Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.

A new cyberattack method, dubbed Man in the Prompt, has been identified, allowing malicious actors to exploit common browser extensions to inject harmful instructions into leading generative AI tools like ChatGPT, Google Gemini, and others. This critical finding comes from a recent threat intelligence report by cybersecurity research firm LayerX.

According to researchers, it all starts with how most AI tools function within web browsers. Their prompt input fields are part of the web page’s structure (known as the Document Object Model, or DOM). This means that virtually any browser extension with basic scripting access to the DOM can read or alter what users type into AI prompts, even without requiring special permissions.

Browser-based AI applications using LLMs are especially affected (Source: LayerX)

****How the Attack Works and Who is At Risk****

Bad actors can use compromised or outright malicious extensions to carry out various harmful activities. These include manipulating a user’s input to the AI, secretly injecting hidden instructions, extracting sensitive data from AI responses or the entire session, and even tricking the AI model into revealing confidential information or performing unintended actions. Essentially, the browser becomes a conduit, allowing the extension to act as a “man in the middle” for AI interactions.

Attack Scenario Explained (Source: LayerX)

The risk is significant because browser-based AI tools often process sensitive information. Users may paste confidential company data into these interfaces, and some internal AI applications trained on proprietary datasets can be exposed if browser extensions interfere with or extract content from the prompt or response fields.

The ubiquity of browser extensions, coupled with the fact that many organisations allow free installation, means a single vulnerable extension can provide an attacker with a silent pathway to steal valuable corporate knowledge.

> _“The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini. The implication for organisations is that as they grow increasingly reliant on AI tools, that these LLMs, especially those trained with confidential company information, can be turned into ‘hacking copilots’ to steal sensitive corporate information.”_
> 
> LayerX

LayerX demonstrated proof-of-concept attacks against major platforms. For ChatGPT, an extension with minimal declared permissions could inject a prompt, extract the AI’s response, and remove chat history from the user’s view to reduce detection.

For Google Gemini, the attack exploited its integration with Google Workspace. Even when the Gemini sidebar was closed, a compromised extension could inject prompts to access and exfiltrate sensitive user data, including emails, contacts, file contents, and shared folders.

Google was informed about this specific browser extension vulnerability by LayerX. Check out this exploit’s demo here:

****Mitigating the Novel Threat****

This attack creates a blind spot for traditional security tools like endpoint Data Loss Prevention (DLP) systems or Secure Web Gateways, as they lack visibility into these DOM-level interactions. Blocking AI tools by URL alone also won’t protect internal AI deployments.

LayerX advises organisations to adjust their security strategies towards inspecting in-browser behaviour. Key recommendations include monitoring DOM interactions within AI tools to detect suspicious activity, blocking risky extensions based on their behaviour rather than just their listed permissions, and actively preventing prompt tampering and data exfiltration in real-time at the browser layer.

Mayank Kumar, Founding AI Engineer at DeepTempo, highlighted the broader implications of this new attack vector in his comment shared with Hackread.com. “The pressure to integrate generative AI is real,” he observed, noting that organisations widely adopt models like ChatGPT and Gemini for productivity gains. However, he warned, this rapid adoption is “severely testing the security infrastructure built in the pre-GenAI era.”

Kumar emphasised that attacks like “Man in the Prompt” highlight the critical need to rethink security for the interfaces where proprietary data, AI tools, and third-party integrations like browser extensions interact. He stated, “Prompts are not just text, they are interfaces.” This new reality means securing not just the AI model, but the entire data journey through potentially vulnerable browser environments.

Kumar advocates for going “beyond surface-level protection” by implementing deep-layer network monitoring. By looking for anomalies in network traffic correlated with AI tool interactions, organisations can detect suspicious activities, such as unusual data leaving the network or unexpected communications, even when hidden within seemingly legitimate AI prompts. This layered approach, combining application awareness with strict network scrutiny, is vital to counter this new wave of AI-driven cyber threats.

Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses.

The cybersecurity world isn’t just changing, it’s getting a complete makeover. With approximately 600 million cyberattacks per day in 2025, translating to 54 victims every second, the stakes have never been higher. If you’re running a business in 2025, cybersecurity isn’t some back-burner IT concern anymore. It’s your digital lifeline.

Whether you’re launching a startup that needs to search for a Domain or protecting an enterprise that’s weathered every tech storm since Y2K, understanding this year’s cybersecurity shifts isn’t optional; it’s survival.

****AI: The Ultimate Double Agent****

Artificial intelligence has officially entered its villain era, and it’s bringing some serious heat. Criminals are using AI for sophisticated attacks, crafting adaptive malware, launching real-time phishing campaigns, and creating convincing deepfakes that could fool your mother.

