Cynalysis Cyber Watch

Exploitation of AI Tools: Hackers are increasingly leveraging AI tools like Claude Code to automate attacks, as seen in the cyberattack on Mexican government systems where 150GB of data was exfiltrated (Security Affairs).

Trojanized Gaming Utilities: Microsoft reported that threat actors are deploying Remote Access Trojans (RATs) through trojanized gaming utilities, highlighting a trend of using seemingly benign software to deliver malware (Security Affairs).

Critical Vulnerabilities in Infrastructure: The exploitation of CVE-2025-64328 in Sangoma FreePBX systems has led to web shell deployments, affecting over 900 instances and stressing the risks associated with outdated VoIP technology (Security Affairs).

Aeternum Botnet: This newly discovered botnet utilizes Polygon blockchain smart contracts for command-and-control, complicating detection and takedown efforts (Security Affairs).

RESURGE Malware: CISA has warned about the RESURGE malware, which is capable of remaining dormant on Ivanti devices, posing a long-term threat (Bleeping Computer).

Kimwolf Botmaster: The Kimwolf botnet, controlled by the entity known as "Dort," has been linked to DDoS attacks and other malicious activities, indicating a sophisticated threat landscape (Krebs on Security).

Patch Vulnerabilities Promptly: Organizations utilizing Sangoma FreePBX should prioritize immediate patching of CVE-2025-64328 to mitigate ongoing web shell threats (Security Affairs).

Enhance API Key Management: Implement robust security measures for API key management to prevent unauthorized access to sensitive data, as demonstrated by the Google API key exposure incident (CSO Online).

Monitor AI Tool Usage: Companies should closely monitor and audit the use of AI tools like Claude Code to prevent exploitation in cyberattacks, ensuring that such technologies are used responsibly (Security Affairs).