BankInfoSecurity.com

Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'
Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.

Malicious npm Package Lets Attackers Capture Refreshed Tokens
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open Source
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

A Live Panel Discussion with CyberEdBoard and Fortinet
Secure Access Service Edge is entering mainstream adoption. Enterprises are shifting from point solutions to platforms. And AI is now at the core of SASE.

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff
Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-driven workflows and productivity gains. And Arctic Wolf laid off 250 workers from its estimated staff of 3,402 to free resources for investment in AI initiatives.

Google Says Criminals Used AI to Discover and Code Exploit
A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

An On Demand video from ID Dataweb
Scattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.

German Financial Regulator Warns Sector to Step Up Defenses
OpenAI is stepping up to do what arch-rival Anthropic still won't. The AI firm will give European authorities and companies access to its new vulnerability-finding AI model, so they can beef up their cybersecurity.

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits
AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

System Translates Detection Rules Across Security Platforms
Researchers developed an AI framework that converts threat detection rules between major SIEM platforms including Splunk, Microsoft Sentinel and QRadar. The system uses LLMs and automated validation steps to preserve detection logic during migrations that often require months of manual work.

Spanish Police Bust German Accused of Relaunching 'Crimenetwork' Cybercrime Forum
Spanish police have arrested a German national suspected of a string of cybercrime offenses, including remotely administering from the sunny island of Mallorca a relaunched version of "Crimenetwork," a German-language cybercrime market for stolen data, forged documents and drugs.

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics
Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure.

Coerced Labor in Scam Compounds Is Reshaping How Enterprises Face Fraud Risks
Fraud operations in Southeast Asia increasingly rely on trafficked workers forced into scams. This reality challenges assumptions about threat actor behavior, complicates attribution and negotiation, and demands that enterprises rethink fraud prevention and disruption strategies.

Also: Washington's AI Policy Divide, FDA's Push for AI-Driven Clinical Trials
In this week's panel, four ISMG editors discussed the battle over who gets to access powerful AI cybersecurity models, policy issues unfolding in Washington over AI-driven cyber defenses, and how the FDA is beginning to test AI-supported real-time clinical trials to speed up drug development.