Infoblox cybersecurity researchers investigating the mysterious activities of 'Muddling Meerkat' unexpectedly uncovered widespread use of domain spoofing in malicious spam campaigns.

****SUMMARY****

*   **Infoblox discovered widespread domain spoofing in spam campaigns while investigating ‘Muddling Meerkat.’**

*   **Collaboration with the cybersecurity community linked Muddling Meerkat’s DNS activities to spam distribution.**

*   **Researchers identified multiple spam campaigns through abuse reports and domain analysis.**

*   **Techniques included phishing with QR codes, impersonating brands, extortion, and mysterious financial spam.**

*   **The findings show domain spoofing remains highly effective, bypassing current security measures.**

In its latest report, cybersecurity firm Infoblox has revealed how scammers use domain spoofing in spam campaigns, a discovery made through a collaboration between the cybersecurity and networking community on research about **the Chinese Great Firewall**.

This research project was initially aimed at understanding the activities of a threat actor known as a Muddling Meerkat. Muddling Meerkat is known for conducting strange DNS operations involving fake Chinese Great Firewall responses. The researchers could not determine the ultimate purpose of Muddling Meerkat’s activities, but they did learn a lot about how domain spoofing is used in **malspam**.

The research team, initially perplexed by Muddling Meerkat’s activities, sought external perspectives by sharing their findings with the broader security community. One key observation pointed towards a potential connection between Muddling Meerkat’s operations and spam distribution. 

Several organizations reported receiving abuse notifications for domains they owned, often internal domains with limited external exposure. These notifications indicated large-scale spam campaigns originating from Chinese IP addresses, targeting major email providers. This observation resonated with the team’s own findings, as they had **previously observed** Muddling Meerkat generating fake mail server (MX) records emanating from Chinese IP space.

A significant breakthrough occurred when the researchers discovered that they owned several of the “target” domains identified in the Muddling Meerkat research. By analysing abuse reports related to their own domains, leveraging their authoritative DNS server logs, and examining their internal spam collection, the researchers gained unprecedented insights into the tactics employed by spammers.

The investigation yielded a treasure trove of information about modern **malspam techniques**. Several distinct campaigns were identified, each employing sophisticated domain spoofing tactics to deceive recipients. These include QR Code Phishing, targeting Chinese citizens with emails containing QR codes, which redirect victims to phishing websites. Japanese Phishing campaigns impersonate reputable brands like Amazon and major Japanese banks and lure users to fake login pages.

A phishing QR code and an Amazon phishing page (Via Infoblox)

Extortion campaigns demand ransom **payments in cryptocurrency** to prevent exposure. Mysterious Financial Campaigns, originating from China, send seemingly innocuous spreadsheet attachments purporting to be from a Chinese freight company. The purpose of these campaigns remains unclear, as they lack clear malicious content or motive, Infoblox researchers noted in their **technical blog** shared with Hackread.com.

Nevertheless, the research reveals a disturbing reality: domain spoofing remains a highly effective and prevalent tactic for spammers. Despite the existence of various security mechanisms designed to detect and prevent spoofing, these campaigns continue to evade detection and successfully reach their targets.

Infoblox’s research came just days after another domain abuse-related report was **published by WatchTowr**, which exposed more than 4,000 active hacker backdoors in expired domains and abandoned infrastructure worldwide. This shows the ongoing challenge of combating sophisticated spam techniques and the need for continuous implementation of cybersecurity measures.

1.  **Hackers Use Fake Domains in Trump Trading Card Scam**
2.  **99% of UAE’s .ae Domains Exposed to Phishing and Spoofing**
3.  **“Sitting Ducks” DNS Attack Lets Hackers Easy Domain Takeover**
4.  **Scammers Exploit Fake Domains in Dubai Police Phishing Scams**
5.  **DeFi Hack Alert: Squarespace Domains** **Vulnerable** **to DNS Hijacking**

Muddling Meerkat Linked to Domain Spoofing in Global Spam Scams

In my experience as a sysadmin, I have often found network connectivity issues challenging to troubleshoot. For those situations, tcpdump is a great ally.Take the course: Getting started with Linux fundamentalsTcpdump is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.A powerful and versatile tool that includes many options and filters, tcpdump can be used in a variety of cases. Because it's a command-line tool, it is ideal to run in remote servers or device

An introduction to using tcpdump at the Linux command line

Torrance, United States / California, 9th January 2025, CyberNewsWire

**Torrance, United States / California, January 9th, 2025, CyberNewsWire**

Criminal IP, a globally recognized Cyber Threat Intelligence (CTI) solution by AI SPERA, has launched its **Criminal IP Malicious Link Detector** add-in on the Microsoft Marketplace. This cutting-edge tool provides real-time phishing email detection and URL blocking for Microsoft Outlook, adding an essential layer of email security in the face of increasing cyber threats.