Here’s the kicker: The number of deepfakes is projected to reach 8 million in 2025, up from 500,000 in 2023. That’s a 1,500% increase in fake content that’s getting harder to spot every day.

****The AI Arms Race Gets Personal****

But AI isn’t just playing for the dark side. Defenders are integrating AI for advanced anomaly detection, rapid threat hunting, and automated response. It’s like having a digital security guard that never sleeps, never gets distracted, and processes threats faster than any human team ever could.

The real game-changer? Security operations centers are using AI for big data analysis of logs, rapid anomaly detection, and automated containment procedures, reducing breach window times and cutting manual analyst workloads.

****Zero Trust: The “Trust No One” Revolution****

Remember when your office network was like a medieval castle, hard shell, soft center? Those days are dead than Internet Explorer. Organisations are adopting zero trust models, which continuously verify users and devices.

****Why the Rush to Zero Trust?****

Because micro-segmentation, user context checks, and continuous session monitoring are becoming industry standards, it reduces the risks of lateral movement by attackers. Think of it as giving every user their own personal security bubble instead of one big group hug.

The momentum is real: Continuous validation of access rights and micro-segmentation are standard across cloud apps, IoT systems, and remote endpoints, offering layered protection that works.

****Quantum Computing: The Storm That’s Coming****

Let’s talk about the elephant in the server room. Quantum computing isn’t science fiction anymore; it’s a ticking time bomb for current encryption methods. Security experts predict that quantum computing poses a significant potential threat, especially for breaking contemporary encryption.

****The Post-Quantum Panic****

Here’s what keeps security experts awake: quantum computers could theoretically crack today’s encryption in hours instead of the billions of years it would take conventional computers. Organisations are beginning to explore post-quantum cryptography to protect sensitive data.

The urgency is real because adversaries aren’t waiting. They’re already collecting encrypted data now, planning to decrypt it once quantum computers become viable. It’s called “harvest now, decrypt later,” and it’s happening right now.

****Ransomware Gets a Business Model Makeover****

Ransomware isn’t just malware anymore; it’s a full-blown industry. The ransomware economy has grown, with attack toolkits available for purchase and use by less-skilled criminals. It’s like Uber for cybercrime, except everyone loses.

****The Numbers Don’t Lie****

Nearly 60% of businesses have faced ransomware attacks in the past year, and North America has seen an 8% increase in such attacks. The financial hit? The typical ransomware recovery averages $2.73 million.

But here’s the twist: Supply chain breaches, especially via third-party vendors and software dependencies, continue to surge, prompting more real-time monitoring and contractual cybersecurity demands.

****Supply Chain Attacks: The Domino Effect Nobody Saw Coming****

Your business is only as secure as your weakest vendor, and that’s becoming a serious problem. By 2025, 45% of global organisations are expected to have faced a software supply chain attack.

****The Ripple Effect****

When one vendor gets compromised, it doesn’t just affect them; it creates a domino effect across their entire customer base. Think SolarWinds, but happening more frequently and with less fanfare.

****Cloud Security: The New Wild West****

As businesses migrate to the cloud faster than you can say “digital transformation,” new attack surfaces are exposed through misconfigurations or unpatched images. Embedding security “shift-left” into DevOps is now critical.

****The Multi-Cloud Challenge****

Here’s where it gets tricky: most companies aren’t just using one cloud provider. They’re juggling AWS, Azure, Google Cloud, and private data centers like a digital circus act. Each platform has unique configurations, logs, and policy frameworks, making consistent threat visibility nearly impossible.

****The Human Factor: Still the Biggest Wild Card****

Despite all the tech advances, humans remain the weakest link in the security chain. The “hybrid workforce”, remote, contracted, or third-party, magnifies insider threats, necessitating behavioural analytics and strong identity management.

****Authentication Gets an Upgrade****

Advanced authentication through biometrics and continuous monitoring minimises credential-based threats across distributed environments. It’s not just about what you know anymore; it’s about who you are, where you are, and how you normally behave.

****The Money Trail: Following the Cybersecurity Budget****

Here’s the reality check: Global cybercrime costs are projected to hit $10.5 trillion in annual damages by 2025. That’s not a typo, trillion with a T.

****Investment Response****

The good news? 85% of organisations plan to increase cybersecurity budgets, with spend projected to grow at a 12.2% annual rate, topping $377 billion globally by 2028.

The bad news? The global shortage of skilled cybersecurity professionals continues, slowing the adoption of advanced tools across smaller enterprises.

