkei Asia reports - “China plans to step up funding for the initial stage of research known as basic research -- experimental studies aimed at gaining new knowledge without immediate practical applications -- in order to boost its capabilities in such high-tech fields as artificial intelligence, robotics and space exploration.”
Western executives who visit China are coming back terrified - The Telegraph reports- “Figures recently released by the International Federation of Robotics (IFR) show this has led to a dramatic and high-tech transformation of China’s industrial base over the past 10 years. Between 2014 and 2024, the number of industrial robots deployed in the country rocketed from 189,000 to more than two million.”
AI
CSA Releases An Addendum To Support System Owners In Securing Agentic AI System - Cyber Security Agency of Singapore releases - “The Addendum provides practical guidance for system owners to secure Agentic Artificial Intelligence (AI) systems. This was announced by Mrs Josephine Teo, Minister for Digital Development and Information and Minister-in-charge of Cybersecurity and Smart Nation Group at the Singapore International Cyber Week (SICW) 2025.”
A Practical Program Repair Agent Mimicking Human Expertise - Northwestern University and University of Waterloo give hope - “Evaluated on a dataset of 178 real-world vulnerabilities, PatchAgent successfully repairs over 90% of the cases, outperforming state-of-the-art APR tools where applicable. Our”
Transforming Static Analysis with LLM-Synthesized Checkers - University of Illinois and Shanghai Jiao Tong University give hope and despair - “KNightersynthesized checkers have discovered 92 new, critical, longlatent bugs (average 4.3 years) in the Linux kernel; 77 are confirmed, 57 fixed, and 30 have been assigned CVE numbers.”
O(N) the Money: Scaling Vulnerability Research with LLMs - Caleb Gross asserts - “But the second more important claim is that if we can transform these problems into a listwise ranking problem, then we can use LLMs to solve these very consistently, quickly, cheaply, and to great effect.”
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers - Brave researches - “On request, we are withholding one additional vulnerability found in another browser for now. We plan on providing more details next week.”
The use of artificial intelligence for policy purposes - Bank of International Settlements publishes - “The report highlights real-world examples of how big data and machine learning are transforming key areas of work. Despite AI’s significant potential, challenges remain. These include data governance, investment in human capital, and IT infrastructure.”
Alibaba Cloud claims to slash Nvidia GPU use by 82% with new pooling system - South China Morning Post reports - “Alibaba Group Holding has introduced a computing pooling solution that it said led to an 82 per cent cut in the number of Nvidia graphics processing units (GPUs) needed to serve its artificial intelligence models.”
Cyber proliferation
From Chaos to Capability: Building the US Market for Offensive Cyber - Dartmouth’s Institute for Security, Technology and Society (ISTS) convened - “thirty experts from government, industry, academia, and venture capital under Chatham House rules to analyze how private sector actors currently supports the U.S. government in “offensive cyber”, and to make recommendations on how to effectively leverage the private sector to scale up such activity. Offensive cyber was broadly defined to include tool development, access, and effect generation for government cyber operations (OCO/CNE and law enforcement operations). The roundtable identified the following three key findings in the U.S. offensive cyber landscape”
Spyware maker NSO Group blocked from WhatsApp - Tech Crunch reports - “A federal judge has granted Meta-owned WhatsApp’s request for a permanent injunction blocking Israeli cyberintelligence company NSO Group from targeting the messaging app’s users. At the same time, the judge dramatically reduced the fine that NSO Group must pay to Meta.”
Bounty Hunting
Nothing overly of note this week
Market Incentives
KT Chief to Resign After Cybersecurity Breach Resolution - The Chosun Daily reports - “Kim Young-shub, KT’s representative, stated regarding the unauthorized micro-payment incident, “I will take responsibility once the situation is resolved,” effectively expressing his intention to step down from his position.”