Advances in generative AI have driven a surge in sophisticated phishing attacks that are increasingly difficult to distinguish from legitimate communications. The Criminal IP Malicious Link Detector combats these threats by analyzing email links in real-time, detecting and blocking phishing URLs and malicious domains. Fully integrated with Microsoft Outlook and available for free, it provides robust protection for both individuals and organizations.

**Case Study: Phishing Email Targeting Cryptocurrency Wallet Users**

In one instance, Criminal IP detected a phishing email targeting Trust Wallet users. The email contained links disguised as official pages, aiming to deceive users into downloading malware. The Criminal IP Malicious Link Detector swiftly identified and blocked these malicious URLs in real-time, averting potential harm.

**Getting Started with the Criminal IP Malicious Link Detector**

Using the tool is straightforward:

1.     **Signing Up:** Creating an account on the Criminal IP platform.

2.    **Installing the Add-In:** Downloading and integrating the add-in from Microsoft Marketplace.

3.    **Start Scanning:** Email links are automatically scanned upon login, with results displayed instantly.

As cyber threats evolve rapidly, the **Criminal IP Malicious Link Detector** ensures the users’ emails are protected against phishing links and malicious URLs. Download it today to stay ahead of emerging cyber risks and strengthen email security.

**About AI SPERA**

AI SPERA, renowned for its advanced solutions, has expanded internationally, with ‘Criminal IP’ as its flagship offering. Operating in more than 150 countries, ‘Criminal IP’ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. AI SPERA’s ‘Criminal IP’ has recently entered the marketplace of major US data warehousing platforms, including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

**Contact**

**Michael Sena**  
**\[email protected\]**

Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace

Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit card data from 8,500 fans.

Source: Cal Sport Media via Alamy Stock Photo

Fans of the Green Bay Packers football franchise have been tackled by a payment-card skimmer; people who bought merch at the Packers Pro Shop website last fall may have had their personal data harvested.

In a data-breach notification letter to the 8,514 "cheeseheads" affected, the NFL juggernaut noted that its security staff was alerted to the code on Oct. 23, just as the team was gearing up to play the Jacksonville Jaguars in Week 8 of the 2024 season.

"We were alerted to the presence of malicious code inserted on the Pro Shop website by a third-party threat actor," reads the notice, which added that the team immediately asked the outside vendor that hosts the store to take the e-commerce site offline. "The malicious code may have allowed an unauthorized third party to view or acquire certain customer information entered at the checkout that used a limited set of payment options on the Pro Shop website."

Fortunately, the skimmer was active in only two windows: Between Sept. 23-24, and Oct. 3-23, 2024. And, fans who used a gift card, a Pro Shop website account, PayPal, or Amazon Pay weren't exposed.

Cybercriminals were able to score on everyone else though, collecting names, addresses (billing and shipping), emails, and full payment-card information, according to the notice.

Related:Hacking Group 'Silk Typhoon' Linked to US Treasury Breach

According to an analysis from Sansec, a Dutch e-commerce security company that notified Green Bay about the attack, the threat actors abused a JSONP callback and YouTube's oEmbed feature, which allows users to embed content from one website into another website. Ultimately, the skimmers were able to bypass the Content Security Policy (CSP) for the Pro Shop website, and "a script was injected from https://js-stats.com/getInjector. This script harvested data from input, select, and text area fields on the site, exfiltrating the captured information."

**A Pick 6 for Magecart & Other Cybercrime Carders?**

While there's no public attribution available for the incident, the cyberattack has all the hallmarks of a classic "Magecart" attack. Magecart is an umbrella term for a loose confederation of groups that steal credit cards by exploiting a vulnerability within a website to inject a malicious piece of code, which simply exfiltrates any data the users put into checkout pages on e-commerce sites.

