For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

Source: Brain light via Alamy Stock Photo

COMMENTARY

In the battle against cyber threats, we're losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn't just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure.

Security operations centers (SOCs), the heart of cybersecurity, have become pressure cookers of burnout and frustration. The numbers tell a dire story: More than half of SOC analysts have considered leaving the field, and with them goes the institutional knowledge and expertise that take years to develop. Each departure is a victory for malicious actors, who know that even the most sophisticated tools are only as effective as the humans behind them.

There's a tendency to frame this simply as a talent shortage. In one sense, it is. 53% of organizations report a critical lack of skilled cybersecurity workers. But this misses the direness of the current reality. We can't hire our way out of this disaster. It takes years to develop an analyst capable of detecting and responding to sophisticated threats. By the time junior analysts gain the expertise to handle advanced attacks, they're already burning out and searching for greener pastures. Cyber defenders need relief now.

The crisis extends beyond front-line defenders. Nearly a quarter of chief information security officers (CISOs) and IT security leaders are considering stepping down, with 93% citing unsustainable stress levels. They face mounting pressure to demonstrate return on investment (ROI) while navigating increasing legal and compliance risks, and even personal liability. It's no wonder the average tenure of a CISO is only 18 to 26 months — less than half of the general C-suite tenure.

Somehow, we've normalized this chaos. In any other critical operation, like the military, this level of systemic burnout would be considered an existential risk. Instead, we keep piling on more tools, more alerts, and more responsibilities, mistaking the symptoms for the disease.

Our industry has a blind spot. We've focused so much on software and hardware that we've forgotten about the "humanware" of security workflows. We've overlooked the frontline analysts, the threat hunters, and the managers whose judgment and intellectual horsepower are the real engine of modern security operations.

This matters so deeply to me on a personal level. In my Air Force career, I was a special operations helicopter pilot. Picture it: skimming treetops under night vision goggles, working with elite teams, pushing the boundaries of what seemed possible. Despite the intense pressure and risk, I never once thought about walking away. Why? Because I had cutting-edge equipment, unwavering support from my leadership, and a mission that made my heart race. I would have done it for free.

Today, cyber defenders are the pilots of the 21st century. It's the coolest job on the planet: battling sophisticated adversaries in real-time, protecting the critical infrastructure that powers our economy, and racing against the clock to stop attacks that could affect millions. They should be having the time of their lives. Instead, they're burning out.

**Technology Isn't the Solution — Reshaping Support Is**

The answer isn't just better technology — it's about fundamentally reshaping how we support our people. The industry talks constantly about analysts learning from AI, but we're missing something crucial: the AI must learn from our analysts as well. Their expertise, their pattern recognition, their hard-won instincts about what doesn't look quite right; this human judgment is irreplaceable. We need to give our humans AI partners that learn from them, support them, freeing them to focus on the high-level, intellectually stimulating work that drew them to cybersecurity in the first place.

Imagine SOCs where analysts focus on outsmarting adversaries instead of drowning in false positives. Where AI handles the repetitive tasks but learns from human insights, creating a virtuous cycle of improvement. Where the technology amplifies human expertise instead of trying to replace it. Where the job is as exhilarating as flying a combat mission, because you have tools that learn and evolve alongside you. (In a recent episode of CSO Perspectives, I go into depth of what that looks like.)

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes.

It's time to revolutionize security operations. When we get this right, we won't just solve our retention crisis. We'll create a field that the best and brightest are eager to join, where analysts don't just survive, but thrive in the mission of keeping us all safe. The future of cybersecurity belongs not to those who build better tools, but to those who best empower defenders to wield them.

**About the Author**

Chief Product Officer, Andesite

William MacMillan, Chief Product Officer at Andesite, is an experienced executive leader, advisor and trusted voice on cyber, digital transformation and national security. Prior to Andesite, he served as the Senior Vice President for Information Security at Salesforce. Before retiring from the federal government, William served as the CISO at the Central Intelligence Agency, where he led a sweeping transformation of the CIA’s cybersecurity strategy and organization. Before this, he held multiple senior leadership positions at the CIA, dealing with various aspects of intelligence, counterintelligence and cyber operations. Throughout his career, William focused significant attention on insider threat, supply chain risk and incident response issues, as well as the development of CIA’s Cybersecurity Operations Center (CSOC).

Analyst Burnout Is an Advanced Persistent Threat

The framework suffers from an authenticated stored cross-site scripting vulnerability. Input passed to the 'content' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Title: CMU CERT/CC VINCE v2.0.6 Stored XSS  
Advisory ID: ZSL-2025-5917  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (3/5)  
Release Date: 10.02.2025

**Summary**

VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.