****Data Breaches: The Expensive Reality****

Let’s talk numbers that hurt: IBM reports the global average cost of a data breach rose to $4.88 million in 2024 and continues climbing. For IoT devices specifically, the average cost of a successful attack is over $330,000.

****Identity Fraud Explosion****

Identity fraud losses reached $27.2 billion in 2024, up 19% from the previous year. Your data isn’t just valuable, it’s becoming the digital equivalent of gold.

****The Regulatory Response: Compliance Gets Serious****

Governments worldwide are responding to the escalating threat with stricter regulations. New laws mandate stronger incident reporting, data protection, and resilience, influencing risk management strategies globally.

****What This Means for Your Business****

The cybersecurity world of 2025 isn’t about perfect protection; it’s about smart adaptation. Cybersecurity requirements are embedded early in the software development lifecycle, from DevOps pipelines to ongoing vulnerability management.

****The New Security Mindset****

Organisations implement CSMA frameworks for modular, integrated controls across varied systems, improving visibility and control in decentralised environments. It’s not about building higher walls, it’s about building smarter defences.

The winners in 2025 won’t be the companies with the most expensive security tools. They’ll be the ones who understand that cybersecurity is a business strategy, not just a technical challenge. They’ll invest in their people, stay flexible with their defences, and never stop learning.

Because in cybersecurity, the moment you think you’ve figured it out is the moment someone’s already figured out how to beat you.

****Frequently Asked Questions****

**Q: How much should my company budget for cybersecurity in 2025?** A: With 85% of organisations planning to increase cybersecurity budgets, most experts recommend allocating 10-15% of your IT budget to cybersecurity. The actual amount depends on your industry risk level and current security maturity.

**Q: Is AI more helpful or harmful for cybersecurity?** A: It’s genuinely both. While criminals are using AI for sophisticated attacks, defenders are integrating AI for advanced anomaly detection and rapid threat hunting. The key is staying ahead of the curve.

**Q: Should small businesses worry about quantum computing threats?** A: Not immediately, but start planning now. Organisations are beginning to explore post-quantum cryptography, and early preparation will be cheaper than emergency migration later.

**Q: What’s the biggest cybersecurity mistake companies make?** A: Treating cybersecurity as purely a technology problem instead of a business risk. The “hybrid workforce” magnifies insider threats, requiring behavioural analytics and strong identity management. It’s about people, not just tools.

**Q: How quickly are supply chain attacks increasing?** A: Rapidly. By 2025, 45% of global organisations are expected to have faced a software supply chain attack. It’s not a matter of if, but when your supply chain will be targeted.

Cybersecurity Trends 2025: What’s Really Coming for Your Digital Defenses

watchTowr's latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!

Cybersecurity firm watchTowr has uncovered multiple serious vulnerabilities within SonicWall’s SMA100 series SSL-VPN appliances, highlighting ongoing security challenges in widely used network infrastructure devices.

The in-depth research, which includes three critical CVEs, was shared with Hackread.com. The findings, confirmed against firmware version 10.2.1.15 and earlier versions, expose flaws that watchTowr Labs’ experts described as feeling “preserved in amber from a more naïve era of C programming.” Despite advancements in security, pre-authentication buffer overflows continue to surface.

Among the vulnerabilities is CVE-2025-40596, a stack-based buffer overflow with a High severity CVSS score of 7.3. This flaw can be triggered before a user even logs in and resides in the httpd program, which handles incoming web requests. It incorrectly uses the sscanf function to parse parts of a web address, allowing too much data to be copied into a small memory space.

According to researchers, its exploitation could lead to Denial of Service (DoS) or potentially remote code execution (RCE). While SonicWall’s software has stack protection, the presence of such a basic flaw in 2025 is concerning.

Another significant issue, CVE-2025-40597, is a heap-based buffer overflow, also exploitable without authentication and rated High severity with a CVSS score of 7.5. This bug is found in the mod_httprp.so component, which handles HTTP requests.

The problem arises because a “safe” version of the sprintf function was used incorrectly, allowing an attacker to write past allocated memory when crafting a malicious Host: header. This could corrupt adjacent memory, and also potentially lead to Denial of Service or RCE, though watchTowr noted that exploiting this for full RCE was challenging due to the dynamic nature of the server.

Finally, CVE-2025-40598 reveals a reflected Cross-Site Scripting (XSS) vulnerability, with a Medium severity CVSS score of 6.1. This classic web flaw allows attackers to inject malicious code into a web page, which then runs in a user’s browser if they visit a specially crafted link.

