Several notable security developments this week span criminal sentencing, vulnerability disclosures, spyware targeting, and shifting influence operations.

Canadian Hacktivist Sentenced

Aubrey Cottle, 39, of Oshawa, Ontario, a hacker affiliated with Anonymous, was sentenced to 18 months in prison for a September 2021 cyberattack on the Texas Republican Party. Cottle pleaded guilty to defacing the party’s website, exfiltrating data from its server, and publishing that data online.

Open Source Zero-Days via LLM Fuzzing

A researcher identified as Bikini published proof-of-concept exploit code for dozens of zero-day vulnerabilities across multiple open source projects, including FFmpeg, Gogs, Gitea, Ghidra, 7-Zip, OpenVPN, and VLC. Nine of the flaws have been assigned CVE identifiers. The researcher attributed discovery of the issues to LLM-assisted fuzzing, marking a notable example of AI-augmented vulnerability research producing actionable results at scale.

ATM Jackpotting Sentences

Two Venezuelan nationals, Carlos Javier Padron, 36, and Arnoldo Cabrera Torrealba, 37, were each sentenced to 78 months in federal prison for deploying a variant of the Ploutus malware against ATMs across the United States. The pair operated as part of a larger criminal network and withdrew funds without authorization. They were ordered to pay $1.5 million in restitution jointly. An additional 96 defendants have been charged in connection with the operation.

Pegasus Spyware Targeted MEP Investigating Pegasus Abuse

Citizen Lab revealed that Stelios Kouloglou, a former member of the European Parliament who served on the PEGA committee investigating Pegasus misuse, was himself compromised using NSO Group’s Pegasus spyware. No government has been attributed responsibility, and researchers found no evidence implicating the Greek government.

KDDI Data Breach Affects 14 Million

Japanese telecommunications provider KDDI disclosed a breach affecting approximately 14.22 million individuals across five ISP operators: BIGLOBE, Chubu Telecommunications, JCOM, NIFTY Corporation, and STNet. Exposed data is reported to include email addresses and passwords.

PamStealer Targets macOS

Jamf detailed a Rust-based information stealer called PamStealer that validates harvested credentials through macOS Pluggable Authentication Modules before exfiltrating them. The malware is distributed as a compiled AppleScript file disguised as the open source clipboard manager Maccy.

Push Security Hit by Poisoned Tenant Attack

Security firm Push Security, which originally described the poisoned tenant attack technique three years ago, was itself targeted using the method via OpenAI’s organization invitation feature. Employees received invitations purporting to be from Push Security. If accepted, the attacker would gain visibility into employee activity and the ability to conduct further social engineering.

Patches from Cisco and Synology

Cisco released fixes for seven ClamAV vulnerabilities affecting Secure Endpoint Connector for Windows, Linux, and macOS, as well as Secure Endpoint Private Cloud, and patched one flaw in Catalyst Center. Synology addressed three vulnerabilities in MailPlus Server, two of which are rated critical and could allow arbitrary file read or write operations and denial-of-service conditions.

Pro-Russia Influence Operations Broaden Scope

According to Google, pro-Russia covert influence operations are expanding beyond their previous focus on Ukraine to target the US, EU members, NATO countries, Russia’s neighbors, and regions including the Middle East and Africa. These operations are increasingly incorporating generative AI into their methods.