Cyberfraud: A New Era of False Claims Act Liability Risk - Hinkley Allen assesses - “In the first nine months of the Trump Administration, seven cyberfraud related FCA settlements have been announced totaling more than $51 million, surpassing recoveries under the Biden Administration’s Civil Cyberfraud Initiative. These settlements – and the warnings issued by DOJ officials in the accompanying press statements – dispel any notion that corporate defendants would receive leniency when they fail to adhere to cybersecurity requirements.”
No reflections this week other than cyber deception works in catching both latent as well as new compromises..
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER
Wesley Shields details this alleged Russian campaign which uses captcha like lures to get users to do things on their machines to facilitate access. These techniques continue to be of note due to the socio-technical aspect.
https://cloud.google.com/blog/topics/threat-intelligence/new-malware-russia-coldriver
PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
Tom Hegel details this alleged Russian campaign which is note due to the regional targeting and victimology. The use of WebSockets is also noteworthy for a degree of technical variability.. Use of Russian infrastructure is however just not trying..
SentinelLABS together with Digital Security Lab of Ukraine has uncovered a coordinated spearphishing campaign targeting individual members of the International Red Cross, Norwegian Refugee Council, UNICEF, and other NGOs involved in war relief efforts and Ukrainian regional government administration.
Threat actors used emails impersonating the Ukrainian President’s Office carrying weaponized PDFs, luring victims into executing malware via a ‘ClickFix’-style fake Cloudflare captcha page.
The final payload is a WebSocket RAT hosted on Russian-owned infrastructure that enables arbitrary remote command execution, data exfiltration, and potential deployment of additional malware.
Despite six months of preparation, the attackers’ infrastructure was only active for a single day, indicating sophisticated planning and strong commitment to operational security.
An additional infrastructure pivot revealed a mobile attack vector with fake applications aimed at collecting geolocation, contacts, media files and other data from compromised Android devices.
Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals
Insikt Group® issues this report which makes some claims but share the methodology and note the imperfect nature.
The Russian cybercriminal ecosystem is undergoing a period of profound transformation, shaped by unprecedented international law enforcement campaigns, shifting domestic enforcement priorities, and enduring ties between organized crime and the Russian state.
..
The report synthesizes: (1) public law-enforcement releases and Operation Endgame materials that enumerate targeted malware families, botnets, and money-movement services; (2) Russian legal, prosecutorial, and media statements that document arrests, seizures, and sentencing; and (3) dark web forum and Telegram communications that reveal underground reactions, trust dynamics, and operational adaptations. We also reference leaked chat archives and investigative reporting relevant to Conti and Trickbot and associated facilitators, where they illuminate alleged protection, information sharing, or tasking with state entities. This report also incorporates transnational policy developments and diplomatic events (for example, prisoner exchanges involving high-value Russian cybercriminals) to contextualize how external pressure intersects with Russia’s domestic calculus of protection and control. All such events are treated as indicators, not dispositive proof, of Russian state priorities and leverage.
Reporting on China
ToolShell Used to Compromise Telecoms Company in Middle East
Symantec and Carbon Black disclose an incident by an alleged Chinese threat actor. Noteworthy due to the sectoral targeting.
China-based attackers used the ToolShell [SharePoint] vulnerability (CVE-2025-53770) to compromise a telecoms company in the Middle East shortly after the vulnerability was publicly revealed and patched in July 2025.
The same threat actors also compromised two government departments in the same African country during the same time period. Zingdoor, which was deployed on the networks of all three organizations, has in the past been associated with the Chinese group Glowworm (aka Earth Estries, FamousSparrow).
https://www.security.com/blog-post/toolshell-china-zingdoor
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
Georgy Kucherin, Saurabh Sharma and Vasily Berdnikov detail an alleged Chinese campaign targeting a broad range of sectors in an almost indiscriminate manner..
we did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, we have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025. These infections targeted government, financial and industrial organizations located in Asia, Africa, and Latin America. Since identifying these infections, we have been able to shed light on many previously unknown aspects of this campaign. Thus, we managed to discover details about the initial infection and gather clues on attribution.
