A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise entire networks and what CISA is urging organisations to do now.

A critical security flaw in Microsoft Exchange servers has left thousands of servers exposed to a major security risk. The unpatched vulnerability, which affects hybrid cloud setups, could allow a hacker to gain complete control over an organisation’s entire network.

The flaw, officially known as CVE-2025-53786, impacts Exchange Server 2016, 2019, and the Subscription Edition. While no attacks have been officially confirmed, security experts believe that exploit code is likely to be developed, making these servers an attractive target for cybercriminals. The vulnerability lets hackers who already have some access to an on-site Exchange server expand their privileges into the connected Microsoft cloud environment, making it hard for organisations to spot the breach.

****Government Agencies Take Action****

In response to this threat, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive. This order required all federal agencies with affected systems to fix the problem by Monday, August 11, at 9:00 AM ET.

CISA Acting Director Madhu Gottumukkala emphasised that while the directive is mandatory for federal agencies, the risks apply to all organisations using this environment. He strongly urged everyone to take the same protective measures.

> ⚠️MS Exchange server hybrid deployment elevation of privilege vulnerability CVE-2025-53786 could allow a threat actor with admin access to an Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. See guidance 👉 https://t.co/NzTYDGqMMq pic.twitter.com/2Cc6mJBRqs
> 
> — CISA Cyber (@CISACyber) August 7, 2025

****A Global Problem****

Scans from the security platform Shadowserver show that despite the urgency, over 29,000 servers remained unpatched as of August 10, just before CISA’s deadline. The US has the largest number of vulnerable servers, with more than 7,200 exposed.

Germany is close behind with over 6,700, followed by Russia with over 2,500. Shadowserver first detected this issue on August 7, noting “Over 28K IPs unpatched” and listing the US, Germany, and Russia as the top affected countries.

Source: Shadowserver

Microsoft had already provided a **hotfix** and guidance for this issue as part of its Secure Future Initiative. Organisations are being advised to apply the latest updates and, for older systems, to disconnect them from the internet entirely. The failure to do so could give attackers an easy way from on-premises systems to the cloud, potentially compromising an organisation’s entire data and services.

****Expert Insight****

**Martin Jartelius**, the CTO at Outpost24, commented on the situation, acknowledging that the large number of unpatched servers is “concerning, but not surprising.” He explained that many organisations were already running older, unmaintained systems. While some organisations with hybrid setups might believe they aren’t at risk, Jartelius warns that leaving a known flaw unpatched is an “open invitation to attackers.” He advises all organisations to continuously assess and fix these issues to strengthen their security.

Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely…

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely unlock vehicles. Read about the “security nightmare” and get tips to protect your car from tracking.

A new security vulnerability in a major car manufacturer’s online system has been discovered, exposing customer data and potentially allowing remote access to vehicles. The flaw was found by security researcher Eaton Zveare, who reported his findings to the company, leading to a fix in February 2025. Zveare has not publicly named the automaker, but stated it’s a well-known brand with over 1,000 dealerships in the **United States**.

For your information, Zveare is known for identifying critical vulnerabilities in IoT devices. For example, their **June 2022 findings** revealed a vulnerability in a smart jacuzzi app that could be exploited by a remote attacker to extract unsuspecting user data.

The vulnerability was found in an online portal used by the carmaker’s dealerships. Zveare discovered a way to bypass the login security by modifying the portal’s code, which allowed him to create a new “national administrator” account. This gave him “unfettered access” to the private information of thousands of customers, including personal data, financial details, and vehicle information.

Using a vehicle’s unique identification number (**VIN**), which can be seen on the windshield, a hacker could look up the owner’s name. Even more alarming, the flaw allowed a hacker to remotely control certain car functions, such as unlocking the doors, simply by knowing a customer’s name or a VIN. While Zveare did not test if it was possible to drive the cars away, the vulnerability could easily be exploited by thieves.

The dealership portal also exposed more than just customer information. With his new admin access, Zveare could view financial data from all the dealerships and even track the real-time location of rental or courtesy cars. He noted that the security flaws were a “security nightmare waiting to happen” due to the ability to impersonate other users and access different systems.

Cybersecurity firm Malwarebytes weighed in on the issue, **saying** that this is the kind of vulnerability that makes it easier for people to track and stalk others. Zveare, who presented his **findings** at the Defcon security conference, says the bugs took the company about a week to fix after he disclosed them.