Lately, these types of attacks have been on the rise, with scores of groups beyond classic Magecart actors running skimmer plays, researchers warn; the Packers are just the latest victim in the pass rush of maliciousness.

Related:Ransomware Targeting Infrastructure Hits Telecom Namibia

"There's no solid theory about why there's been an uptick in skimmer attacks,” says Javvad Malik, lead security awareness advocate at KnowBe4. "It could be a case of low-hanging fruit, a lot of e-commerce transactions over the holiday period when people are searching for deals, and also the ease through which some third parties can be compromised without triggering alarms."

According to the Recorded Future Payment Fraud Intelligence group, digital e-skimming will remain a top threat to e-commerce going forward, with bad actors relying on easy-to-use skimmer kits and persistent CMS security vulnerabilities. Plus, smaller security organizations (including those used by many sports franchises) are at particular risk.

"Payment Card Industry Data Security Standard (PCI DSS) requirements will continue aiming to improve security, but the impact will remain limited as many small and medium-sized retailers fail to adhere," said Boris Ivanov, principal malware researcher at Recorded Future, via email. "This gap will worsen the already serious problem of attackers exploiting vulnerable platforms and compromising payment data."

Meanwhile, Malik notes that sports teams might be in the cybercrime sites as a top target in part due to fan exuberance.

Related:CISA: Third-Party Data Breach Limited to Treasury Dept.

"Technically, sports organizations probably don't have any different challenges than others," he says. "What makes them attractive to criminals though is the fact that they have a loyal fan base that is willing to spend money on tickets and merchandise. Often during busy periods when tickets are released, there is a rush, so people will often ignore any security warnings in a bid to complete their purchase."

**The Payment-Skimmer Ground Game Is Hard to Defend Against**

Skimmers are also having a moment because the back-end complexity of the code running e-stores is on the rise, which offers cover for malware infestation and makes defense more porous.

"These are difficult to detect by nature, especially when these attacks take place by compromising third-party components, which can end up in organizations' blind spots," explains Malik. "Complexity and the reliance on many third parties is perhaps the biggest challenge to keep modern Web applications secure."

In the Packers' case, the Pro Shop is hosted by a third party, which complicates things even further.

"In the case of organizations outsourcing many components and hosting, security responsibility cannot be outsourced, so many organizations end up with a lack of skilled resources within the organization to keep an eye over the end-to-end security — something that is often fueled by budget constraints," Malik notes.

Ultimately, e-commerce organizations of all stripes, including those catering to Wisconsin NFL fans, need to balance security with business agility and the user experience, which creates a series of challenges. Technical complexity, resource constraints, skills shortages, and organizational culture can all affect how organizations approach Web security, Malik cautions.

"It's about embedding security into the very fabric of the business, rather than treating it as an afterthought," he says. "Some of the things you can do include implementing robust content security policies, undertaking regular security audits and penetration testing, employing real-time monitoring that can detect unusual code or behavior patterns, and finally, educating staff and fostering a culture of cybersecurity."

Dane Sherrets, staff innovation architect at HackerOne, notes that, from a coding standpoint, user input should be considered suspect until proven otherwise.

"Firstly, it's important to remind everyone never to explicitly trust user input and to treat all such inputs as potentially malicious," he says. "The Green Bay Packers incident, in particular, highlights the threat of exploiting a loophole in the site's CSP."

The Green Bay Packers did not immediately return a request for comment.

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Green Bay Packers' Online Pro Shop Sacked by Payment Skimmer

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Who are you? Who is the person behind the machine? Security involves asking people who they are all the time. Send us a cybersecurity-related caption to describe the above scene. Our favorite entry will win its wordsmith a $25 gift card.

Here are four convenient ways to submit your ideas before the Jan. 28, 2025 deadline:

*   Via social media: X, Facebook, and LinkedIn. (New! Bluesky, too!) (If you win, we'll respond to you on the same platform, requesting your email address.)
    

**Last Month's Winner**

Shout out — and a $25 Amazon gift card — to Marcello Delcaro, winner of the July contest "Cyber Cloudburst," for sending us the winning caption for December's "Shackled!" cartoon. Some noteworthy contenders included "Corporate says we're free to innovate — just not free to leave," "Now I know why they are called control systems," and "Phase 3 of the Cyber Kill Chain-Exploitation." A big thank you to all who participated.