What’s worse, even basic XSS payloads worked because the appliance’s Web Application Firewall (WAF) feature appeared to be disabled on its management interfaces, meaning it offered no protection against this type of attack.

watchTowr emphasised that while some of these vulnerabilities might be difficult to fully exploit for RCE, their very existence in modern devices is problematic. The researchers urge organisations to immediately apply available patches, specifically upgrading to firmware version 10.2.2.1-90sv or higher.

SonicWall advises enabling multi-factor authentication (MFA) and ensuring the WAF feature is active on SMA100 appliances as additional protective measures.  SonicWall has also released an advisory regarding these vulnerabilities.

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…

The notorious **INC Ransomware group** is claiming responsibility for a data breach at Dollar Tree, the American retail chain known for selling most items at $1.25 or less. Despite its discount model, Dollar Tree is a Fortune 500 company, reporting $17.58 billion in revenue for fiscal year 2025.

As seen by Hackread.com, Dollar Tree appeared on the INC Ransomware’s dark web leak site earlier today. The group claims to have breached the company’s security and stolen 1.2TB of sensitive and personal data.

_“_They became a victim of the data breach. 1.2TB of sensitive and personal data will be published soon on our blog,_“_ the group claims.

A quick review of the sample data shared on the leak site reveals a range of sensitive documents. These include passport copies, filled payroll forms, job letters, agreements, legal correspondence between the company and employees, and complaints detailing sexual harassment and discrimination cases.

Screenshot from the INC Ransomware gang’s dark web leak site (Image credit: Hackread.com)

We are aware of claims made by a ransomware group regarding 99 Cents Only Stores. The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate.

****INC Ransomware: A Notorious Cybercrime Group****

INC Ransom, also known as GOLD IONIC, has been active since at least July 2023. The group is known for its sophisticated tactics and for using multiple malware families to carry out its attacks.

The group targets a broad range of industries, including healthcare, education, and industrial sectors, with a primary focus on the United States and Europe. It has been linked to several high-profile attacks, including a major ransomware incident involving **Ahold Delhaize**, the parent company of Albert Heijn, where 6 terabytes of data were stolen. While INC Ransom is suspected to have ties to Russia, its exact origins remain unclear.

INC Ransom also made headlines **in December 2024** for targeting the UK’s National Health Service (NHS). The group stole patient data and caused service disruptions at multiple institutions, including Alder Hey Children’s, Liverpool Heart and Chest NHS Foundation Trusts, and Wirral University Teaching Hospital.

**In March 2024**, INC Ransomware also targeted NHS Scotland, stealing 3TB of data and threatening to leak it online if their ransom demands weren’t met. Reports **indicate** that the group has demanded ransoms exceeding $5 million in some cases.

INC Ransom is especially known for its double-extortion tactics, where they not only encrypt a victim’s data but also exfiltrate it, threatening to publish it online if the ransom isn’t paid. The group has also **rebranded** itself as Lynx, continuing its operations with the same double-extortion tactics and targeting crucial sectors in the US and UK.

****Another Day, Another Ransomware****

Ransomware attacks continue to surge. Just last week, NASCAR **confirmed** a data breach after Medusa ransomware claimed **responsibility** and demanded a $4 million ransom. On July 28, 2025, the GLOBAL GROUP ransomware gang claimed to have breached Miami-based media giant Albavisión, stealing 400GB of data.

Nevertheless, ransomware attacks like the one claimed against Dollar Tree show just how aggressive cybersecurity threats have become. With major companies and public institutions constantly under attack, the need for proper security measures has never been more urgent.

****Update – Company Response****

After the publication of this report, a spokesperson for Dollar Tree responded to Hackread.com. Although INC Ransomware has explicitly named Dollar Tree in its leak site listing and claimed to have stolen 1.2TB of sensitive data, the company denies any involvement.

While the ransomware group attributes the data leak to Dollar Tree, the company maintains that the data likely originated from 99 Cents Only Stores, a separate business from which it acquired only select real estate leases. In a statement shared with Hackread.com, Dollar Tree clarified:

> “We are aware of claims made by a ransomware group regarding 99 Cents Only Stores. The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate.”
> 
> Dollar Tree Spokesperson

Hackread.com is monitoring the situation and will update the article if more information becomes available or if the ransomware group releases additional data that confirms or contradicts the claim.

Inc Ransomware Claims 1.2TB Data Breach at Dollar Tree

Akamai's latest Ransomware Report 2025 reveals "quadruple extortion," new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats.

Cybercriminals are escalating their tactics, moving beyond traditional data encryption to employ a more aggressive approach known as quadruple extortion. This alarming trend is explained in the latest Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape, released today by Akamai, a leading cybersecurity and cloud computing firm.