He **told** TechCrunch that the main issue came down to simple authentication flaws, saying, “If you’re going to get those wrong, then everything just falls down.”

For people concerned about their car’s security, here are a few simple tips to help prevent unwanted tracking:

*   Use your phone’s navigation app (like Google Maps) instead of the one built into your car.

*   Don’t save regular destinations in the car’s navigation system.

*   Keep your car’s software updated to ensure you have the latest security protections.

*   Check your car’s remote access apps to make sure no unknown devices have been linked to your account.

Carmaker Portal Flaw Could Let Hackers Unlock Cars, Steal Data

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business…

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business email compromise targeting individuals and companies.

The FBI and the Department of Justice (DoJ) have **announced** the extradition of three Ghanaian nationals accused of being part of a large-scale criminal operation. The individuals, namely Isaac Oduro Boateng, Inusah Ahmed, and Derrick Van Yeboah, arrived in the US on August 7, 2025, and are facing charges for their roles in a scheme that stole more than $100 million from dozens of victims. A fourth suspect, Patrick Kwame Asare, has not yet been apprehended.

The indictment (PDF) alleges that these men were high-ranking members of a criminal organisation based in Ghana that ran two primary types of fraud: romance scams and business email compromises.

In **romance scams**, the criminals created fake online identities to trick vulnerable people, often older men and women, into believing they were in a loving relationship. Once they gained the victims’ trust, they would convince them to send money or help launder funds from other victims.

The group also used business email compromises (**BEC**). This type of fraud involves tricking companies into wiring money to fraudulent accounts. The scammers would likely pretend to be a trusted business partner or a company executive to convince employees to make the payments. The stolen money was then laundered and sent to West Africa.

US Attorney Jay Clayton stated, the accused allegedly “led and participated in an international fraud ring that engaged in a massive conspiracy to defraud vulnerable people and steal from businesses.”

The extradition of the three suspects is a remarkable effort involving international cooperation. According to the DoJ, Ghana’s government and its law enforcement agencies, including the Economic and Organised Crime Office and the Ghana Police Service, provided significant assistance.

The FBI’s Assistant Director Christopher G. Raia highlighted the severity of the crimes, stating, “Deceiving businesses using email compromise campaigns and tricking innocent elderly victims through fraudulent companionship in order to exploit their trust and finances is not merely appalling but illegal.”

The four men are now facing multiple charges, including wire fraud, wire fraud conspiracy, money laundering conspiracy, and receiving stolen money. The charges are merely accusations, and the defendants are presumed innocent until proven guilty in court.

This is the second extradition of scammers involved in large-scale schemes targeting Americans. On August 5, the FBI **announced** the arrest of a Nigerian national and his extradition to the United States to face charges of hacking, identity theft, and fraud. He and his co-conspirators are accused of using spearphishing to steal customer data, as well as filing fraudulent tax returns and disaster relief claims worth millions of dollars.

Ghanaian Nationals Extradited to US Over $100M, BEC, Romance Scams

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,…

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs, sensitive data and much more. The data is now available for download via DDoSecrets.

It is not often that the inner workings of a cyber-espionage operator are exposed, but that is exactly what happened when two hackers decided to publish a trove of stolen files during one of the world’s biggest hacking conferences.

The material did not surface on a cybercrime forum or through a misconfigured database. Instead, it was shared through **Phrack**, the legendary hacker publication, during its 40th anniversary issue at DEF CON in Las Vegas.

The people behind the **leak**, who go by the names Saber and cyb0rg, say they gained access to a virtual workstation and a virtual private server used by someone they call “KIM.” This individual was believed by the leakers to be linked to **Kimsuky**, a group long associated with North Korean state-backed cyber activity. Yet even with that claim, questions remain, and some security experts think it is just as possible that the operator could be based in China.

What they took and later shared offers a rare look into the operational tools and records of an advanced threat actor. The first batch of data included attack logs showing attempts to compromise South Korea’s government and its Defense Counterintelligence Command through the VPS. The second release was even more revealing, containing internal documentation, source code, stolen credentials, and command scripts from the operator’s workstation.

Independent analysts like Distributed Denial of Secrets (DDoSecrets), who reviewed the files and **indexed** the entire 8.90 GB archive on its website for free download, found that the materials appeared authentic and consistent with a real-world espionage toolkit.