**About the Author**

Cartoonist

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Edge Toon: Greetings and Salutations

AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer…

AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer personalization, and competitive advantage in 2025.

It’s 2025 and Artificial Intelligence (AI) has transitioned from an emerging technology to a fundamental driver of business success. Today, integrating AI is more than just implementing new software; it’s about reshaping business models, improving operational efficiency, and fostering innovation.

In fact, according to a Forbes report, 72% of businesses have adopted AI for at least one business function, with nearly three out of four businesses leveraging AI to improve their operations. This marks a sharp increase from 2023 when less than a third of businesses reported using AI for two or more functions. 

To capitalize on the growing adoption of AI, businesses must prioritize developing a clear AI development strategy that positions them for long-term success. Here are several reasons why your business should adopt AI in 2025. Here are several reasons why your business should adopt AI now: 

****1\. Enhancing Operational Efficiency** **

The growth of AI technologies has been nothing short of remarkable. Machine learning algorithms now allow businesses to predict market trends with higher accuracy, enabling smarter decision-making. Similarly, AI-driven Natural Language Processing (NLP) makes it easier for businesses to interact with customers in more natural, intuitive ways, while computer vision opens doors for automation in industries like manufacturing, healthcare, and transportation. Businesses that embrace AI can improve productivity, reduce costs, and streamline operations. 

****2\. Growing Accessibility for Businesses of All Sizes** **

Once considered a tool for large corporations with hefty budgets, AI is now more accessible than ever. Cloud-based platforms from tech giants like Google, Amazon, and Microsoft offer scalable AI services that suit businesses of all sizes. This democratization of AI has made it possible for companies to adopt AI tools without the need for extensive technical expertise. Even small businesses can apply AI to boost their capabilities, thanks to pre-built models and open-source frameworks that lower costs and shorten implementation times. 

****3\. Staying Ahead of Competitors**  **

Companies that incorporate AI into their strategies are seeing a clear competitive advantage. Industry leaders are using it to develop new products, enhance customer experience, and optimize operations. AI has already made a significant impact across multiple sectors. In healthcare, AI-driven diagnostics, predictive health models, and personalized medicine are transforming patient care.

In transportation, autonomous vehicles and intelligent traffic management systems are changing the way goods and people move. Similarly, AI in finance is being used for fraud detection, personalized financial advice, and automated trading systems, while manufacturing companies are using predictive maintenance to avoid costly downtimes.   

As AI continues to evolve, businesses that hesitate to adopt these technologies risk falling behind. Competitors who adopt AI early will be able to meet customer expectations for faster, more personalized service, while those who delay will struggle to keep up, which leads us to our next point.   

****4\. Meeting Customer Expectations with Personalization** **

In today’s digital world, customers expect businesses to offer tailored, real-time experiences. AI makes it possible to analyze vast amounts of customer data and use that information to provide personalized recommendations, dynamic pricing, and targeted marketing campaigns. AI-driven chatbots and virtual assistants can enhance customer support by providing immediate, intelligent responses. With more personalized interactions, businesses can increase customer satisfaction, loyalty, and ultimately, revenue. 

****5\. Expanding Business Opportunities and Offerings** **

Integrating AI allows businesses to improve current processes while opening up new avenues for growth. AI can help businesses create innovative products and services that weren’t possible before. Whether it’s developing intelligent software for business analytics or enhancing existing services with AI capabilities, the possibilities are vast. For example, AI in healthcare is enabling the development of advanced diagnostic tools, while in transportation, smart innovations like self-driving cars are revolutionizing mobility. Adopting these technological advancements enables businesses to enter new markets and explore untapped revenue streams. 

****6\. Improving Decision-Making with Data-Driven Insights** **

AI excels at processing large volumes of data and extracting meaningful insights that humans may miss. This ability to turn data into actionable insights allows businesses to make more informed, timely decisions. With AI, businesses can identify trends, predict customer behavior, and assess risk with a level of precision that would be impossible with traditional methods. These insights can drive smarter strategies in marketing, operations, and finance, helping businesses stay agile and competitive in an ever-changing market. 

