Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities

Summary5 min read

Podcast: Cybersecurity Today
Host: Jim Love
Release Date: August 8, 2025

1. AI Assistant Vulnerabilities Unveiled at Black Hat

At the recent Black Hat USA conference, significant vulnerabilities in AI assistants were exposed, highlighting the potential for sophisticated attacks utilizing commonplace tools like calendar invites. Jim Love delves into these alarming findings, emphasizing the innovative yet perilous method known as prompt injection.

Prompt Injection Exploits AI Summarization:

Researchers demonstrated that attackers can embed malicious instructions within seemingly innocuous calendar events. When AI assistants like Google’s Gemini process these events, they inadvertently execute the hidden commands. For instance, a malicious calendar invite could prompt Gemini to “email a specific person with a secret code”, thereby leaking sensitive information without the user’s awareness. Another scenario showcased how Gemini could “unlock and disable connected smart devices”, such as turning off security systems, simply by processing a compromised event description ([05:45] Jim Love).

Expanding Threats Through Integration:

The risk is exacerbated by the deep integration of AI assistants with platforms like Gmail, Calendar, and Drive. As Jim points out, “routine access to personal data could make these attacks far more powerful” ([07:10] Jim Love). The comprehensive nature of these integrations means that a single vulnerability can have widespread implications across multiple services.

Additional AI Exploits:

Beyond prompt injection, another groundbreaking exploit presented by Hidden Lair introduced the skeleton key attack. This technique involves embedding a backdoor into an AI model, causing it to misclassify weapons as safe objects while evading standard system checks. Jim summarizes, “These attacks don't use malware. They rely on AI assistants doing what they're told, even when those instructions are hidden in plain sight” ([09:30] Jim Love).

Key Takeaway: The integration of AI assistants into daily applications increases their utility but also their vulnerability. Organizations must remain vigilant and implement robust safeguards to protect against these emerging threats.

2. Broadcom Chip Vulnerabilities Threaten Dell Laptops

A critical discovery by Cisco Talos has revealed five new vulnerabilities in Broadcom’s BCM5820X chip series, which are integral to Dell’s Control Vault 3 Secure Enclave. These flaws pose significant risks, especially for government and cybersecurity-focused environments.

Firmware-Level Exploits:

One of the most concerning vulnerabilities, CVE-2025-24919, allows low-privileged users to interact with the Control Vault firmware via Windows APIs. This access can enable attackers to “execute arbitrary code, extract encryption keys, and even plant a stealth backdoor” ([12:15] Jim Love). In practical terms, this means that an attacker could maintain persistent access to a compromised system, undetected by standard operating system defenses.

Demonstrations of Exploit Potential:

Thales researcher Philippe Laurhaurat illustrated the severity of these vulnerabilities by demonstrating how an attacker could:

Hijack Secure Login Chips: Transforming a secure login mechanism into a foothold for further exploitation.
Bypass Biometric Authentication: Reprogramming firmware to accept any fingerprint as valid, thereby “effectively bypassing biometric authentication altogether” ([15:40] Jim Love).

Mitigation Strategies:

Dell has responded by releasing patches in mid-June and issuing a security advisory (DSA2025-053 Cisco). Meanwhile, Cisco Talos recommends:

Disabling Fingerprint Authentication in high-risk environments.
Enabling Chassis Intrusion Detection where available to monitor unauthorized physical access ([17:05] Jim Love).

Key Takeaway: The discovery underscores the critical importance of firmware security and the need for continuous monitoring and prompt patching to safeguard sensitive systems against sophisticated hardware-level attacks.

3. Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited

Microsoft has confirmed that two zero-day vulnerabilities in its on-premises Exchange Server are being actively exploited in the wild. These flaws, identified as CVE-2024-38080 and CVE-2024-38053, pose severe threats to organizations relying on Exchange for their email infrastructure.

Details of the Vulnerabilities:

CVE-2024-38080 (Privilege Escalation): This vulnerability resides in the MSHTML platform and allows attackers to gain “system level access the highest privilege level in Windows” ([20:25] Jim Love).
CVE-2024-38053 (Security Feature Bypass): Enables attackers to “sidestep protective barriers and maintain persistence” within compromised networks, facilitating deeper infiltration and control ([21:50] Jim Love).

Current Exploitation and Impact:

Microsoft has not disclosed the perpetrators or the extent of the exploitation yet, but the nature of these vulnerabilities suggests they are being used in post-exploitation scenarios. Attackers likely employ these flaws to “dig deeper or stay hidden” within targeted networks, making them particularly dangerous for organizations with existing breaches ([23:10] Jim Love).

Urgent Call to Action:

Patches for these vulnerabilities are now available, and Microsoft urges all organizations utilizing on-premises Exchange to “apply them immediately” to prevent potential lateral movements and privilege escalations ([24:45] Jim Love). The ongoing exploits highlight that even as organizations transition to cloud-based solutions, on-premises systems like Exchange remain high-value targets requiring diligent security practices.

