Serious Intelligence Weekly

This week saw significant developments in AI security and critical vulnerabilities affecting major tech platforms. Microsoft launched Project Ire, an autonomous AI system for malware classification, while security experts at Black Hat USA highlighted emerging threats to agentic AI systems. In the enterprise security space, Ox Security introduced an AI agent capable of automatically generating code fixes for vulnerabilities.

Several major security incidents emerged, with Google falling victim to Salesforce CRM data theft by the ShinyHunters group. Dell faced serious security challenges as researchers discovered ReVault flaws affecting over 100 laptop models, potentially allowing Windows login bypass and malware persistence. Trend Micro issued urgent warnings about zero-day vulnerabilities in their Apex One platform being actively exploited.

The threat landscape continues to evolve, with reports showing malware complexity increasing by 127% in six months. Ransomware actors are expanding their tactics beyond traditional encryption and exfiltration methods, while phishers are finding new ways to abuse Microsoft 365's Direct Send feature to spoof internal users.

A significant week in cybersecurity began with Europol's arrest of a major administrator from the Russian-language cybercrime forum XSS. The 38-year-old suspect, believed to be the user known as 'Toha', was a key figure in the forum which hosted over 50,000 members. This arrest has caused widespread panic among forum members and represents a major blow to organised cybercrime networks.

In regulatory developments, the semiconductor industry faced new challenges as export controls on advanced chips were adjusted ahead of US-China trade negotiations. Meanwhile, a significant cybersecurity breach was revealed when researchers discovered vulnerabilities in Airportr's luggage delivery service, potentially exposing travel details of government officials and diplomats.

The week concluded with developments in cyber fraud, as investigators uncovered a massive network of fake gaming sites targeting cryptocurrency users through social media platforms. Additionally, law enforcement scored another victory with the sentencing of an Arizona woman to 8.5 years in prison for helping North Korean workers infiltrate US companies, including Fortune 500 firms.

This week saw significant developments in ransomware operations and critical infrastructure security. According to Check Point's Q2 2025 Ransomware Report, several major Ransomware-as-a-Service (RaaS) groups including RansomHub, Babuk-Bjorka, and Lockbit ceased operations, leading to a 6% drop in victims and a more fragmented threat landscape.

A major development emerged around SharePoint vulnerabilities, with researchers uncovering connections between Project AK47 toolset and the ToolShell exploit chain. This activity overlaps with Storm-2603, whose previous ransomware operations were detailed by Check Point Research. Additionally, Russia's largest airline Aeroflot suffered a significant attack by pro-Ukrainian hacktivists, causing severe flight delays.

In terms of security research, Unit 42 released their Attribution Framework, providing insight into their threat actor attribution methodology. A new attack vector dubbed 'BadSuccessor' was identified in Windows Server 2025, allowing privilege elevation through dMSAs under specific conditions.

This week saw major developments in AI security and exposure management, with several concerning trends emerging. IBM's Cost of a Data Breach Report 2025 revealed that 63% of organizations lack AI governance policies, while 13% suffered AI-related security breaches. The report highlighted how AI security is significantly lagging behind AI adoption, with 97% of breached organizations lacking proper AI access controls.

In response to growing AI security challenges, OWASP released their Securing Agentic Applications Guide, providing practical guidance for securing AI applications. Meanwhile, Tenable launched AI Exposure capabilities in their Tenable One platform, offering visibility into AI platform usage and associated risks.

The week concluded with a significant shift in exposure management approaches, as highlighted in Tenable's analysis showing that organizations are moving beyond traditional vulnerability scanning towards a more comprehensive, unified view of risk. This evolution reflects a growing recognition that siloed security approaches are no longer sufficient in today's complex threat landscape.