Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2025-12-22T05:00:05.412818+00:00

1. GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries (www.recordedfuture.com, 2025-12-09T00:00:00)
   Score: 13.799
   Note: The analysis cut-off date for this report was November 10, 2025 Executive Summary Insikt Group continues to monitor GrayBravo (formerly tracked as TAG-150), a technically sophisticated and rapidly evolving threat actor first identified in September 2025. GrayBravo demonstrates strong adaptability, responsiveness to public exposure, and operates a large-scale, multi-layered infrastructure. Recent analysis of GrayBravo’s ecosystem uncovered four distinct activity clusters leveraging the grou
2. [Updated] Another Chrome zero-day under attack: update now (www.malwarebytes.com, 2025-12-11T11:58:47)
   Score: 9.415
   If we’re lucky, this update will close out 2025’s run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
3. Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors (www.recordedfuture.com, 2025-12-08T00:00:00)
   Score: 9.332
   A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded Future recommends organizations patch their systems immediately.
4. December 2025 Patch Tuesday: One Critical Zero-Day, Two Publicly Disclosed Vulnerabilities Among 57 CVEs (www.crowdstrike.com, 2025-12-09T06:00:00)
   Score: 8.54
5. CISA warns ASUS Live Update backdoor is still exploitable, seven years on (www.malwarebytes.com, 2025-12-19T13:56:36)
   Score: 7.762
   Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.
6. November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October (www.recordedfuture.com, 2025-12-09T00:00:00)
   Score: 7.499
   November 2025 CVE landscape: 10 exploited critical vulnerabilities, a 69% drop from October, and why Fortinet and Samsung flaws need urgent patching.
7. Inside a purchase order PDF phishing campaign (www.malwarebytes.com, 2025-12-17T13:38:00)
   Score: 7.427
   A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.
8. December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices (www.malwarebytes.com, 2025-12-10T16:06:14)
   Score: 7.277
   The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.
9. Android mobile adware surges in second half of 2025 (www.malwarebytes.com, 2025-12-16T13:58:42)
   Score: 7.262
   Malwarebytes threat research reveals spike in adware and malicious malware families Triada and MobiDash heading into the holiday season.
10. PayPal closes loophole that let scammers send real emails with fake purchase notices (www.malwarebytes.com, 2025-12-15T13:41:57)
    Score: 7.094
    Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.