Key Takeaway: Timely patch management is crucial. Organizations must ensure that all on-premises Exchange servers are updated to mitigate the risks posed by these actively exploited vulnerabilities.

4. Listener Alert: Expired Certificate at Canadian Domain Registrar

In a notable listener report, a senior IT executive shared an incident involving a Canadian domain registrar accredited by the Canadian Internet Registration Authority (CIRA). He received a renewal notice that, upon verification, led to a portal with an expired security certificate.

Implications of the Expired Certificate:

Jim Love explains that an expired certificate doesn’t indicate a breach but “opens the door” for several security risks:

Man-in-the-Middle Attacks: Without up-to-date certificates, encrypted traffic cannot be guaranteed, making interception feasible.
Phishing Opportunities: Users may become desensitized to browser warnings, increasing susceptibility to phishing attempts.
User Trust Issues: Legitimate services being improperly secured can erode user trust and invite malicious copycats ([27:30] Jim Love).

Context of the Incident:

The listener emphasized that this wasn’t a phishing attempt but a genuine message from a registered domain handler. This highlights gaps in Canadian IT regulation and cyber hygiene, suggesting that even accredited entities can suffer from oversight in critical security practices ([29:00] Jim Love).

Mitigation Recommendations:

To prevent similar issues, organizations should:

Regularly Verify Certificate Validity: Ensure all security certificates are up-to-date and monitored.
Implement Strict Security Protocols: Enforce HTTP Strict Transport Security and Public Key Pinning to safeguard against such vulnerabilities ([30:20] Jim Love).

Key Takeaway: Maintaining robust certificate management practices is essential for preventing exploitation avenues and ensuring secure communications, even for trusted domain registrars.

Conclusion and Further Insights

Jim Love wraps up the episode by reminding listeners of the upcoming "Month in Review" segment, where the podcast will provide an in-depth analysis of key cybersecurity stories with expert panels. He also encourages audience engagement through sharing experiences and contributing tips, which are invaluable for the community’s collective security awareness.

Notable Quote:

“We love these tips and stories from our listeners. Tips like this story today are just fantastic” ([32:15] Jim Love).

This episode of Cybersecurity Today provides a comprehensive overview of critical vulnerabilities exposed at Black Hat, firmware flaws in widely used Dell laptops, actively exploited Microsoft Exchange zero-days, and a listener-reported security lapse in a Canadian domain registrar. Jim Love effectively highlights the evolving landscape of cybersecurity threats and underscores the importance of proactive measures in safeguarding digital infrastructures.