****Making The First Step****

Successfully integrating AI into your business starts with assessing your current capabilities. Review your technological infrastructure to ensure it can handle AI workloads, from computational power to cloud-based solutions. Data is at the core of AI, so it’s essential to assess your data quality and governance policies. Additionally, your workforce needs to be ready for this transformation. Ensure that your employees have the skills necessary for AI adoption and foster a culture of continuous learning and innovation.  

Before implementing new technologies, it’s important to evaluate potential AI applications based on their feasibility, expected return on investment (ROI), and alignment with your strategic priorities. Focus on projects that offer quick wins and measurable benefits. Some key areas where AI can make an immediate impact in 2025 include:  

*   **AI-Powered Data Analytics:** Deploy AI tools to process and analyze large datasets in real-time, providing actionable insights for strategic decision-making. This can enhance market intelligence, product development, and customer targeting.

*   **Cybersecurity Enhancements:** As cyber threats grow more sophisticated, AI-driven security systems can proactively detect and respond to vulnerabilities faster than traditional methods, safeguarding your business assets and maintaining customer trust.  

*   **Remote Work Optimization:** With the rise of remote and hybrid work models, AI can improve virtual collaboration, automate workflow management, and enhance employee productivity through intelligent virtual assistants and performance analytics.  

*   **Market Trend Forecasting:** Implement AI solutions that analyze market trends and consumer behavior to anticipate shifts and identify new opportunities. This foresight can help inform strategic pivots and investment decisions, keeping your business ahead of the competition.  

Positioning your business for success tomorrow starts with preparing for AI adoption today. As the AI infrastructure evolves, those who act early will set the standard in their industries. The future of business lies in AI, and now is the time to make it a cornerstone of your business.     

1.  **Enhance customer experiences with Generative AI**
2.  **Cyber Resiliency in the AI Era: Building the Unbreakable Shield**
3.  **AI Trends A Software Development Company to Follow in 2025**
4.  **A New Dawn for Storytelling: The Intersection of AI and Cinema**
5.  **Need for Specialized AI Models to Transform Industry Challenges**

6 Reasons Why You Should Integrate AI in Your Business in 2025 

Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.

Source: Anatoly Vartanov via Alamy Stock Photo

NEWS BRIEF

Volkswagen Group experienced a data breach last month, exposing sensitive personal information of roughly 800,000 electrical vehicle owners across its brands, including Volkswagen, Audi, Seat, and Skoda.

Initially reported by German publication Speigel, the breach has been attributed to an Amazon cloud storage system misconfiguration, which is managed by software subsidiary Cariad. The group reportedly left personal and location data openly accessible online for months on end, prompting the breach.

The anonymous hacker who discovered the breach reported it to Chaos Computer Club (CCC), a well known organization of ethical hackers in Europe. The CCC tested the open, insecure access before informing Cariad and Volkswagen.

The data exposed in the breach includes vehicle location information such as when EVs were switched on and off, along with location data, email addresses, phone numbers, and home addresses of car owners.

A wide variety of individuals have been affected by this breach, including at least two German politicians and the Hamburg police. While most affected vehicles were located in Germany, Spiegel's hired researchers found details about cars in Norway, Sweden, the UK, the Netherlands, France, Belgium, and Denmark.

Cariad reports that it acted quickly to solve the issue and closed off access the same day CCC contacted them. 

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Volkswagen Breach Exposes Data of 800K EV Customers

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

Source: Krot Studio via Alamy Stock Photo

A new jailbreak technique for OpenAI and other large language models (LLMs) increases the chance that attackers can circumvent cybersecurity guardrails and abuse the system to deliver malicious content.

Discovered by researchers at Palo Alto Networks' Unit 42, the so-called Bad Likert Judge attack asks the LLM to act as a judge scoring the harmfulness of a given response using the Likert scale. The psychometric scale, named after its inventor and commonly used in questionnaires, is a rating scale measuring a respondent's agreement or disagreement with a statement.

The jailbreak then asks the LLM to generate responses that contain examples that align with the scales, with the ultimate result being that "the example that has the highest Likert scale can potentially contain the harmful content," Unit 42's Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and Danny Tsechansky wrote in a post describing their findings.

Tests conducted across a range of categories against six state-of-the-art text-generation LLMs from OpenAI, Azure, Google, Amazon Web Services, Meta, and Nvidia revealed that the technique can increase the attack success rate (ASR) by more than 60% compared with plain attack prompts on average, according to the researchers.