Top 10 AI / LLM-Related Threats

Generated 2025-12-22T06:00:15.557575+00:00

1. MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval (arxiv.org, 2025-12-22T05:00:00)
   Score: 26.79
   arXiv:2512.16962v1 Announce Type: new
   Abstract: Large Language Model (LLM) agents increasingly rely on long-term memory and Retrieval-Augmented Generation (RAG) to persist experiences and refine future performance. While this experience learning capability enhances agentic autonomy, it introduces a critical, unexplored attack surface, i.e., the trust boundary between an agent's reasoning core and its own past. In this paper, we introduce MemoryGraft. It is a novel indirect injection attack
2. Scaling MLflow for enterprise AI: What’s New in SageMaker AI with MLflow (aws.amazon.com, 2025-12-11T18:16:19)
   Score: 15.703
   Today we’re announcing Amazon SageMaker AI with MLflow, now including a serverless capability that dynamically manages infrastructure provisioning, scaling, and operations for artificial intelligence and machine learning (AI/ML) development tasks. In this post, we explore how these new capabilities help you run large MLflow workloads—from generative AI agents to large language model (LLM) experimentation—with improved performance, automation, and security using SageMaker AI with MLflow.
3. AlignDP: Hybrid Differential Privacy with Rarity-Aware Protection for LLMs (arxiv.org, 2025-12-22T05:00:00)
   Score: 14.79
   arXiv:2512.17251v1 Announce Type: new
   Abstract: Large language models are exposed to risks of extraction, distillation, and unauthorized fine-tuning. Existing defenses use watermarking or monitoring, but these act after leakage. We design AlignDP, a hybrid privacy lock that blocks knowledge transfer at the data interface. The key idea is to separate rare and non-rare fields. Rare fields are shielded by PAC indistinguishability, giving effective zero-epsilon local DP. Non-rare fields are privati
4. ZKPROV: A Zero-Knowledge Approach to Dataset Provenance for Large Language Models (arxiv.org, 2025-12-22T05:00:00)
   Score: 14.79
   arXiv:2506.20915v2 Announce Type: replace
   Abstract: As large language models (LLMs) are used in sensitive fields, accurately verifying their computational provenance without disclosing their training datasets poses a significant challenge, particularly in regulated sectors such as healthcare, which have strict requirements for dataset use. Traditional approaches either incur substantial computational cost to fully verify the entire training process or leak unauthorized information to the verifi
5. Privacy Bias in Language Models: A Contextual Integrity-based Auditing Metric (arxiv.org, 2025-12-22T05:00:00)
   Score: 14.79
   arXiv:2409.03735v3 Announce Type: replace-cross
   Abstract: As large language models (LLMs) are integrated into sociotechnical systems, it is crucial to examine the privacy biases they exhibit. We define privacy bias as the appropriateness value of information flows in responses from LLMs. A deviation between privacy biases and expected values, referred to as privacy bias delta, may indicate privacy violations. As an auditing metric, privacy bias can help (a) model trainers evaluate the ethical a
6. Biosecurity-Aware AI: Agentic Risk Auditing of Soft Prompt Attacks on ESM-Based Variant Predictors (arxiv.org, 2025-12-22T05:00:00)
   Score: 13.79
   arXiv:2512.17146v1 Announce Type: new
   Abstract: Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated remarkable success in variant effect prediction. However, their security and robustness under adversarial manipulation remain largely unexplored. To address this gap, we introduce the Secure Agentic Genomic Evaluator (SAGE), an agentic framework for auditing the adversarial vulnerabilities of GFMs. SAGE functions through an interpretable and automated ri
7. Patch Tuesday – December 2025 (www.rapid7.com, 2025-12-10T07:50:42)
   Score: 13.061
   Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday , which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and a single exploited-in-the-wild vulnerability. Three critical remote code execution (RCE) vulnerabilities are also patched today; Microsoft currently assesses those as less likely or even unlikely to see exploitation. During December,
8. The December 2025 Security Update Review (www.thezdi.com, 2025-12-09T18:29:16)
   Score: 12.929
   It’s the final patch Tuesday of 2025, but that doesn’t make it any less exciting. Put aside your holiday planning for just a moment as we review the latest security offering from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2025 For December, Adobe released five bulletins addressing 139 unique CVEs in Adobe Reader, ColdFusion, Experience Manager, Creative Cloud Desktop, and the Adobe DNG Softwar
9. How Swisscom builds enterprise agentic AI for customer support and sales using Amazon Bedrock AgentCore (aws.amazon.com, 2025-12-11T18:24:13)
   Score: 12.904
   In this post, we'll show how Swisscom implemented Amazon Bedrock AgentCore to build and scale their enterprise AI agents for customer support and sales operations. As an early adopter of Amazon Bedrock in the AWS Europe Region (Zurich), Swisscom leads in enterprise AI implementation with their Chatbot Builder system and various AI initiatives. Their successful deployments include Conversational AI powered by Rasa and fine-tuned LLMs on Amazon SageMaker, and the Swisscom Swisscom myAI assist
10. Unlocking video understanding with TwelveLabs Marengo on Amazon Bedrock (aws.amazon.com, 2025-12-16T18:51:10)
    Score: 12.399
    In this post, we'll show how the TwelveLabs Marengo embedding model, available on Amazon Bedrock, enhances video understanding through multimodal AI. We'll build a video semantic search and analysis solution using embeddings from the Marengo model with Amazon OpenSearch Serverless as the vector database, for semantic search capabilities that go beyond simple metadata matching to deliver intelligent content discovery.
11. Cryptanalysis of Pseudorandom Error-Correcting Codes (arxiv.org, 2025-12-22T05:00:00)
    Score: 11.79
    arXiv:2512.17310v1 Announce Type: new
    Abstract: Pseudorandom error-correcting codes (PRC) is a novel cryptographic primitive proposed at CRYPTO 2024. Due to the dual capability of pseudorandomness and error correction, PRC has been recognized as a promising foundational component for watermarking AI-generated content. However, the security of PRC has not been thoroughly analyzed, especially with concrete parameters or even in the face of cryptographic attacks. To fill this gap, we present the f
12. Key-Conditioned Orthonormal Transform Gating (K-OTG): Multi-Key Access Control with Hidden-State Scrambling for LoRA-Tuned Models (arxiv.org, 2025-12-22T05:00:00)
    Score: 11.79
    arXiv:2512.17519v1 Announce Type: new
    Abstract: We present a simple, PEFT-compatible mechanism that enforces secret-key access control in instruction-tuned language models. K-OTG trains on a dual-path corpus: authorized examples (prefixed with a role key) learn the task output, while unauthorized examples learn a visible block token. At inference, a pre-lm_head hook applies an orthonormal transform to the hidden state: with the correct key/role the inverse map restores the model's native b