Loading summary

Transcript1 lines

[00:00]
Alyssa
I have to say you guys rock. I mentioned at the beginning of this week about my book A Tale of Quantum Kisses. It's getting some great reviews and I dropped the price to $0.99 for Kindle purchases in August and a number of you have been buying it. So thank you and hopefully some more good reviews will help me with my fall relaunch, which includes a new audiobook version. Your support is hugely appreciated and if you haven't gotten a copy yet, you can buy them on Amazon. Just search for Alyssa E L I S A and Jim Love. Or you can go to alyssabook.com and again, thanks for your support. This is a hugely important project for me, my first fictional novel. And honestly, from the reviews we've been getting, I think you're going to enjoy it. And now back to our regularly scheduled programming Black Hat shows how even a calendar invite can hijack your AI assistant Critical flaws in Broadcom chips expose Dell laptops to stealth backdoor attacks Microsoft Exchange Zero Days are being actively exploited, and a listener reports a Canadian domain registrar caught with an expired certificate. This is cybersecurity Today. I'm your host Jim Love. Think twice before asking your AI assistant to summarize your schedule, because it could lead to someone taking over your smart home. At Black Hat usa, researchers revealed how attackers could exploit Google, Gemini, and potentially other AI assistants using nothing more than a calendar invite. The attack uses a method called prompt injection, and it's as clever as it is dangerous. Here's how it works. Attackers embed hidden instructions inside something like a Google Calendar event. When Gemini scans and summarizes your schedule, it follows those prompts no matter how malicious they are. In one example, researchers added a prompt to a calendar invite that told Gemini to email a specific person with a secret code, exposing sensitive data without the user ever knowing. In another, they had Gemini unlock and disable connected smart devices like turning off security systems, simply by summarizing a compromised event description. The attack was laid out in a paper presented at Black Cat this year titled Invitation Is all youl need, where The researchers detailed 14 different prompt injection techniques. The danger is made worse by Gemini's integration with Gmail, Calendar and Drive, which is something that both OpenAI and Perplexity are doing as well, and that routine access to personal data could make these attacks far more powerful. There's a link to the paper in the show notes, and this wasn't the only AI exploit revealed at Black Hat. Another team from Hidden Lair demonstrated a skeleton key attack, embedding a backdoor into a deployed AI model that made it misclassify weapons as safe objects, all while passing normal system checks. The key insight? These attacks don't use malware. They rely on AI assistants doing what they're told, even when those instructions are hidden in plain sight. Tens of millions of Dell laptops, including some of the most trusted models used in government defense and cybersecurity, have been found vulnerable to deep firmware level attacks thanks to five newly disclosed flaws in Broadcom chips. The vulnerabilities were discovered by Cisco Talis in the Broadcom BCM5820X chip series used in Dell's Control Vault 3 Secure Enclave. That's the hardware component responsible for protecting fingerprint data, passwords and cryptographic secrets. It's meant to lock down access, but under the right conditions, researchers say, it can be hijacked and permanently compromised. One of the flaws, tracked as CVE202524919, allows a low privileged user to interact with the Control Vault firmware through its Windows APIs. From there, it's possible to execute arbitrary code, extract encryption keys, and even plant a stealth backdoor, one that survives reboots and operates below the radar of the operating system. In a demonstration, Thales researcher Philippe Laurhaurat showed how an attacker could do exactly that, turning a secure login chip into a persistent foothold. In another example, he showed how someone with physical access could open a laptop, connect to the chip via USB, and and tamper with the firmware directly, even in a locked system. And here's the really chilling part. If a system is set up to unlock via fingerprint, the attacker could reprogram the firmware to accept any fingerprint as valid, effectively bypassing biometric authentication altogether. Dell said it released patches for the affected systems in mid June, then disclosed the flaws in a security advisory DSA2025 053 Cisco. Talas said there's no evidence the bugs have been exploited in the wild so far, but the risk is real, especially in high security or high trust environments. To reduce exposure, Thales recommends disabling fingerprint authentication in high risk physical settings and ensuring that the chassis's intrusion detection is enabled where it's available. Microsoft has confirmed that two zero day vulnerabilities in Exchange Server are being actively exploited by attackers to escalate privileges and bypass critical security protections. The flaws CVE2024 38080 and CVE2024 38053 were disclosed in this month's Patch Tuesday update. Both affect on premises Exchange installations not the cloud based Exchange online service. The first bug, CVE2024 38080, is a privilege escalation flaw in the MSHTML platform. If exploited, it can give an attacker system level access the highest privilege level in Windows. The second, CVE2024 38053, is a security feature bypass that could allow attackers to sidestep protective barriers and maintain persistence on a compromised network. Microsoft hasn't revealed who's behind the attacks or how widespread they are, but it has confirmed that the vulnerabilities are being actively exploited in the wild. The nature of the flaws suggests they're being used in post exploitation scenarios where attackers already have a foothold and are using these bugs to dig deeper or stay hidden. Patches are now available and organizations running on Premise Exchange are urged to apply them immediately. Systems left unpatched could remain vulnerable to lateral movements and stealthy privilege escalation. It's another reminder that even with a shift to the cloud on prem, Exchange remains a high value target and a persistent weak point for attackers looking to escalate access inside enterprise networks. By the way, this is just one of the many stories we'll be covering in our Month in Review, where we do an in depth dive into the key stories with our panel of experts. It's available on Saturday morning and finally, we got an email from a listener this week. He's a senior IT executive who has worked closely with U.S. homeland Security and in his words, is a frequent and loyal listener to the show. He wrote in to share something he described as funny and, ironically, disturbing after receiving a renewal notice from Canadian Domain ca, which is a domain name registrar accredited by the Canadian Internet Registration Authority, or cira. He verified the message and followed the secure link. But when he arrived at the site's renewal portal, he discovered something that shouldn't happen at any registrar, let alone had one certified to manage CA domains their own security certificate had expired. In his words, the crux of the error message was peers certificate has expired. Not only that, both HTTP strict transport security and and public key pinning were disabled. In short, anyone including bad actors would see the site wasn't properly secured. He added, I won't provide the rest of the digital thumbprint. That would make me as clueless as their web development team. And he pointed out what many U.S. security professionals often tell him, Canadian IT regulation and cyber hygiene still have a long way to go. Now, to be clear, an expired certificate doesn't mean a breach, but it opens the door without an up to date certificate encrypted traffic can't be guaranteed. Man in the middle attacks become more viable, users may ignore browser warnings out of habit, and it's an open invitation for phishing copycats to move in. Now this wasn't a phishing attempt. It was a legitimate message from a real registrar to a cybersecurity savvy customer. And that is what makes it so worrying. Thanks to tired Tim for the heads up. And yes, we love these tips and stories from our listeners. And that's our show. If you like what we're doing, please share the show with others. Give us a like or a comment on your favorite podcast, app or site. We're found everywhere. Apple, Spotify, YouTube and more. We're back on your Alexa speakers and hope to get back on Google Smart speakers soon. And we love to hear from you. Tips like this story today are just fantastic. But just comments or what you think about the program. You can reach us@technewsday ca or.com just go to the Contact Us page. And while you're there, if you would like to support what we're doing, you can go to the Donate tab and consider contributing the cost of a cup of coffee a month to support the show. All of this money gets spent on technical expenses or show development, and if you're watching this on YouTube, just leave a comment under the video. But your contributions would be gratefully accepted as well. Remember our monthly review show. It's available Saturday morning. There's always some great discussions and stories. I'm your host, Jim Love. Thanks for listening.