The report reveals that while double extortion (a technique where attackers encrypt data and threaten to leak it if a ransom isn’t paid) remains common, the emerging quadruple extortion adds layers of pressure. This includes using distributed denial-of-service (DDoS) attacks to shut down a victim’s operations and harassing third parties, like customers, business partners, or even the media, to increase the demand for payment.

Image via Akamai

“Ransomware threats today aren’t just about encryption anymore,” stated Steve Winterfeld, Advisory CISO at Akamai. He emphasised that attackers are now leveraging “stolen data, public exposure, and service outages to increase the pressure on victims,” turning cyberattacks into major business crises.

The Akamai report also highlights other significant developments in the world of cybercrime. Generative AI and large language models (LLMs) are making it easier for individuals with less technical skill to launch complex ransomware attacks by helping them write malicious code and improve their social engineering techniques. The report specifically notes that groups like Black Basta and FunkSec, along with other RaaS platforms, are quickly adopting AI and evolving their extortion tactics.

Additionally, hybrid groups, combining the motives of hacktivists with ransomware, are increasingly using ransomware-as-a-service (RaaS) platforms. These platforms allow individuals or groups to rent access to ransomware tools and infrastructure, amplifying their impact for a mix of political, ideological, and financial reasons. An example is Dragon RaaS, which emerged in 2024 from the Stormous group, now focusing on smaller, less secure organisations.

The research indicates that certain sectors are particularly vulnerable. Nearly half of all cryptomining attacks, which involve secretly using a victim’s computer resources to mine cryptocurrency, targeted non-profit and educational organisations. This is likely due to these organisations often having fewer resources dedicated to cybersecurity.

****TrickBot: The Malware Behind Hundreds of Millions in Crypto Extortion****

For decades, Trickbot malware has been known for hijacking cryptocurrency transactions, and the financial damage caused by these groups is finally showing up. The TrickBot malware family, widely used by ransomware groups, has alone been responsible for extorting over $724 million in cryptocurrency from victims since 2016.

Although the Trickbot’s infrastructure was dismantled in 2020, Akamai’s Guardicore Hunt Team recently identified its continued suspicious activity on several customer systems.

****How Does TrickBot Infect a Device****

TrickBot malware spreads primarily through phishing emails, which are created to look like legitimate messages from banks, delivery services, or government agencies. These emails include malicious attachments, such as Word or Excel files, or links to compromised websites. When a user opens one of these attachments, they may be prompted to enable macros. If they do, malicious scripts run in the background and quietly install TrickBot on the system.

In addition to phishing, TrickBot can exploit unpatched software vulnerabilities. If a system hasn’t been updated with the latest security fixes, the malware can use those flaws to gain access or spread across the network. It’s also common for TrickBot to be delivered by other malware, especially Emotet or QakBot. These act as loaders, setting up the infection so TrickBot can follow.

Once TrickBot gains access, it harvests login credentials, maps out connected systems, and infects other machines. This infection chain allows it to collect more data and sometimes even deploy ransomware.

James A. Casey, Akamai’s Vice President and Chief Privacy Officer, emphasised the importance of strong cybersecurity measures, incident reporting, and effective risk management strategies, such as Zero Trust and micro-segmentation, to build resilience against these evolving threats. He stressed that organisations must stay updated and adapt their defences to counter the changing tactics of cyber extortion.

TrickBot Behind More Than $724 Million in Crypto Theft and Extortion

Menlo Park, United States, 30th July 2025, CyberNewsWire

**Menlo Park, United States, July 30th, 2025, CyberNewsWire**

AccuKnox, Inc., the Zero Trust Cloud-Native Application Protection Platform (CNAPP) leader, has announced deployment in the UAE banking sector through its strategic partnership with cybersecurity VAD **CyberKnight**. The deal, secured with a major Abu Dhabi-based financial institution , marks a milestone in AccuKnox’s regional expansion.

The deployment will enhance the bank’s cloud security framework and support its broader digital transformation objectives, ensuring alignment with UAE banking regulations and national cybersecurity mandates.

**Security for Critical Banking Infrastructure**

AccuKnox’s Code to Cognition security platform rollout is tailored to address the region’s growing threats to financial institutions.