..
However, the overall TTPs of the PassiveNeuron campaign most resemble the ones commonly employed by Chinese-speaking threat actors. Since TTPs are usually harder to fake than indicators like strings, we are, as of now, attributing the PassiveNeuron campaign to a Chinese-speaking threat actor, albeit with a low level of confidence.
https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/
The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns
Daniel Lunghi and Leon M Chang describe an alleged evolution in the Chinese eco-system which is reminiscent of what we have seen in other groups as they grow and become more sophisticated.
“Premier Pass-as-a-Service” describes the emerging trend of advanced collaboration tactics between multiple China-aligned APT groups, notably Earth Estries and Earth Naga, that are making modern cyberespionage campaigns even more complex.
The case study discussed in this blog entry shows the model in action between these two groups, with Earth Estries acting as an access broker to Earth Naga for continued exploitation. By sharing access, Earth Estries and Earth Naga further complicate detection and attribution efforts.
Earth Estries and Earth Naga have persistently targeted critical sectors, especially government agencies and telecommunications providers, with operations spanning multiple regions. Earth Estries and Earth Naga’s coordinated cyberespionage campaigns have recently focused on retail and government-related organizations in APAC.
Trend™ Research has introduced a new four-tier framework that categorizes these different kinds of collaborative attacks and helps security practitioners better understand such collaborations.
https://www.trendmicro.com/en_us/research/25/j/premier-pass-as-a-service.html
Beyond the Aliases: Decoding Chinese Threat Group Attribution and the Human Factor
Natto Team details the Rosetta Stone battles 2012-current day using Chinese group as the focus.
Natto Team examines threat groups named APT27, HAFNIUM, and Silk Typhoon—which, in many reports, appear as “a.k.a.” names for each other—to demonstrate how the cybersecurity community tracks threat groups and the nuances involved in choosing which group name to highlight when government documents disclose identified individuals and entities.
nattothoughts.substack.com/p/beyond-the-aliases-decoding-chinese
Reporting on North Korea
Gotta fly: Lazarus targets the UAV sector
Peter Kálnai and Alexis Rapin detail some interesting alleged sectoral targeting by North Korean actors. Noteworthy for a whole host of reasons be is Russian support, national aspirations etc.
Lazarus attacks against companies developing UAV technology align with recently reported developments in the North Korean drone program.
The suspected primary goal of the attackers was likely the theft of proprietary information and manufacturing know-how.
Based on the social-engineering technique used for initial access, trojanizing open-source projects from GitHub, and the deployment of ScoringMathTea, we consider these attacks to be a new wave of the Operation DreamJob campaign.
The group’s most significant evolution is the introduction of new libraries designed for DLL proxying and the selection of new open-source projects to trojanize for improved evasion.
https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/
Beyond eval(): DPRK’s New Malware Strategy Hidden in Job Assignments
KL4R10N walks through an well understood set of alleged North Korean tradecraft.
The initial C2 in the repo was a Chainlink-themed typosquat domain that is present in intel feeds (AlienVault OTX). After that domain was flagged, the actor pivoted to
[another domain]the code path was unchanged, but the domain changed.
https://kl4r10n.tech/blog/dprk-new-malware
The DPRK’s Violation and Evasion of UN Sanctions through Cyber and Information Technology Worker Activities
The Multilateral Sanctions Monitoring Team (MSMT) is a multilateral mechanism to monitor and report violations and evasions of sanction measures stipulated in the relevant United Nations Security Council resolutions (UNSCRs). They go to town on alleged North Korean activity in this report..
In addition to misuse of cryptocurrency to evade UN sanctions, DPRK actors engaged in widespread IT work in violation of UNSCRs 2375 and 2397. During the reporting period, the DPRK deployed IT
Reporting on Iran
Nothing overly of note this week…
Reporting on Other Actors
Post-exploitation framework now also delivered via npm
Vladimir Gursky and Artem Ushkov show that npm continues to be misused for initial access.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name:
https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down.
https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
Idan Dardikman details a campaign, which whilst a little hyperbolic in language used to describe, is noteworthy for a degree of technical novelty here.