13. New Prompt Injection Attack Vectors Through MCP Sampling (unit42.paloaltonetworks.com, 2025-12-05T23:00:59)
    Score: 10.921
    Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42 .
14. Build and deploy scalable AI agents with NVIDIA NeMo, Amazon Bedrock AgentCore, and Strands Agents (aws.amazon.com, 2025-12-18T17:26:39)
    Score: 10.561
    This post demonstrates how to use the powerful combination of Strands Agents, Amazon Bedrock AgentCore, and NVIDIA NeMo Agent Toolkit to build, evaluate, optimize, and deploy AI agents on Amazon Web Services (AWS) from initial development through production deployment.
15. CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.16957v1 Announce Type: new
    Abstract: Securing low-latency I/O in commodity systems forces a fundamental trade-off: rely on the kernel's high overhead mediated interface, or bypass it entirely, exposing sensitive hardware resources to userspace and creating new vulnerabilities. This dilemma stems from a hardware granularity mismatch: standard MMUs operate at page boundaries, making it impossible to selectively expose safe device registers without also exposing the sensitive contr
16. AutoDFBench 1.0: A Benchmarking Framework for Digital Forensic Tool Testing and Generated Code Evaluation (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.16965v1 Announce Type: new
    Abstract: The National Institute of Standards and Technology (NIST) Computer Forensic Tool Testing (CFTT) programme has become the de facto standard for providing digital forensic tool testing and validation. However to date, no comprehensive framework exists to automate benchmarking across the diverse forensic tasks included in the programme. This gap results in inconsistent validation, challenges in comparing tools, and limited validation reproducibility.
17. Detection and Analysis of Sensitive and Illegal Content on the Ethereum Blockchain Using Machine Learning Techniques (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.17411v1 Announce Type: new
    Abstract: Blockchain technology, lauded for its transparent and immutable nature, introduces a novel trust model. However, its decentralized structure raises concerns about potential inclusion of malicious or illegal content. This study focuses on Ethereum, presenting a data identification and restoration algorithm. Successfully recovering 175 common files, 296 images, and 91,206 texts, we employed the FastText algorithm for sentiment analysis, achieving a
18. Methods and Tools for Secure Quantum Clouds with a specific Case Study on Homomorphic Encryption (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.17748v1 Announce Type: new
    Abstract: The rise of quantum computing/technology potentially introduces significant security challenges to cloud computing, necessitating quantum-resistant encryption strategies as well as protection schemes and methods for cloud infrastructures offering quantum computing time and services (i.e. quantum clouds). This research explores various options for securing quantum clouds and ensuring privacy, especially focussing on the integration of homomorphic e
19. AdvJudge-Zero: Binary Decision Flips in LLM-as-a-Judge via Adversarial Control Tokens (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.17375v1 Announce Type: cross
    Abstract: Reward models and LLM-as-a-Judge systems are central to modern post-training pipelines such as RLHF, DPO, and RLAIF, where they provide scalar feedback and binary decisions that guide model selection and RL-based fine-tuning. We show that these judge systems exhibit a recurring vulnerability: short sequences of low-perplexity control tokens can flip many binary evaluations from correct “No'' judgments to incorrect “Yes'' ju
20. Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.17538v1 Announce Type: cross
    Abstract: Autonomous AI agents lack traceable accountability mechanisms, creating a fundamental dilemma where systems must either operate as “downgraded tools'' or risk real-world abuse. This vulnerability stems from the limitations of traditional key-based authentication, which guarantees neither the operator's physical identity nor the agent's code integrity. To bridge this gap, we propose BAID (Binding Agent ID), a comprehensive id
21. Clean Up the Mess: Addressing Data Pollution in Cryptocurrency Abuse Reporting Services (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2410.21041v2 Announce Type: replace
    Abstract: Cryptocurrency abuse reporting services are a valuable data source about abusive blockchain addresses, prevalent types of cryptocurrency abuse, and their financial impact on victims. However, they may suffer data pollution due to their crowd-sourced nature. This work analyzes the extent and impact of data pollution in cryptocurrency abuse reporting services and proposes a novel LLM-based defense to address the pollution. We collect 289K abuse
22. Efficient Bitcoin Meta-Protocol Transaction and Data Discovery Through nLockTime Field Repurposing (arxiv.org, 2025-12-22T05:00:00)
    Score: 9.49
    arXiv:2512.16683v2 Announce Type: replace
    Abstract: We describe the Lockchain Protocol, a lightweight Bitcoin meta-protocol that enables highly efficient transaction discovery at zero marginal block space cost, and data verification without introducing any new on-chain storage mechanism. The protocol repurposes the mandatory 4-byte nLockTime field of every Bitcoin transaction as a compact metadata header. By constraining values to an unused range of past Unix timestamps greater than or equal to
23. Metasploit Wrap-Up 12/19/2025 (www.rapid7.com, 2025-12-19T21:02:00)
    Score: 8.935
    React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is selected using some basic logic that effectively would make a selection from the first available in alphabetical order. Now Metasploit will prefer a default of x86 Meterpreters for Windows systems (since 32-b
24. Geopolitics and Cyber Risk: How Global Tensions Shape the Attack Surface (www.rapid7.com, 2025-12-11T10:01:00)
    Score: 8.921
    Geopolitics has become a significant risk factor for today’s organizations, transforming cybersecurity into a technical and strategic challenge heavily influenced by state behavior. International tensions and the strategic calculations of major cyber powers, including Russia, China, Iran, and North Korea, significantly shape the current threat landscape. Businesses can no longer operate as isolated entities; they now function as interconnected global ecosystems where employees, suppliers, cloud
25. AI Security Firm Ciphero Emerges From Stealth With $2.5 Million in Funding (www.securityweek.com, 2025-12-19T15:33:41)
    Score: 8.881
    The startup’s solution captures, verifies, and governs all AI interactions within an enterprise’s environment. The post AI Security Firm Ciphero Emerges From Stealth With $2.5 Million in Funding appeared first on SecurityWeek .

Auto-generated 2025-12-22