**Key benefits include:**

*   **Compliance** with UAE Bank regulations, PCI-DSS, ISO 27001, and SOC2 Type II
*   **Zero Trust architecture** implementation supporting the UAE’s National Cybersecurity Strategy
*   **Real-time monitoring** across multi-cloud and Kubernetes environments
*   **DevSecOps alignment** for seamless integration into development workflows without operational disruptions
*   **Advanced threat detection** capabilities to protect financial transactions and sensitive customer data

**Voices from the Leaders**

> “**We’re proud to facilitate this breakthrough partnership. It signals a clear shift: financial institutions in the UAE are ready to leap ahead with cybersecurity strategies that are smart, scalable, and regionally supported,**” – said Avinash Advani, CEO and Founder of CyberKnight

> **“This deployment significantly transforms not only our operations, but also the entire UAE region.” Working with a visionary institution of this size highlights the growing importance of Zero Trust architecture in safeguarding the backbone of digital banking,”** – said Nat Natraj, CEO and Co-Founder, AccuKnox 

> **“Thanks to our partnership with CyberKnight, we are continuing to grow and establish a leadership position in the GCC region. We are pleased to see the increasing momentum in the Middle East**. – said Raj Panchapakesan, Global Head, Partner Ecosystem, AccuKnox.

**About AccuKnox**

AccuKnox delivers a Zero Trust CNAPP platform that secures public clouds, private clouds, edge/IoT & 5G assets. Born out of SRI International (Stanford Research Institute), AccuKnox holds seminal Zero Trust security patents and is backed by top-tier investors including National Grid Partners, Dolby Family Ventures, and the 5G Open Innovation Lab.

Users can learn more at accuknox.com

**About CyberKnight**

CyberKnight is a regional cybersecurity leader serving the Middle East and Africa. With specialised expertise in finance and government, CyberKnight partners with the world’s leading security providers to deliver end-to-end protection tailored to the unique demands of the region.

Organizations evaluating CNAPP solutions can **schedule a 15-minute** **demo** **to learn more.**

**Contact**

**Product Marketing Manager**  
**Syed Hadi**  
**AccuKnox Inc.**  
**\[email protected\]**

AccuKnox partners with CyberKnight to deliver Zero Trust Security for a Leading Global Bank in the UAE.

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

If you thought using a public phone charger was safe, it’s time to think again. Despite years of updates aimed at protecting smartphones from “juice jacking” attacks, cybersecurity researchers have identified a new threat that sidesteps those very safeguards.

A new study now outlines how attackers are now using a method called Choicejacking to exploit smartphones into granting unauthorised access, often without the user realising anything happened.

****From Juice Jacking to Choicejacking****

Juice jacking first made headlines over a decade ago, when hackers used infected charging stations to either steal data or inject malware into connected phones. In response, smartphone operating systems began requiring users to approve any data transfer when a device is plugged into an unknown port. That change gave users the option to choose “charge only” or allow file access.

But researchers from Graz University of Technology in Austria have found a way (PDF) to sidestep those security prompts altogether. The technique tricks phones into thinking the user has allowed data transfer, even when they haven’t touched the screen.

****How Choicejacking Works****

Instead of relying on traditional malware, this attack spoofs USB or Bluetooth input devices to fake user actions. A malicious charging station could simulate keyboard inputs, overflow input buffers, or abuse device communication protocols to quietly switch your phone into data-transfer or debug mode.

The entire process takes less than 133 milliseconds. That’s faster than you can blink, meaning the phone reacts before you even have a chance to notice.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said the danger lies in the illusion of control. “Choicejacking is particularly dangerous because it manipulates a device into making decisions users never intended, all without them realising it,” he explained.

Once access is granted, the attacker can quietly browse photos, read messages, or plant malicious software.

Attack flow (Image via Graz University of Technology)

****Public Ports Aren’t Worth the Risk****

The rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.

Warmenhoven adds, “With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.”

That warning applies to both Android and iOS users. While some platforms offer more visible prompts or charge-only settings, the underlying vulnerabilities still exist, and attackers are always looking for ways to get around them.

While the Choicejacking technique was detailed in a research paper, it has been accepted for presentation at the 34th USENIX Security Symposium, taking place in August 2025.

****What You Can Do to Stay Safe****

Nevertheless, researchers suggest keeping your phone’s software updated and avoiding unfamiliar charging ports whenever you can. It also helps to be prepared. Carrying a portable power bank is one of the easiest ways to stay in control while you’re out. If you do need to plug in, try to use a wall outlet with your own cable and adapter instead of a public USB port, especially ones that look suspicious or overly complicated.

Some devices let you select “charge only” mode, which prevents any data from being transferred. Turn that on if it’s available. While attackers keep finding new tricks, staying cautious and informed can still keep you a step ahead.

New Choicejacking Attack Steals Data from Phones via Public Chargers

Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities.

Allianz Life Insurance Company of North America, based in Minneapolis, MN, has confirmed a significant data breach, affecting the personal information of most of its 1.4 million customers, financial professionals, and select employees. The incident, which occurred on July 16, 2025, and was discovered the following day, involved unauthorised access to a customer relationship management (CRM) platform operated by a third-party vendor.