But GlassWorm isn’t just another supply chain attack. It’s using stealth techniques we’ve never seen before in the wild - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infrastructure that can’t be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected developer into a criminal proxy node.
Discovery
How we find and understand the latent compromises within our environments.
Decoding UserAuthenticationMethod in Microsoft 365 audit logs: the bitfield mapping
Grégoire Clermont provides a power up with this decoding - Microsoft should also document to help cyber defenders going forward.
[We] have discovered that this field is a bitfield where each bit represents a different authentication method. This article documents how to decode these numeric values into human-readable descriptions, particularly useful for security analysts and incident responders who may encounter environments where only Microsoft 365 audit logs are available.
https://blog.sekoia.io/userauthenticationmethod-microsoft-365-decode/
Attacks Come to Those Who Wait: Long-Term Observations in an SSH Honeynet
Cristian Munteanu, Yogesh Bhargav, Georgios Smaragdakis, Anja Feldmann and Tobias Fiebig show the value of large scale honeypots to inform understanding.
In this paper, we present an analysis of data collected from a large-scale honeynet over a three-year period, shedding light on gradual shifts in attacker behavior. Our findings suggest a trend toward more exploratory attacks, with indications that attackers are increasingly moving beyond the blind execution of scripts. We observe changes in techniques as new bots appear with unique methods and established botnets modify their approaches over time. Furthermore, attackers have adopted a more scouting approach in recent months, showing increased adaptability in their tactics. Additionally, there is a clear preference for utilizing recently registered ASes as storage locations for malicious files. Our findings also suggest that attackers are increasingly aware of honeypot presence. Some attackers actively search for these traps, while others exploit honeypots for their own purposes, underscoring the need for a new generation of more advanced honeypots
https://gsmaragd.github.io/publications/IMC2025-Honeynet/IMC2025-Honeynet.pdf
Decoy Databases: Analyzing Attacks on Public Facing Databases
Yuqian Song, Georgios Smaragdakis, and Harm Griffioen further show the value of large scale honeypots to inform understanding.
Our 220 low-interaction honeypots emulate MySQL, MSSQL, PostgreSQL, and Redis, revealing that scanning activity is relatively low (≈3,000 IPs), but brute-force attempts are persistent. We also deploy 58 medium/high-interaction honeypots, which reveal three distinct types of exploitation: (i) direct attacks on the database management system to manipulate the database, (ii) ransom-driven attacks that copy and delete the targeted data, and (iii) use the database as an attack vector to take over the underlying system. Our findings highlight that DBMS-targeted attacks are distinct from those on other Internet-facing systems and deserve focused attention.
https://gsmaragd.github.io/publications/IMC2025-DB/
Could the XZ backdoor have been detected with better Git and Debian packaging practices?
Otto Kekäläinen identifies a very pragmatic set of improvements..
The XZ backdoor in versions 5.6.0/5.6.1 made its way briefly into many major Linux distributions such as Debian and Fedora, but luckily didn’t reach that many actual users, as the backdoored releases were quickly removed thanks to the heroic diligence of Andres Freund. We are all extremely lucky that he detected a half a second performance regression in SSH, cared enough to trace it down, discovered malicious code in the XZ library loaded by SSH, and reported promtly to various security teams for quick coordinated actions.
This episode makes software engineers pondering the following questions:
Why didn’t any Linux distro packagers notice anything odd when importing the new XZ version 5.6.0/5.6.1 from upstream?
Is the current software supply-chain in the most popular Linux distros easy to audit?
Could we have similar backdoors lurking that haven’t been detected yet?