**Description**

The framework suffers from an authenticated stored cross-site scripting vulnerability. Input passed to the 'content' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

**Vendor**

Carnegie Mellon University - https://www.kb.cert.org

**Affected Version**

<=2.0.6

**Tested On**

nginx/1.20.0  
Django 3.2.17

**Vendor Status**

\[13.01.2023\] Vulnerability discovered.  
\[13.01.2023\] Vendor informed.  
\[30.03.2023\] Vendor releases version 2.0.7 to address this issue.  
\[10.02.2025\] Public security advisory released.

**PoC**

vince\_xss.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://github.com/CERTCC/VINCE/releases/tag/v2.0.7  
\[2\] https://packetstorm.news/files/id/189098/

**Changelog**

\[10.02.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

CMU CERT/CC VINCE v2.0.6 Stored XSS

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.

Artificial intelligence is changing industries from finance and healthcare to entertainment and cybersecurity. As AI adoption grows so do the risks to its integrity. AI models are being targeted by cybercriminals to manipulate, steal or exploit sensitive data. From adversarial attacks that mess with AI decision-making to large-scale data breaches the security landscape is more complex than ever.

The very nature of AI which relies on massive datasets, cloud computing power and decentralized processing creates vulnerabilities. Securing AI systems is not just about protecting data; it’s about reliability, trust and ethical usage.

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin which are creating new security models for their AI infrastructure.

****The Growing Threats to AI****

AI is a target for cybercriminals. AI models process sensitive data from financial transactions to medical records so are a treasure trove for hackers. Breaches not only expose confidential information but also raise ethical concerns about privacy violations and data misuse.

The biggest security risks are data breaches, model theft and infrastructure vulnerabilities. AI models rely on proprietary datasets and unauthorized access to these datasets can cause financial and reputational damage. Attackers can steal AI models or feed them adversarial data to mess with outputs and cause incorrect decision-making. Centralized AI cloud solutions are single points of failure and can be taken down and cause service disruptions.

To address these risks many AI platforms are moving away from traditional centralized models to decentralized architectures. By distributing AI workloads and data across multiple nodes companies can increase security, reduce failure risks and create more robust AI-driven ecosystems.

****How These Two Decentralized AI Brands Tackle Cybersecurity****

AI solutions use different strategies to keep systems safe from cyber threats like hacking, data leaks, and unauthorized access. By building strong security measures, they help protect sensitive information and ensure AI runs smoothly and securely. Let’s take a look.

****OORT: Protecting Data with Blockchain****

OORT secures its holistic AI offering with blockchain and decentralization to build a more powerful cloud. One of its key patented innovations is the Proof of Honesty (PoH) algorithm which makes AI computations verifiable and tamper-proof. 

Unlike traditional cloud systems that rely on centralised servers that can be targeted, OORT distributes data across a decentralized network, so the risk of breaches or unauthorised access is greatly reduced. Even if one part of the network is compromised the rest remain secure so continuity and reliability are maintained.

To add more security, OORT uses Olympus Protocol, a DAG-based system (PDF), so transactions are faster, cheaper, and more scalable. Instead of miners, it uses trusted committees to validate transactions and secure the network. This allows for zero fees, high speed, and easy interoperability with other chains, it’s a good fit for Web3.

Since the blockchain is immutable any attempt to alter data leaves a trail so attackers can’t cover their tracks. 

Additionally, OORT recently partnered with DeTaSECURE to add AI security and data integrity using advanced threat intelligence to fortify decentralized AI infrastructure against cyber threats and support trustless, verifiable AI models in Web3.

By combining blockchain verification with distributed validation OORT creates a trustless AI infrastructure where users don’t have to rely on a single entity to verify computations. Nodes across the network validate AI processes so it’s fair, accurate and secure.

Image: OORT Infra. Edge, Super and Backup Nodes.

This is particularly useful for industries that require high trust such as finance, healthcare and autonomous systems where AI-driven decisions are critical. Through these mechanisms, OORT secures AI applications reduces risk and provides a safer environment for advanced AI solutions.

****Filecoin: Eliminating Single Points of Failure****

AI models need large datasets which are often stored in the cloud. Traditional cloud storage has risks due to centralization which creates a single point of failure. Decentralized storage is a more secure option.

Decentralized storage is key for AI because it eliminates single points of failure, and reduces the impact of a cyber attack. It uses cryptographic proofs to ensure data integrity and authenticity and allows users to control encryption and access permissions.

Filecoin is a decentralized storage network that provides secure and scalable data storage solutions. It secures AI-related data through Proof-of-Replication and Proof-of-Spacetime, cryptographic methods that verify data integrity and prevent unauthorized modifications. 

Distributed storage nodes prevent centralization breaches by distributing AI datasets across multiple storage providers.

Client-controlled encryption allows users to encrypt their data before storing it so only authorized parties can access it. By using decentralized storage AI platforms can reduce their dependence on vulnerable cloud providers and build a more resilient infrastructure.

****AI and Cybersecurity Future****

As AI adoption grows so will the sophistication of attacks on AI systems. Solving these security challenges requires continuous innovation and collaboration between AI developers, security experts and regulatory bodies.