Screenshot of the archive available on DDoSecrets (Image credit: Hackread.com)

However, figuring out who actually ran these systems can still be difficult. Hackers sometimes leave trails that point to the wrong country, and skilled operators can mimic another nation’s methods closely enough to mislead investigators.

For now, the leak sits as both a technical goldmine for researchers and a mystery for intelligence analysts. Phrack has said it plans to release additional download links on its site, which means more details could surface.

Nevertheless, this is not the first time that such sensitive data has gotten into the hands of a third party. Back in 2020, IBM’s X‑Force team stumbled across over **40 gigabytes of video recordings** showing Iranian cyber‑espionage operators teaching others how to hijack email accounts.

The footage, which included real-time steps, like linking Gmail accounts to Zimbra software to download inboxes, was exposed by mistake when the hackers uploaded it to an unsecured cloud server.

Hackers Leak 9GB of Data from Alleged North Korean Hacker’s Computer

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea with advanced tools. Discover how this new malware marks a shift from espionage to financially motivated cyberattacks.

A well-known North Korean hacking group, ScarCruft, is changing its methods, adding a new type of attack to its usual playbook of spying. Cybersecurity experts from the South Korean firm S2W recently released a report revealing that ScarCruft is now using a new ransomware called VCD.

This is a critical shift, as the group has traditionally focused on stealing information from high-profile people and government agencies in countries like South Korea, Japan, and Russia.

The group’s recent campaign, carried out by a subgroup called ChinopuNK, occurred in July and used phishing emails to target people in South Korea. These emails contained a tricky file disguised as an update for postal codes.

Once opened, this file infected the victim’s computer with more than nine different kinds of malware, including a new variant of a known malware called ChillyChino, and a backdoor that was written in the Rust programming language. Among these were information-stealing programs like LightPeek and FadeStealer, as well as a backdoor called NubSpy that let the hackers secretly control the computer.

ScarCruft Subgroup Classification (Source: S2W)

This backdoor is especially clever because it uses a real-time messaging service called PubNub to hide its malicious traffic within normal network activity. This campaign is also notable because it included the new VCD ransomware, which locks up a person’s files and demands a ransom. The ransom note is even available in both English and Korean.

Attack Flow (Source: S2W)

According to S2W’s Threat Analysis and Intelligence Center (TALON), this new approach suggests that ScarCruft might be adding financially motivated goals to its spying activities. The group is part of a larger network of North Korean hackers who are known to generate money for the country’s government, which is facing many economic sanctions.

A United Nations report from last year (PDF) even stated that North Korean hackers, including groups like Lazarus and Kimsuky, had stolen around $3 billion over six years.

Mayank Kumar, founding AI engineer at the firm DeepTempo, commented on this evolution, highlighting how these attacks are becoming more complex. Sharing his comment with Hackread.com, Kumar said that ScarCruft’s use of ransomware alongside its usual spying tools shows a new trend where nation-backed hacking and criminal tactics are merging.

“Advanced persistent threat groups must expand their toolsets and blur the line between espionage and cybercrime. Defenders must prepare for campaigns where ransomware is one element in a multi-stage operation. Adaptive, deep learning–driven anomaly detection across network traffic, system events, and security logs, paired with strong segmentation, rapid containment, and visibility into both human and automated adversary activity, is essential to counter such blended threats,” Kumar suggested.

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

London, United Kingdom, 11th August 2025, CyberNewsWire

**London, United Kingdom, August 11th, 2025, CyberNewsWire**

**New** **Heimdal** **study reveals how tool sprawl creates blind spots, with over half of providers experiencing daily or weekly burnout** 

Survey of 80 North American MSPs shows fragmented security stacks drive fatigue, missed threats, and business inefficiency 

Security tools meant to protect managed service providers are instead overwhelming them. 

A new study from Heimdal and FutureSafe reveals that 89% of MSPs struggle with tool integration while 56% experience alert fatigue daily or weekly. 

The research exposes a dangerous paradox. MSPs experiencing high alert fatigue are significantly more likely to miss real threats.

The very tools deployed to enhance security are creating blind spots through exhaustion. 

**The Scale of the Problem** 

The average MSP now runs five security tools, with 20% juggling seven to ten and 12% managing more than ten. 

Only 11% report seamless integration. The remaining 89% must flip between separate dashboards and waste time on manual workflows. 

One in four security alerts prove meaningless, with some MSPs reporting that 70% of their alerts are false alarms. 

Among MSPs managing 1,000+ clients, 100% report daily fatigue. 