As a Debian Developer, I decided to audit the xz package in Debian, share my methodology and findings in this post, and also suggest some improvements on how the software supply-chain security could be tightened in Debian specifically.
https://optimizedbyotto.com/post/xz-backdoor-debian-git-detection/
Learning AS-to-Organization Mappings with Borges
Carlos Selmo, Esteban Carisimo, Fabián E. Bustamante and J. Ignacio Alvarez-Hamelin hint and an interesting edge which will have both good and bad uses.
We introduce Borges (Better ORGanizations Entities mappingS), a novel framework for improving AS-to-Organization mappings using Large Language Models (LLMs). Existing approaches, such as AS2Org and its extensions, rely on static WHOIS data and rulebased extraction from PeeringDB records, limiting their ability to capture complex, dynamic organizational structures. Borges overcomes these limitations by combining traditional sources with fewshot LLM prompting to extract sibling relationships from free-text fields in PeeringDB, and by introducing website-based inference using redirect chains, domain similarity, and favicon analysis. Our evaluation shows that Borges outperforms prior methods, achieving a 7% improvement in sibling ASN identification and an Organization Factor score of 0.3576. It also expands the recognized user base of large Internet conglomerates by 192 million users (≈ 5% of the global Internet population) and improves geographic footprint estimates across multiple regions.
https://estcarisimo.github.io/assets/pdf/papers/2025-IMC-borges.pdf
Unmasking the Invisible: Hunting and Defeating EDR-Evading Threats Like BRICKSTORM
Rubrik tease that backups might be a useful source of historic timelining related to compromises.
When BRICKSTORM indicators (like specific file hashes, YARA signatures, or suspicious file paths on a vCenter server) were found in a customer’s backups, customer data analysis allowed for
Linux Capabilities Revisited
Stephan Berger highlights a persistence technique which defensive teams will want to ensure they have coverage for.
While traditional SUID/SGID checks are still crucial, modern security practices must include hunting for files with specific capabilities set. Capabilities provide a more granular and potentially stealthy way to grant necessary privileges, and if not monitored, they can introduce significant security risks. Using tools like
getcapto search the file system for these capabilities recursively is essential to ensure a comprehensive security audit and to mitigate potential exploitation vectors.
https://dfir.ch/posts/linux_capabilities/
Defence
How we proactively defend our environments.
Modern defensible architecture
Australian Signals Directorate’s Australian Cyber Security Centre releases this update along with Canadian Centre for Cyber Security, Bundesamt für Sicherheit in der Informationstechnik, National Cybersecurity Office – Japan, JPCERT Coordination Centre – Japan, National Police Agency – Japan, National Intelligence Service – Republic of Korea and National Cyber and Information Security Agency – Czechia.
Foundations for modern defensible architecture (updated) - Written for technical security and enterprise architects. The foundations represent organisational goals or capabilities that will facilitate a more efficient adoption of zero trust technologies and architecture.
Foundations for modern defensible architecture [PDF, 2 MB]
Modern defensible architecture for senior decision makers - Assists senior decision makers understand the contemporary threat landscape and how MDA can help organisations defend against current and emerging threats.
Modern defensible architecture for senior decision makers [PDF, 582 KB]
Investing in modern defensible architecture - Helps organisations to develop a modern defensible architecture investment roadmap based on their organisational strategy, business and security objectives, risk profile and threat context.
then other countries
https://www.ncsc.govt.nz/protect-your-organisation/modern-defensible-architecture-guidance/
https://www.cyber.gc.ca/en/news-events/series-joint-guidance-modern-defensible-architecture
PingOne Attack Paths
Andy Robbins and Garret Foster provide a defensive work aid..
You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and remediate identity-based attack paths in PingOne instances.
https://specterops.io/blog/2025/10/20/pingone-attack-paths/
Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE
Tahina Ramananandro, Gabriel Ebner, Guido Martínez and Nikhil Swamy show that modern language inter-opability done in a provably secure manner is indeed quite involved..
Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified parser and serializer combinators for non-malleable binary formats. Specifications and proofs in PulseParse are in separation logic, offering a more abstract and compositional interface, with full support for data validation, parsing, and serialization. PulseParse also supports a class of recursive formats— with a focus on security and handling adversarial inputs, we show how to parse such formats with only a constant amount of stack space.
