AI-Powered Zero-Day Creation and Phantom Attacks
Google has warned that threat actors are now using artificial intelligence to craft working zero-day exploits, marking a significant escalation in automated attack capabilities. In a related development, researchers have uncovered the ODINI malware, which uses CPU magnetic emissions to exfiltrate data from Faraday-shielded air-gapped computers, bypassing even the most stringent physical security measures. Separately, the newly discovered PamDOORa backdoor targets Linux systems by compromising the Pluggable Authentication Module (PAM) to steal SSH credentials directly from authentication flows.
Identity Bypass and Credential Theft Campaigns
Attackers have developed a technique called GhostLock that abuses legitimate Windows file-sharing features to lock user files in a ransomware-like manner without deploying encryption malware. Meanwhile, Microsoft Azure AD Conditional Access policies are being bypassed through phantom device registration and Primary Refresh Token (PRT) abuse, allowing persistent unauthorized access. In social engineering campaigns, hackers are using Microsoft Teams calls to trick employees into revealing credentials and manipulating multi-factor authentication (MFA) prompts in real-time.
Widespread Platform Vulnerabilities and Infrastructure Attacks
A critical remote code execution flaw in Apache HTTP Server (CVE-2024-40898 on cve.org) exposes millions of servers worldwide, while new vulnerabilities in cPanel and WHM (CVE-2024-37383 on cve.org and CVE-2024-37384 on cve.org) enable code execution and denial-of-service attacks. In certificate infrastructure, Let’s Encrypt temporarily halted certificate issuance after a cross-signed root certificate incident. The Crimenetwork takedown exposed 22,000 users and over 100 illegal sellers in an international law enforcement operation. Malware campaigns are increasingly leveraging fake GitHub repositories posing as DeepSeek TUI tools and trojanized ScreenConnect installers delivered through weaponized JPEG files, while macOS malware now spreads through Google Ads and legitimate Claude.ai shared chat links using PlugX-like DLL sideloading chains.
Source: Cyber Security News