The categories of attacks evaluated in the research involved prompting various inappropriate responses from the system, including: ones promoting bigotry, hate, or prejudice; ones engaging in behavior that harasses an individual or group; ones that encourage suicide or other acts of self-harm; ones that generate inappropriate explicitly sexual material and pornography; ones providing info on how to manufacture, acquire, or use illegal weapons; or ones that promote illegal activities.

Other categories explored and for which the jailbreak increases the likelihood of attack success include: malware generation or the creation and distribution of malicious software; and system prompt leakage, which could reveal the confidential set of instructions used to guide the LLM.

**How Bad Likert Judge Works**

The first step in the Bad Likert Judge attack involves asking the target LLM to act as a judge to evaluate responses generated by other LLMs, the researchers explained.

"To confirm that the LLM can produce harmful content, we provide specific guidelines for the scoring task," they wrote. "For example, one could provide guidelines asking the LLM to evaluate content that may contain information on generating malware."

Once the first step is properly completed, the LLM should understand the task and the different scales of harmful content, which makes the second step "straightforward," they said. "Simply ask the LLM to provide different responses corresponding to the various scales," the researchers wrote.

"After completing step two, the LLM typically generates content that is considered harmful," they wrote, adding that in some cases, "the generated content may not be sufficient to reach the intended harmfulness score for the experiment."

To address the latter issue, an attacker can ask the LLM to refine the response with the highest score by extending it or adding more details. "Based on our observations, an additional one or two rounds of follow-up prompts requesting refinement often lead the LLM to produce content containing more harmful information," the researchers wrote.

**Rise of LLM Jailbreaks**

The exploding use of LLMs for personal, research, and business purposes has led researchers to test their susceptibility to generate harmful and biased content when prompted in specific ways. Jailbreaks are the term for methods that allow researchers to bypass guardrails put in place by LLM creators to avoid the generation of bad content.

Security researchers have already identified several types of jailbreaks, according to Unit 42. They include one called persona persuasion; a role-playing jailbreak dubbed Do Anything Now; and token smuggling, which uses encoded words in an attacker's input.

Researchers at Robust Intelligence and Yale University also recently discovered a jailbreak called Tree of Attacks with Pruning (TAP), which involves using an unaligned LLM to "jailbreak" another aligned LLM, or to get it to breach its guardrails, quickly and with a high success rate.

Unit 42 researchers stressed that their jailbreak technique "targets edge cases and does not necessarily reflect typical LLM use cases." This means that "most AI models are safe and secure when operated responsibly and with caution," they wrote.

**How to Mitigate LLM Jailbreaks**

However, no LLM matter is completely secure from jailbreaks, the researchers cautioned. The reason that they can undermine the security that OpenAI, Microsoft, Google, and others are building into their LLMs is mainly due to the computational limits of language models, they said.

"Some prompts require the model to perform computationally intensive tasks, such as generating long-form content or engaging in complex reasoning," they wrote. "These tasks can strain the model's resources, potentially causing it to overlook or bypass certain safety guardrails."

Attackers also can manipulate the model's understanding of the conversation's context by "strategically crafting a series of prompts" that "gradually steer it toward generating unsafe or inappropriate responses that the model's safety guardrails would otherwise prevent," they wrote.

To mitigate the risks from jailbreaks, the researchers recommend applying content-filtering systems alongside LLMs for jailbreak mitigation. These systems run classification models on both the prompt and the output of the models to detect potentially harmful content.

"The results show that content filters can reduce the ASR by an average of 89.2 percentage points across all tested models," the researchers wrote. "This indicates the critical role of implementing comprehensive content filtering as a best practice when deploying LLMs in real-world applications."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Source: Anggalih Prasetya via Shutterstock

Most industry analysts expect organizations will accelerate efforts to harness generative artificial intelligence (GenAI) and large language models (LLMs) in a variety of use cases over the next year.

Typical examples include customer support, fraud detection, content creation, data analytics, knowledge management, and, increasingly, software development. A recent survey of 1,700 IT professionals conducted by Centient on behalf of OutSystems had 81% of respondents describing their organizations as currently using GenAI to assist with coding and software development. Nearly three-quarters (74%) plan on building 10 or more apps over the next 12 months using AI-powered development approaches.

