Deuxieme RE Banque News

Sign in Subscribe

28 Oct 2025

Cyber News 29OCT2025

General

More on the incidents (Collins Aerospace / RTX) that caused chaos in European airports back in September. Appears they were hit by two gangs at once (the second data leak - by Everest - is a real clanger)
- https://www.hudsonrock.com/blog/5532
- https://www.irishtimes.com/ireland/2025/10/24/millions-of-passengers-could-be-affected-by-cyber-breach-at-dublin-airport-supplier/
The dangers of trusted parties and no two-person controls (this could just as easily have been software edits)
- https://www.404media.co/rogue-goodreads-librarian-edits-site-to-expose-censorship-in-favor-of-trump-fascism/
Not particularly surprising - malware looking at less-obvious places to execute, in order to evade defences. In this case, Windows Subsystem for Linux. Others have brought their own Virtual Machines.
- https://www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows/
Android Malware adding a text-entry delay randomiser to appear more human. This may work against basic is/is-not human detection, but won't beat profiling-style detections.
No surprise - the WSUS vulnerability is being actively targeted
- https://www.cybersecuritydive.com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/

Retro Corner

Faking and masking URL's with font tricks (also works to hide prompt-injections from humans, that LLM's can still read)
- https://www.bleepingcomputer.com/news/security/bidi-swap-the-bidirectional-text-trick-that-makes-fake-urls-look-real/
- https://www.varonis.com/blog/bidi-swap

Getting Techy

A deep-dive into the Windows Local Security Authority (LSA), virtualisation protection through Credential Guard, and the window created by Remote Credential Guard (RCG).
- https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/
Ever wanted to see inside a point-of-sale device?
- https://stefan-gloor.ch/yomani-hack
More attacks against Trusted Execution Environments. Defeated through physical access.
- https://www.bleepingcomputer.com/news/security/teefail-attack-breaks-confidential-computing-on-intel-amd-nvidia-cpus/
WSO2 middleware vulnerabilities. Classic auth-bypass.
- https://blog.lexfo.fr/wso2.html

Geo-Politics

[NKO] A summary of what North Korea has been up to recently, based upon the Multilateral Sanctions and Measures Team report

Privacy

[EU] None Of Your Business (noyb) goes after Clearview AI for its scraping activities
- https://therecord.media/clearview-ai-sued-europe-alleged-privacy-violations
- https://www.theregister.com/2025/10/28/noyb_criminal_charges_clearview/
[US] Fighting back against surveillance tech in New York
- https://therecord.media/nypd-domain-awareness-system-civil-rights-lawsuit

AI

Another example of prompt-injection and the lethal trifecta. At least for now, an unsolvable problem.
- https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Musk launches Grokipedia, a fully-AI-generated version of Wikipedia
- https://www.404media.co/grokipedia-is-the-antithesis-of-everything-that-makes-wikipedia-good-useful-and-human/
More AI we really need
- https://www.404media.co/a16z-is-funding-a-speedrun-to-ai-generated-hell-on-earth/
OpenAI's "Atlas" browser, speed-running browser security from the last thirty-odd years. First up - storing authentication tokens in the clear.
- https://www.linkedin.com/feed/update/urn:li:activity:7386770853973147648/
How about some CSRF in Atlas?
- https://www.itnews.com.au/news/researchers-find-vulnerabilities-in-openais-atlas-agentic-browser-621328
- https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
Maybe a prompt injection in the omnibox?
- https://neuraltrust.ai/blog/openai-atlas-omnibox-prompt-injection