Cyber News 23OCT2025

General

• [AU] Queensland Government renames "CISO" to "General Manager, Cyber Security"
  • https://www.itnews.com.au/news/qld-government-retires-ciso-position-title-621173
• [CA] FINTRAC fines Digital Payments platform 'Cryptomus' $176M for AML violations. Cryptomus processes transactions for a lot of 'questionable' cryptocurrency exchanges and cybercrime services.
  • https://krebsonsecurity.com/2025/10/canada-fines-cybercrime-friendly-cryptomus-176m/
  • Previous investigation: https://krebsonsecurity.com/2024/12/how-cryptocurrency-turns-to-cash-in-russian-banks/
• [MM] About time! SpaceX disables some (~2500) of the Starlink devices used by scam compounds in Myanmar
  • https://therecord.media/spacex-disables-starlink-kits-in-myanmar-scam-compounds
• [US] Scouts keeping up with the times - AI and Cybersecurity badges
  • https://www.scouting.org/program-updates/scouts-bsa-develops-new-tech-merit-badges/
  • https://edition.cnn.com/2025/10/14/tech/scouting-america-ai-cybersecurity-merit-badges
• [US] How not to handle sensitive information - Former National Security Advisor John Bolton - emailing sensitive information to family using private accounts.
  • https://www.zetter-zeroday.com/john-bolton-indictment-provides-interesting-details-about-hack-of-his-aol-account-and-extortion-attempt/
• Interesting take on whitespace to hide content, plus some data-on-the-blockchain, in a Visual Studio Code extension. This technique could also be useful to attackers for AI-based code injection, due to its invisibility to normal human review.
  • https://www.itnews.com.au/news/hidden-glassworm-malware-spreads-through-infected-vs-code-extensions-621223
• On the recent AWS Outage - DNS -> DynamoDB -> EC2, IAM and other services
  • https://vxdb.sh/one-of-the-largest-aws-outages-ever/
  • (Wired) https://archive.is/3dLnr
  • (Wired - earlier article) https://archive.is/Yn7bV
  • https://www.bleepingcomputer.com/news/technology/aws-outage-crashes-amazon-prime-video-fortnite-perplexity-and-more/
  • Finally - the danger of not having offline-mode - (404 Media) https://archive.is/MO7Xw
• Dirty games in the exploit-development space?
  • https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/
• Cashing out corporate access...via gift cards (there's a specific section on "Why Gift Cards?")
  • https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/
• The joys of vulnerability disclosure, in a world where it's easy to create a fork (and lots of packages get abandoned)
  • https://www.theregister.com/2025/10/22/vulnerable_rust_crate/
• Security tools are often a double-edged sword - the story behind evilginx - defeating MFA via session capture
  • https://therecord.media/evilginx-kuba-gretzky-interview-click-here-podcast
• SLH can't stay out of the news, some more background on their doxing of US officials aka how to find some long-term accommodation in the US, at the US government's expense (travel restrictions may apply).
  • (404 Media) https://archive.is/dFxLd

AI

• Bruce Schneier - "Prompt injection might be unsolvable in today’s LLMs.". It's a classic case of mixing instructions and data. This is a problem conventional programming has spent decades battling, but with more structure available (stacks, memory pages, etc).
  • https://www.schneier.com/blog/archives/2025/10/agentic-ais-ooda-loop-problem.html
  • Background on stack overflows: https://phrack.org/issues/49/14
  • Reflections on Trusting Trust is also a must-read: https://www.cs.cmu.edu/%7Erdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
• As if to prove Bruce's point - Trail of Bits look at using Prompt-Injection to gain Remote Code Execution [RCE] in coding agents
  • https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/
• Why make the attacker's life hard? More long-tail of patching with Cursor and Windsurf IDE's.
  • https://www.bleepingcomputer.com/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/
• OpenAI brings out their AI-enabled browser - ChatGPT Atlas
  • https://simonwillison.net/2025/Oct/21/introducing-chatgpt-atlas/#atom-everything
  • https://appleinsider.com/articles/25/10/22/openai-rolls-out-chatgpt-atlas-browser-with-built-in-ai-tools
• Anthropic exploring ways to use containers to make Claude more useful - Claude Code for Web
  • https://simonwillison.net/2025/Oct/20/claude-code-for-web/