We use PulseParse at scale by providing the first formalization of CBOR, a recursive, binary data format standard, with growing adoption in various other industrial standards. We prove that the deterministic fragment of CBOR is non-malleable and provide EverCBOR, a verified library in both C and Rust to validate, parse, and serialize CBOR objects implemented using PulseParse. Next, we provide the first formalization of CDDL, a schema definition language for CBOR. We identify well-formedness conditions on CDDL definitions to ensure that they yield unambiguous, non-malleable formats, and implement EverCDDL, a tool that checks the wellformedness of a CDDL definition and produces verified parsers and serializers for it.
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/10/evercbor.pdf
Incident Writeups & Disclosures
How they got in and what they did.
Lessons from the BlackBasta Ransomware Attack on Capita
Will Thomas does a breakdown on the incident
https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html
PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise
Zheng Yu, Ziyi Guo, Yuhang Wu, and Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen and Xinyu Xing give a hint at the future with this work.
In this paper, we introduce PatchAgent, a novel LLM-based APR tool that seamlessly integrates fault localization, patch generation, and validation within a single autonomous agent. PatchAgent employs a language server, a patch verifier, and interaction optimization techniques to mimic human-like reasoning during vulnerability repair. Evaluated on a dataset of 178 real-world vulnerabilities, PatchAgent successfully repairs over 90% of the cases, outperforming state-of-the-art APR tools where applicable. Our ablation study further offers insights into how various interaction optimizations contribute to PatchAgent’s effectiveness.
https://www.usenix.org/conference/usenixsecurity25/presentation/yu-zheng
Vulnerability
Our attack surface.
Diffing 7-Zip for CVE-2025-11001
Dominik provides some clarity on the situation..
I’d like to mention there are 2 bugs disclosed by ZDI affecting this release with the same description and reporter, most likely the other report exploits a symlink bug with UNC paths, as this is also mentioned in the diff.
This post describes a vulnerability in 7-Zip’s module responsible for converting Linux symlinks to Windows ones (as well as other types of symlinks but this blog will focus on the Linux -> Windows side).
https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
Shivan Kaul Sahib and Artem Chaikin show once again the rush to have functional edge leads to monumental cyber security trip hazards..
Readers will note that each of these attacks look similar. Fundamentally, they boil down to a failure to maintain clear boundaries between trusted user input and untrusted Web content when constructing LLM prompts while allowing the browser to take powerful actions on behalf of the user.
https://brave.com/blog/unseeable-prompt-injections/
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware
Edera’s disclosure makes painful reason for a variety of reasons. The first is an RCE in Rust library and second is the real challenges on abandonware..
The Edera team has uncovered a critical boundary-parsing bug, dubbed TARmageddon (CVE-2025-62518), in the popular
async-tarRust library and its deep lineage of forks, including the widely usedtokio-tar. In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends...
This vulnerability disclosure was uniquely challenging because the most popular fork (
tokio-tar, with over 5 million downloads on crates.io) appears to be abandonware – no longer actively maintained.
https://edera.dev/stories/tarmageddon
Offense
Attack capability, techniques and trade-craft.
Stealing Microsoft Teams access tokens in 2025
Brahim El Fikhi shows how to do it..
https://blog.randorisec.fr/ms-teams-access-tokens/
Stealth BGP Hijacks with uRPF Filtering
Haya Schulmann and Shujie Zhao warn us…
Through extensive simulation-based analysis, we demonstrate that 99.3% of networks are vulnerable to SBA-uRPF under a full deployment of uRPF, with a potential maximum impact affecting over 59,115 networks (76.3%). Unlike conventional BGP hijacks, which often result in noticeable routing anomalies, SBA-uRPF remains undetectable to the affected networks, making it a particularly dangerous threat. T
https://www.usenix.org/system/files/woot25-schulmann.pdf
Exploitation
What is being exploited..