> “MSPs are drowning in complexity, not from threats, but from the tools meant to stop them,” said Jesper Frederiksen, CEO at Heimdal. “Every new point solution adds another agent, console, and alert stream. That noise exhausts people and quietly degrades protection.” 

**Beyond Security Operations** 

Agent fatigue extends beyond alert management. Disconnected platforms slow billing processes, complicate client onboarding, and create compliance reporting headaches. 

> “Agent fatigue isn’t just a tech issue. It’s a business risk,” said Jason Whitehurst, CEO at FutureSafe. “MSPs are juggling tool after tool, but they don’t work together.” 

**The Solution Hiding in Plain Sight** 

Despite widespread recognition of the problem, only 20% of MSPs have consolidated their security solutions. Those who have reported fewer alerts, faster response times, and happier staff. 

**Key Survey Findings** 

*   56% experience alert fatigue daily or weekly, 75% at least monthly 
*   Only 11% enjoy seamless tool connectivity 
*   MSPs using 7+ tools report nearly double the fatigue levels 
*   High false positive rates triple the chance of missing genuine incidents 
*   The 20% who consolidate report better outcomes across all metrics 

**Research Methodology** 

The State of MSP Agent Fatigue 2025 surveyed 80 North American MSPs in H1 2025, combining quantitative analysis with thematic coding of over 300 free-text responses. 

Users can download the complete report free at: heimdalsecurity.com/msp-agent-fatigue-report  

**About Heimdal** 

Established in Copenhagen in 2014, Heimdal empowers security teams and MSPs through unified cybersecurity solutions spanning endpoint to network security, including vulnerability management, threat prevention, and ransomware mitigation. 

**About FutureSafe** 

FutureSafe is the exclusive provider of Heimdal in the United States, helping MSPs cut through tool sprawl and deliver consolidated cybersecurity.

**Contact**

**Head of Content & PR**  
**Danny Mitchell**  
**Heimdal Security**  
**\[email protected\]**

Report Reveals Tool Overload Driving Fatigue and Missed Threats in MSPs

Cary, United States, 11th August 2025, CyberNewsWire

**Cary, United States, August 11th, 2025, CyberNewsWire**

**Hands-on cybersecurity and IT training leader recognized for innovation in practical, work-ready education**

INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences.

Training Industry evaluated companies based on course quality and scope, market presence and innovation, client relationships, and business growth. INE’s selection underscores the company’s commitment to cybersecurity education that bridges the gap between theoretical knowledge and real-world application.

> “This year’s Top 20 Online Learning Library companies stood out for their expansive content libraries and the depth of features built into their platforms,” said Jalen Banks, market research analyst at Training Industry, Inc. “These providers offer timely, on-demand content supported by reinforcement tools and assessments. Their advanced technology and data capabilities enable dynamic, adaptive learning experiences that foster learner engagement, build critical skills, and ultimately drive meaningful outcomes for the organizations they serve.”

> “This recognition validates our longstanding commitment to delivering training that truly prepares professionals for the challenges they face in their roles,” said Dara Warn, CEO of INE. “We focus on creating learning experiences that go beyond traditional coursework to provide practical skills that professionals can immediately apply in their organizations. When teams complete our programs, they’re equipped to strengthen their organization’s security posture and address complex infrastructure challenges with confidence.”

INE distinguishes itself through its emphasis on the practical application of cybersecurity and IT training for organizations and individuals. The training platform features more than 700 expert-led courses, 50+ learning paths, and thousands of hands-on labs that replicate actual network environments and security scenarios. Professionals and teams engage with industry-standard tools and tackle the same challenges they encounter in enterprise environments, whether pursuing cybersecurity certifications, network security certifications, or advancing their expertise through comprehensive network certification prep.

**Building on Recent Industry Recognition**

This Training Industry honor follows a series of notable recognitions for INE in recent months. This year, G2 awarded the company more than three dozen badges, including Grid Leader designations for Cybersecurity Professional Development, Online Course Providers, and Technical Skills Development.

INE also earned placement on Training Industry’s 2023 Top 20 Online Learning Libraries list, as well as on Training Industry’s 2023 Watch Lists for Experiential Learning Capabilities and IT and Technical Training, which recognized organizations’ visibility, innovation, and impact in the IT and technical training market. Combined with multiple Global Infosec Awards, SC Media Excellence Awards, and consistent recognition as a G2 Top Training Provider, these honors reflect INE’s sustained excellence in the technical training sector.

