Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Tuesday, September 30, 2025. I'm Sarah Lane. AI generated code used in phishing campaign blocked by Microsoft Microsoft blocked a US targeted phishing campaign that used AI generated code hidden in an SVG file disguised as a PDF. Microsoft identified AI traits in the code, including verbose business like comments over engineered functions and formulaic obfuscation. Defender for Office365 detected the attack through anomalies in email structure, file format and network behavior. Microsoft is advising using Safe Links, Zero Hour Auto Purge, Phishing Resistant Authentication and and cloud delivered antivirus protection to mitigate similar threats. WestJet notifies American consumers of data breach WestJet notified US customers of a cybersecurity incident on June 13, claiming a criminal third party gained unauthorized access to its systems. The airline confirmed that some personal information was obtained, names, contact details and reservation related documents, but says no payment card data or passwords were compromised. WestJet says it's engaged experts to investigate and is informing affected individuals, advising vigilance against phishing or social engineering attempts. The airline emphasized that operational safety was never at risk. Ukrainian cops spoofed in fileless phishing attacks on Kyiv Fortigard Labs reports that attackers are spoofing Ukraine's national police in a phishing campaign targeting government systems. Emails with malicious SVG attachments trick victims into downloading a password protected archive that then delivers two Amatera Stealer, which harvests credentials, browser data and crypto wallets, and PureMiner, a stealthy crypto miner. The malware is then deployed directly into memory to evade detection. Harrods suffers new breach exposing 430,000 customer records UK retail giant Harrods disclosed a new data breach affecting 430,000 customers after attackers compromised a third party supplier. The exposed records include names, contact details and some marketing or loyalty related tags, but not passwords, payment info or order histories. The breach is apparently unrelated to a May attack linked to Scattered Spider and Dragon Force ransomware. Harrods has informed affected customers and authorities, warning them to watch for phishing, and confirmed that the threat actor unsuccessfully attempted to engage in extortion. Huge thanks to our sponsor Nudge Security, AI tools have spread to every corner of your tech stack, which is great for innovation but not so great for data governance. That's where Nudge Security comes in. Nudge discovers shadow AI across your org, chatbots, MCP integrations, AI in the supply chain and more. And Nudge delivers guardrails to employees to help you stop data leakage before it even starts. The best part? You have a full inventory of AI assets on day one of your free trial, even those introduced before you start using Nudge. No time machine required. Gain visibility and control of AI use. Get started@nudgesecurity.com Genai Tile Tags said to be exploited by tech savvy stalkers Researchers at Georgia Tech said the company Tile's tracking tags leak unencrypted data that could let Tile or anyone else track users movements. Each tag broadcasts a static Mac address and unique ID that can be intercepted. While anti Stalking protections are easily bypassed if anti theft mode is enabled, the flaws also let attackers replay broadcasts to falsely implicate somebody in stalking. Tile's parent company, Life360, was notified last year but has not addressed the issues publicly. Security flaws take down popular call recording app Neon the call recording app Neon was taken offline last week after TechCrunch discovered a flaw that let any logged in user access other people's phone numbers, transcripts and audio files. Developer Alex Kiam confirmed the shutdown, saying that the service will relaunch in one to two weeks after fixing the issue and completing a security audit. Neon was launched back in July and pays users up to $30 per day for sharing call recordings with AI companies. National cyber authorities launch OT security guidance Cybersecurity agencies from seven countries, including the U.S. the UK, Australia, Germany and the Netherlands have released new Operational Technology Security Guidance. The framework outlines five maintaining a definitive record of OT assets implementing an information security program, classifying assets by risk, documenting system connectivity and assessing third party risks. Officials warn that OT compromises can disrupt critical infrastructure such as energy, water and manufacturing. The document follows last month's release of the first unified OT security taxonomy. Evil AI Malware masquerades as AI to infiltrate global orgs Trend Micro researchers are tracking a global malware campaign dubbed Evil AI, where attackers disguise Trojans as legitimate productivity or AI tools. Apps like App Suite, epibrowser and PDF Editor are being used to infiltrate sectors including government, healthcare and manufacturing across the U.S. europe, Brazil, India and beyond. The malware uses stolen or disposable code, signing certificates, professional interfaces, and fake vendor sites to avoid detection. Then it exfiltrates browser Data, maintains encrypted C2 connections, and stages systems for further payloads. It does seem like we've never had more cybersecurity vendors than we do today, but everyone is using the same playbook. Same slick demos, same certifications, same claims of being the best. All CISOs want are vendor solutions to solve problems. So why is it so hard to get that information from the people selling the solutions? That is one of the segments we're going to cover on this week's episode of the CISO Series Podcast. Look for the episode titled Time to Choose a Security Vendor, Dartboard or Spin the Wheel wherever you get your podcasts. And if you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I am Sarah Lane, reporting for the CISO Series. You stay classy and I'll talk to you tomorrow.