Nothing overly of note this week…
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
ChkTag: x86 Memory Safety
Intel etc. wake up to the competitive challenge of CHERI, MTE etc.
ChkTag is a set of new and enhanced x86 instructions to detect memory safety violations, such as buffer overflows and misuses of freed memory (use-after-free). ChkTag is designed to be suitable for hardening applications, operating system kernels, hypervisors for virtualization, and UEFI firmware. ChkTag places control in the software developers’ hands to balance their security needs with operational elements that often become prominent when deploying code. For example, ChkTag provides instruction-granular control over which memory accesses are checked. Compilers can offer optimizations and new language features or intrinsics. ChkTag prepares x86 for a future with increasing amounts of code written in memory-safe languages running alongside code in other languages. Furthermore, ChkTag loads tags from linear/virtual memory that can often be committed on demand.
KNighter: Transforming Static Analysis with LLM-Synthesized Checkers
Chenyuan Yang, Zijie Zhao, Zichen Xie, Haoyu Li and Lingming Zhang
We present KNighter, the first approach that unlocks scalable LLM-based static analysis by automatically synthesizing static analyzers from historical bug patterns. Rather than using LLMs to directly analyze massive systems, our key insight is leveraging LLMs to generate specialized static analyzers guided by historical patch knowledge. KNighter implements this vision through a multi-stage synthesis pipeline that validates checker correctness against original patches and employs an automated refinement process to iteratively reduce false positives. Our evaluation on the Linux kernel demonstrates that KNighter generates high-precision checkers capable of detecting diverse bug patterns overlooked by existing human-written analyzers. To date, KNighter-synthesized checkers have discovered 92 new, critical, long-latent bugs (average 4.3 years) in the Linux kernel; 77 are confirmed, 57 fixed, and 30 have been assigned CVE numbers. This work establishes an entirely new paradigm for scalable, reliable, and traceable LLM-based static analysis for real-world systems via checker synthesis.
https://arxiv.org/abs/2503.09002
Exploring GrapheneOS secure allocator: Hardened Malloc
Nicolas Stefanski does some selling as to the value…
Hardened Malloc is a security-hardened memory allocator that implements several advanced protection mechanisms, most notably leveraging the ARM Memory Tagging Extension (MTE) to detect and prevent memory corruption. While it offers an improvement over the standard scudo allocator, particularly against use-after-free vulnerabilities, its true strength lies in its integration with GrapheneOS. This combination achieves a higher level of security than a typical Android device that uses scudo.
Furthermore, the use of canaries and numerous guard pages complements its arsenal, especially on older devices without MTE, by quickly triggering exceptions in case of unwanted memory access.
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual, quarterly and monthly reports
Nothing overly of note this week
Phishing for Justice: When Cybercriminals Hack the Human Mind - “What is needed is a jurisprudence for cyberpsychology- a framework that treats persuasion and bias as vulnerabilities as real as zero-day exploits. Singh & Zheng recommend behavioral nudges, structured cognitive training, and cultures of readiness that integrate psychology with technology.”
Soitec and CEA partner to develop automotive cybersecurity with advanced FD-SOI technology - “demonstrated how Fully Depleted Silicon-on-Insulator (FD-SOI) substrates can deliver intrinsic protection against the threat of fault injection attacks, identified as an increasing risk by automotive cybersecurity ISO/SAE 21434 standard setters.”
Quantum Key Distribution in Four Dimensions - the interest here isn’t about the QKD it is about the information encoding.
Artificial intelligence
Harnessing AI to Disrupt and Evaluate Security (HADES) - video from Offensive AI Con
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
KNighter: Transforming Static Analysis with LLM-Synthesized Checkers
PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise
Do Spammers Dream of Electric Sheep? Characterizing the Prevalence of LLM-Generated Malicious Emails
Books
Nothing overly of note this week
Events
Finally finally the NCSC’s podcast series.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.