**Addressing Industry Needs Through Practical Education**

Since its founding in 2003, INE has partnered with Fortune 500 companies to address a critical challenge in the industry: the gap between traditional training methodologies and job-ready competencies. Organizations across industries rely on INE to develop their cybersecurity and networking teams, while individual professionals leverage INE as a training partner to advance their careers. INE’s approach connects theoretical concepts with practical application, providing learners with context for when and how to apply their knowledge effectively in real-world business environments.

> “Our methodology centers on experiential learning because we believe that hands-on practice is essential for developing true expertise,” Warn explained. “Our lab environments place learners in realistic scenarios where they must identify, analyze, and remediate security issues. This approach develops the kind of practical competency that translates directly to workplace effectiveness and organizational resilience.”

INE’s comprehensive IT training programs serve both organizations seeking to develop their teams and individual professionals advancing their careers. Companies use INE’s enterprise solutions to upskill existing teams, mitigate cybersecurity risk, and build more resilient IT operations. Recent program additions include the Mobile Application Penetration Testing certification (eMAPT) and the Certified Threat Hunting Professional certification (eCTHP), both designed around authentic scenarios that reflect current industry challenges and organizational needs.

**About INE**

INE is an award-winning, premier provider of online networking and cybersecurity education, including cybersecurity training and certification. INE is trusted by Fortune 500 companies and IT professionals around the globe. Leveraging a state-of-the-art hands-on lab platform, advanced technologies, a global video distribution network, and instruction from world-class experts, INE sets the standard for high-impact, career-advancing technical education.

**Contact**

**Director of Global Strategic Communications and Events**  
**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Named to Training Industry’s 2025 Top 20 Online Learning Library List

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and…

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and what you need to do to protect yourself from scams, as the company warns customers to be on high alert.

French telecommunications giant Bouygues Telecom has confirmed a cyberattack that resulted in the personal information of 6.4 million customers being exposed. The company, which serves nearly 27 million mobile users across France, discovered the security breach on August 4th.

****What Was Compromised?****

An investigation by the company revealed that hackers gained access to a variety of customer details. This includes contact information, contract details, and, for many, their International Bank Account Number (IBAN). An IBAN is a unique number that identifies a bank account and is used to process transactions like direct deposits or transfers.

Bouygues has confirmed that more sensitive data, like passwords and credit card numbers, were not affected in this breach. Both individual and business customers were impacted by the attack. The company promptly reported the incident to French authorities and is alerting all affected customers via email or text message.

Hackers planning to leak Bouygues Telecom data soon (Image credit: Hackread.com)

****What Should Customers Do?****

In response to the breach, Bouygues is urging its customers to be extremely cautious of potential scams. Customers should watch for any suspicious emails or phone calls from people pretending to be from Bouygues or another company, as scammers might use the stolen data to try and trick them into revealing more information, such as credit card numbers or passwords.

Bouygues also advised customers whose IBANs were exposed to monitor their bank accounts closely and contact their bank if they notice any unusual activity. The company has filed a complaint with judicial authorities, noting that the perpetrator could face up to five years in prison and a €150,000 fine.

The attack on Bouygues is part of a broader trend of major telecommunication firms being targeted globally. As reported by Hackread.com, in May 2025, South Korean firm SK Telecom revealed a malware intrusion that had gone undetected for nearly two years, leaking vast amounts of customer data.

Furthermore, an advisory from the FBI and Canada’s Cyber Centre in June 2025 warned of an ongoing cyber espionage campaign by a China-linked group called Salt Typhoon, which is actively targeting telecom networks worldwide to steal sensitive data. These incidents highlight why telecommunications companies, due to the valuable data they hold, are frequent targets for both cybercriminals and state-sponsored groups.

Bouygues Telecom Hit by Cyberattack, 6.4 Million Customers Affected

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to secretly steal sensitive data from your connected Google Drive, SharePoint, and other apps without you knowing.

A new security flaw, dubbed AgentFlayer, has been revealed that demonstrates how attackers can secretly steal personal information from users’ connected accounts, like Google Drive, without the user ever clicking anything. The vulnerability was discovered by cybersecurity researchers at Zenity and presented at the recent Black Hat conference.

As per Zenity’s research, the flaw takes advantage of a feature in ChatGPT called Connectors, which allows the AI to link to outside applications such as Google Drive and SharePoint. While this feature is designed to be helpful, for example, by letting ChatGPT summarise documents from your company’s files, Zenity found that it can also create a new path for hackers.