According to TechCrunch, which first reported this incident, the attacker gained access using a social engineering technique, which involves manipulating individuals through deception to obtain credentials or sensitive data. While the exact number of individuals impacted remains undisclosed, the company has reported the breach to authorities, including the FBI and the Maine Attorney General’s office.

“The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life’s customers, financial professionals, and select Allianz Life employees. We took immediate action to contain and mitigate the issue and notified the FBI,” the company’s spokesperson stated.

Allianz Life plans to begin sending written notifications to affected individuals around August 1, 2025, offering them 24 months of complimentary credit monitoring and identity theft protection. The company’s internal systems, including its policy administration platform, remained secure throughout the incident. The breach was also confirmed by parent company Allianz SE, which stated it was contained to Allianz Life’s North American operations and did not affect other parts of the global Allianz Group network.

The method used in the Allianz Life breach, employing social engineering to access a third-party system, bears similarities to tactics used by the Scattered Spider hacking collective. This group is known for using deception, such as impersonating IT help desks, to steal credentials from technology vendors. However, the specific perpetrators of the Allianz Life attack have not been identified.

This incident highlights a growing challenge for financial service companies: securing their extended technology networks, given the rising number of cases where financial firms are compromised via their third-party providers rather than direct attacks on their main infrastructure.

Third-party vendors handling sensitive customer data have become appealing targets for cybercriminals seeking a single entry point to access information from multiple organisations. Cloud-based CRM systems are particularly attractive, as they contain valuable customer details such as contact information, policy specifics, and communication histories and can potentially offer pathways for attackers to move deeper into corporate networks.

While Allianz Life swiftly implemented containment measures and is notifying affected customers, experts caution that stolen personal data could still be “weaponised” in future social engineering attempts targeting the same victims. Individuals impacted should, therefore, remain vigilant against unsolicited messages or suspicious links.

“This breach highlights that the biggest threats don’t always come from direct attacks, but often a combination of vulnerabilities across the entire supply chain. In this case, the attacker used multiple techniques: social engineering to obtain access rights, and a third-party solution as a backdoor into the system,” said Boris Cipot, Senior Security Engineer at Black Duck, a Burlington, Massachusetts-based provider of application security solutions.

“Allianz responded appropriately by notifying the authorities and the affected customer, and by offering credit and identity monitoring services,” Boris added. “However, impacted individuals should remain vigilant. The stolen data could still be used in follow-up social engineering attempts. Be cautious of unsolicited messages, especially those containing links or attachments. Don’t click on links or open files unless you’re absolutely sure they’re legitimate,” he warned.

Allianz Life Data Breach Hits 1.4 Million Customers

Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks.

Darktrace, a leading cybersecurity research firm, has identified what is believed to be the first documented instance of threat actors exploiting a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the evasive Auto-Color backdoor malware.

This flaw, disclosed by SAP SE on April 24, 2025 and assigned a CVSS score of 10, is particularly dangerous as it enables attackers to upload malicious files to the SAP NetWeaver application server, potentially leading to remote code execution and full system compromise.

****About Auto-Color****

The Auto-Color Backdoor, first seen in November 2024 and previously observed targeting systems in the US and Asia, is a Remote Access Trojan (RAT) named for its ability to rename itself to “/var/log/cross/auto-color” post-execution. It primarily targets Linux systems, often found in universities and government institutions in the US and Asia.

Auto-Color is highly evasive, exploiting built-in Linux features like ld.so.preload for persistent system compromise. Each instance is unique due to statically compiled and encrypted command-and-control (C2) configurations. A key new finding is the malware’s suppression tactic: it can “pretend to be sleep” if C2 connections fail, appearing benign to analysts and hiding its full capabilities during analysis.

****Attack Timeline: SAP Exploit to Malware Delivery****

This crucial research was shared with Hackread.com ahead of its publishing on Tuesday, according to which in April 2025, Darktrace Security Operations Centre (SOC) identified a multi-stage Auto-Color attack on a US-based chemicals company’s network.

According to researchers, initial scanning for CVE-2025-31324 was observed from April 25. Active exploitation began on April 27, with an incoming connection from IP 91.193.19.109 and a ZIP file download signalling the exploit.

The compromised device immediately made suspicious DNS requests for Out-of-Band Application Security Testing (OAST) domains on April 27 and 28, a tactic for vulnerability testing or data tunnelling.

Timeline of Exploit (Source: Darktrace)

Roughly ten hours later, on April 27, a shell script (config.sh) was downloaded. The device then made connections to 47.97.42.177, an endpoint linked to Supershell, a C2 platform. Less than 12 hours later, on April 28, the Auto-Color ELF malware file was downloaded from 146.70.41.178. Darktrace’s investigation confirmed this was the first observed pairing of SAP NetWeaver exploitation with Auto-Color malware.