While such use cases promise to deliver significant efficiency and productivity gains for organizations, they also introduce new privacy, governance, and security risks. Here are six AI-related security issues that industry experts say IT and security leaders should pay attention to in the next 12 months.

**AI Coding Assistants Will Go Mainstream — and So Will Risks**

Use of AI-based coding assistants, such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI Codex, will go from experimental and early adopter status to mainstream, especially among startup organizations. The touted upsides of such tools include improved developer productivity, automation of repetitive tasks, error reduction, and faster development times. However, as with all new technologies, there are some downsides as well. From a security standpoint these include auto-coding responses like vulnerable code, data exposure, and propagation of insecure coding practices.

"While AI-based code assistants undoubtedly offer strong benefits when it comes to auto-complete, code generation, re-use, and making coding more accessible to a non-engineering audience, it is not without risks," says Derek Holt, CEO of Digital.ai. The biggest is the fact that the AI models are only as good as the code they are trained on. Early users saw coding errors, security anti-patterns, and code sprawl while using AI coding assistants for development, Holt says. "Enterprises users will continue to be required to scan for known vulnerabilities with \[Dynamic Application Security Testing, or DAST; and Static Application Security Testing, or SAST\] and harden code against reverse-engineering attempts to ensure negative impacts are limited and productivity gains are driving expect benefits."

**AI to Accelerate Adoption of xOps Practices**

As more organizations work to embed AI capabilities into their software, expect to see DevSecOps, DataOps, and ModelOps — or the practice of managing and monitoring AI models in production — converge into a broader, all-encompassing xOps management approach, Holt says. The push to AI-enabled software is increasingly blurring the lines between traditional declarative apps that follow predefined rules to achieve specific outcomes, and LLMs and GenAI apps that dynamically generate responses based on patterns learned from training data sets, Holt says. The trend will put new pressures on operations, support, and QA teams, and drive adoption of xOps, he notes.

"xOps is an emerging term that outlines the DevOps requirements when creating applications that leverage in-house or open source models trained on enterprise proprietary data," he says. "This new approach recognizes that when delivering mobile or web applications that leverage AI models, there is a requirement to integrate and synchronize traditional DevSecOps processes with that of DataOps, MLOps, and ModelOps into an integrated end-to-end life cycle." Holt perceives this emerging set of best practices will become hyper-critical for companies to ensure quality, secure, and supportable AI-enhanced applications.

**Shadow AI: A Bigger Security Headache**

The easy availability of a wide and rapidly growing range of GenAI tools has fueled unauthorized use of the technologies at many organizations and spawned a new set of challenges for already overburdened security teams. One example is the rapidly proliferating — and often unmanaged — use of AI chatbots among workers for a variety of purposes. The trend has heightened concerns about the inadvertent exposure of sensitive data at many organizations.

Security teams can expect to see a spike in the unsanctioned use of such tools in the coming year, predicts Nicole Carignan, vice president of strategic cyber AI at Darktrace. "We will see an explosion of tools that use AI and generative AI within enterprises and on devices used by employees," leading to a rise in shadow AI, Carignan says. "If unchecked, this raises serious questions and concerns about data loss prevention as well as compliance concerns as new regulations like the EU AI Act start to take effect," she says. Carignan expects that chief information officers (CIOs) and chief information security officers (CISOs) will come under increasing pressure to implement capabilities for detecting, tracking, and rooting out unsanctioned use of AI tools in their environment.

**AI Will Augment, Not Replace, Human Skills**

AI excels at processing massive volumes of threat data and identifying patterns in that data. But for some time at least, it remains at best an augmentation tool that is adept at handling repetitive tasks and enabling automation of basic threat detection functions. The most successful security programs over the next year will continue to be ones that combine AI's processing power with human creativity, according to Stephen Kowski, field CTO at SlashNext Email Security+.

Many organizations will continue to require human expertise to identify and respond to real-world attacks that evolve beyond the historical patterns that AI systems use. Effective threat hunting will continue to depend on human intuition and skills to spot subtle anomalies and connect seemingly unrelated indicators, he says. "The key is achieving the right balance where AI handles high-volume routine detection while skilled analysts investigate novel attack patterns and determine strategic responses."