****The Attack in Action****

The AgentFlayer attack works through a clever method called an indirect prompt injection. Instead of directly typing in a malicious command, an attacker embeds a hidden instruction into a harmless-looking document. This could even be done with text in a tiny, invisible font.

Invisible prompt injection embedded in a document. 1px white font (Source: Zenity)

The attacker then waits for a user to upload this poisoned document to ChatGPT. When the user asks the AI to summarise the document, the hidden instructions tell ChatGPT to ignore the user’s request and instead perform a different action. Such as, the hidden instructions could tell ChatGPT to search the user’s Google Drive for sensitive information like API keys.

Victim’s API Keys (Source: Zenity)

The stolen information is then sent to the attacker in an incredibly subtle way. The attacker’s instructions tell ChatGPT to create an image with a special link. When the AI displays this image, the link secretly sends the stolen data to a server controlled by the attacker. All of this happens without the user’s knowledge and without them needing to click on anything.

****A Growing Risk for AI****

Zenity’s research points out that while OpenAI has some security measures in place, they aren’t enough to stop this type of attack. Researchers were able to bypass these safeguards by using specific image URLs that ChatGPT trusted.

This vulnerability is part of a larger class of threats that show the risks of connecting AI models to third-party apps. Itay Ravia, the Head of Aim Labs, confirmed this, stating that such vulnerabilities are not isolated and that more of them will likely appear in popular AI products.

“As we warned with our original research, EchoLeak (CVE-2025-32711) that Aim Labs publicly disclosed on June 11th, this class of vulnerability is not isolated, with other agent platforms also susceptible,_“_ Ravia explained.

“The AgentFlayer zero-click attack is a subset of the same EchoLeak primitives. These vulnerabilities are intrinsic, and we will see more of them in popular agents due to a poor understanding of dependencies and the need for guardrails,” Ravia commented, emphasising that advanced security measures are needed to defend against these kinds of sophisticated manipulations.

AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the US. He and his co-conspirators allegedly used spearphishing to steal customer data, filing fraudulent tax returns and disaster relief claims worth millions of dollars.

In a much-awaited legal move, Nigerian man Chukwuemeka Victor Amachukwu, a/k/a “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” was recently extradited from France to the United States to face charges related to hacking, fraud, and identity theft.

The extradition, announced by the FBI and the Department of Justice, marks the culmination of extensive teamwork between US and French law enforcement agencies and is a major step in the ongoing case.

According to statements from US Attorney Jay Clayton and FBI Assistant Director Christopher G. Raia, Amachukwu is a key figure in a scheme that has allegedly stolen millions of dollars. The charges against him and his co-conspirators include a sophisticated plan to hack into tax businesses across the US, including locations in New York and Texas.

The alleged fraud began around 2019, when Amachukwu and his partners, including a person named Kinglsey Uchelue Utulu, used deceptive emails to gain access to the computer systems of tax preparation businesses. These types of emails, known as spearphishing, are highly targeted messages designed to trick specific individuals into revealing sensitive information or granting system access. Once inside, the group stole personal and tax information from thousands of customers.

They then used this stolen data to file fraudulent tax returns with the IRS and state tax authorities, seeking approximately $8.4 million and successfully obtaining around $2.5 million. The scheme didn’t stop there. The group also reportedly used the stolen identities to file fake claims with the Small Business Administration’s Economic Injury Disaster Loan program, securing an additional $819,000 in fraudulent payouts. This program is designed to provide financial relief to businesses affected by disasters.

In a separate scheme, Amachukwu is also accused of running a fake investment program. He allegedly promised victims valuable standby letters of credit that didn’t actually exist, and instead, “pocketed millions of dollars of his victims’ money,” according to US Attorney Clayton.

Amachukwu, 39, faces several serious charges, including conspiracy to commit computer intrusions, multiple counts of wire fraud, and aggravated identity theft (PDF). If convicted, these charges could lead to a lengthy prison sentence. He was presented before US Magistrate Judge Robert W. Lehrburger, with the case now assigned to US District Judge Paul G. Gardephe.

The FBI praised the work of its international partners, including the Justice Department’s Office of International Affairs and the French National Gendarmerie, for their help in the arrest and extradition. As is customary, the defendant is presumed innocent until proven guilty in a court of law.

Source

HackRead