****AI-Powered Security Halts Stealthy Intrusion****

Darktrace’s AI-driven Autonomous Response capability quickly intervened, enforcing a “pattern of life” on the affected device for 30 minutes, starting on April 28. This prevented further malicious actions while allowing normal business operations. Multiple alerts were triggered, prompting investigation by Darktrace’s Managed Detection and Response (MDR) service.

Alerts from the device’s Model Alert Log (Source: Darktrace)

Analysts extended the Autonomous Response actions for an additional 24 hours, giving the customer’s security team crucial time for investigation and remediation.

This incident highlights that despite urgent disclosures, vulnerabilities like CVE-2025-31324 remain actively exploited, leading to more persistent threats. Darktrace’s timely detection and autonomous response ensured the threat was contained, preventing escalation and demonstrating the power of AI in thwarting sophisticated, multi-stage attacks.

Since CVE-2025-31324 remains actively exploited despite disclosure, organisations should take immediate actions, said Mayuresh Dani, Security Research Manager, at Qualys Threat Research Unit.

“Immediately patch SAP NetWeaver systems against CVE-2025-31324, but if for some reason, they cannot install the patch, they should immediately stop exposing these SAP NetWeaver installations on the internet, isolate them and block the /developmentserver/metadatauploader endpoint and also deploy a zero-trust architecture that assumes breach and verifies every network transaction before transmission.”, stressed Mayuresh.

SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm

Palo Alto, California, 29th July 2025, CyberNewsWire

**Palo Alto, California, July 29th, 2025, CyberNewsWire**

Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense of security – Koi Research disclosed 18 malicious extensions that distributed spyware to 2.3M users, with most bearing the well-trusted “Verified” status.

SquareX researchers disclosed the technological reason behind this vulnerability, highlighting an architectural flaw in Browser DevTools that prevents browser vendors and enterprises from performing the thorough security analysis many enterprises expect.

> “Aside from the fact that thousands of extension updates and submissions are being made daily, it is simply impossible for browser vendors to monitor and assess an extension’s security posture at runtime,” says Nishant Sharma, Head of Security Research at SquareX, “This is because existing DevTools were designed to inspect web pages. Extensions are complex beasts that can behave dynamically, work across multiple tabs and have “superpowers” that allow them to easily bypass detection via rudimentary Browser DevTool telemetry.”

In other words, even if browser vendors were not inundated by the sheer quantity of extension submission requests, the architectural limitations of Browser DevTools today would still allow numerous malicious extensions to pass DevTool based security inspections. 

Browser DevTools were introduced in the late 2000s, long pre-dating the widespread extension adoption. These tools were invented to help users and web developers debug websites and inspect web page elements. However, browser extensions have unique capabilities to, among others, modify, take screenshots and inject scripts into multiple web pages, which cannot be easily monitored and attributed by Browser DevTools. For example, an extension may make a network request through a web page by injecting a script into the page. With Browser DevTools, there is no way to differentiate network requests made by the web page itself and those by an extension.

Detailed in the technical blog, SquareX’s researchers propose a novel approach that uses the combination of a modified browser and Browser AI Agents to plug this gap. The modified browser exposes critical telemetry required to understand an extension’s true behavior, while the Browser AI Agent simulates different user personas to incite various extension behaviors at runtime for monitoring and security analysis. This not only allows a dynamic analysis of the extension, but also discoveries of various “hidden” extension behaviors that are only triggered by time, a certain user action or device environments. Named the Extension Monitoring Sandbox, the research details the necessary modifications required for the modified browser. 

The revelation of Browser DevTools’ architectural limitations exposes a fundamental security gap that has led to millions of users being compromised. As browser extensions become a core part of the enterprise workflow, it is critical for enterprises to move from superficial labels to solutions specifically designed to tackle extension security. It is absolutely critical for browser vendors, enterprises and security vendors to work closely together in tackling what has become one of the fastest emerging threat vectors.

This August, SquareX is offering a free enterprise-wide extension audit in August. The audit involves conducting an extensive audit of all extensions installed across the organization using all three components of the SquareX Extension Analysis Framework – metadata analysis, static code analysis and dynamic analysis with the Extension Monitoring Sandbox – providing a full analysis of the organization’s extension risk exposure and a risk score for each extension.

**About** **SquareX**

SquareX’s browser extension transforms any browser on any device into an enterprise-grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, GenAI data loss prevention, and more.

Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser.

More information available at: sqrx.com

**Reference**

http://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

Source

HackRead