AI's ability to rapidly analyze large datasets will heighten the need for cybersecurity workers to sharpen their data analytics skills, adds Julian Davies, vice president of advanced services at Bugcrowd. "The ability to interpret AI-generated insights will be essential for detecting anomalies, predicting threats, and enhancing overall security measures." Prompt engineering skills are going to be increasingly useful as well for organizations seeking to derive maximum value from their AI investments, he adds.

**Attackers Will Leverage AI to Exploit Open Source Vulns**

Venky Raju, field CTO at ColorTokens, expects threat actors will leverage AI tools to exploit vulnerabilities and automatically generate exploit code in open source software. "Even closed source software is not immune, as AI-based fuzzing tools can identify vulnerabilities without access to the original source code. Such zero-day attacks are a significant concern for the cybersecurity community," Raju says.

In a report earlier this year, CrowdStrike pointed to AI-enabled ransomware as an example of how attackers are harnessing AI to hone their malicious capabilities. Attackers could also use AI to research targets, identify system vulnerabilities, encrypt data, and easily adapt and modify ransomware to evade endpoint detection and remediation mechanisms.

**Verification, Human Oversight Will Be Critical**

Organizations will continue to find it hard to fully and implicitly trust AI to do the right thing. A recent survey by Qlik of 4,200 C-suite executives and AI decision-makers showed most respondents overwhelmingly favored the use of AI for a variety of uses. At the same time, 37% described their senior managers as lacking trust in AI, with 42% of mid-level managers expressing the same sentiment. Some 21% reported their customers as distrusting AI as well.

"Trust in AI will remain a complex balance of benefits versus risks, as current research shows that eliminating bias and hallucinations may be counterproductive and impossible," SlashNext's Kowski says. "While industry agreements provide some ethical frameworks, the subjective nature of ethics means different organizations and cultures will continue to interpret and implement AI guidelines differently." The practical approach is to implement robust verification systems and maintain human oversight rather than seeking perfect trustworthiness, he says.

Davies from Bugcrowd says there's already a growing need for professionals who can handle the ethical implications of AI. Their role is to ensure privacy, prevent bias, and maintain transparency in AI-driven decisions. "The ability to test for AI’s unique security and safety use cases is becoming critical," he says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

6 AI-Related Security Trends to Watch in 2025

This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley about whether anywhere is safe from AI slop.

_This week on the Lock and Code podcast…_

You can see it on X. You can see on Instagram. It’s flooding community pages on Facebook and filling up channels on YouTube. It’s called “AI slop” and it’s the fastest, laziest way to drive engagement.

Like “click bait” before it (“You won’t believe what happens next,” reads the trickster headline), AI slop can be understood as the latest online tactic in getting eyeballs, clicks, shares, comments, and views. With this go-around, however, the methodology is turbocharged with generative AI tools like ChatGPT, Midjourney, and MetaAI, which can all churn out endless waves of images and text with little restrictions.

To rack up millions of views, a “fall aesthetic” account on X might post an AI-generated image of a candle-lit café table overlooking a rainy, romantic street. Or, perhaps, to make a quick buck, an author might “write” and publish an entirely AI generated crockpot cookbook—they may even use AI to write the glowing reviews on Amazon. Or, to sway public opinion, a social media account may post an AI-generated image of a child stranded during a flood with the caption “Our government has failed us again.”

There is, currently, another key characteristic to AI slop online, and that is its low quality. The dreamy, Vaseline sheen produced by many AI image generators is easy (for most people) to spot, and common mistakes in small details abound: stoves have nine burners, curtains hang on nothing, and human hands sometimes come with extra fingers.

But little of that has mattered, as AI slop has continued to slosh about online.

There are AI-generated children’s books being advertised relentlessly on the Amazon Kindle store. There are unachievable AI-generated crochet designs flooding Reddit. There is an Instagram account described as “Austin’s #1 restaurant” that only posts AI-generated images of fanciful food, like Moo Deng croissants, and Pikachu ravioli, and Obi-Wan Canoli. There’s the entire phenomenon on Facebook that is now known only as “Shrimp Jesus.”

If none of this is making much sense, you’ve come to the right place.

Today, on the Lock and Code podcast with host David Ruiz, we’re speaking with Malwarebytes Labs Editor-in-Chief Anna Brading and ThreatDown Cybersecurity Evangelist Mark Stockley about AI slop—where it’s headed, what the consequences are, and whether anywhere is safe from its influence.

Tune in today to listen to the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

Tag

#amazon