Several trends are shaping AI security. Federated learning is emerging as a method where AI models are trained across decentralized devices without sharing raw data, more privacy. Blockchain-powered AI security uses smart contracts and distributed ledgers to ensure transparency and prevent unauthorized modifications. AI is being used to detect security threats in real-time, more resilience against attacks.

With cyber threats getting more sophisticated, AI platforms need to get proactive with security to be trusted and reliable. Companies need to realize that security is not an afterthought but a foundation of AI innovation. 

Whether through decentralized infrastructure, encryption protocols or secure AI training environments, the future of AI security is resilience, transparency and bleeding-edge tech. By security from the start, AI developers and companies can build systems that are intelligent and threat-proof.

How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-4c37-7m5h-c8m9: Apache Felix Webconsole: XSS in services console

A new phishing campaign is targeting businesses with fake Facebook copyright notices.  Learn how to spot the signs and keep your Facebook account secure.

Facebook, the world’s leading social media platform, has become the subject of a new **phishing campaign** that has targeted over 12,000 email addresses across hundreds of businesses, reveals the latest research from Check Point Research (CPR). 

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

Reportedly, scammers are leveraging **Salesforce’s automated mailing** service to distribute these deceptive emails, without manipulating the sender ID, which makes these emails appear to originate from \[email protected\], lending a sense of authenticity to their operation.

These emails carry counterfeit Facebook logos and falsely accuse recipients of copyright infringement. Such as in a sample email screenshot researchers have shared, the attackers cite the unauthorized use of copyrighted music owned by Universal Music Group as the issue. 

According to CPR’s **report**, recipients are then threatened with account restrictions, including limitations on posting, live streaming, or advertising unless they contest the claim within a short timeframe.

2 of the phishing emails used in the campaign (Via CPR)

This deception continues with a fraudulent Facebook support page, the link to which is included in the email and unsuspecting victims are prompted to enter their login credentials. This page is designed to extract sensitive information, falsely claiming that these details are necessary for an account review rather than disablement.

The landing page itself mimics the legitimate Facebook interface as shown in the screenshot. It features an “Account Overview” section with details of a supposed “Account Restriction.”  It falsely claims the user is “not allowed to use Meta Products to advertise” due to non-compliance with Advertising Standards.  The page includes fake options to “Request a review” and “Unlock advanced features,” further enticing victims to provide their credentials.

The screenshot reveals a cybercriminal’s fraudulent landing page designed to harvest login credentials (Via CPR)

This campaign threatens Facebook-dependent businesses worldwide by allowing cybercriminals to control their admin accounts, alter content, manipulate messaging, delete posts, and modify security settings. This can lead to negative consequences such as client trust erosion, customer attrition, and potential legal actions. For businesses in regulated industries like healthcare and finance, breaches can result in non-compliance, fines, and legal challenges, researchers noted.

It is worth noting that Facebook is often targeted in copyright infringement-based scams. Last year, **Hackread reported** a sophisticated scam targeting META business owners, claiming their page would be permanently deleted due to a post allegedly infringing on trademark rights, forcing them to click on malicious links under the guise of resolving policy violations.

Therefore, organizations should implement a clear incident response plan, including steps for recovering compromised accounts, setting up alert systems for suspicious logins and unusual account activity and training employees to verify Facebook account page status. These strategies can significantly reduce vulnerability to the campaign.

Scammers Use Fake Facebook Copyright Notices to Hijack Accounts

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and **cybersecurity threats** are more sophisticated than ever. Artificial intelligence (AI) has stepped in as the most powerful tool to combat these challenges, but it’s no longer just about automation; it’s about making real-time decisions that prevent losses before they happen.

The impact of AI in logistics is undeniable. Companies leveraging **AI in logistics and transportation** have reported up to a **30%** (PDF) reduction in delivery times and 12% lower fuel costs, while AI-driven fraud detection systems are cutting supply chain losses by 40%.

However, AI’s expansion into logistics has also **opened new vulnerabilities**, as cybercriminals are finding ways to manipulate automated systems, hack self-driving fleets, and disrupt global supply chains. AI is not just revolutionizing logistics, it’s becoming the next growing target for cyberattacks

****Cybersecurity Risks in AI-Powered Logistics****

As logistics companies increasingly rely on AI-driven automation, they also expose themselves to cyberattacks that target these very systems. One of the most infamous cyberattacks in supply chain history, the **NotPetya ransomware attack on Maersk**, cost the company over $300 million, bringing global shipping to a standstill. Similarly, hackers are now attempting to breach AI-driven warehouses, manipulate cargo tracking systems, and exploit self-driving vehicle software to reroute valuable shipments.

The rise of AI-powered fraud is another growing concern. Cybercriminals are using AI to predict shipment schedules, intercept high-value goods, and manipulate route optimization algorithms to misdirect cargo. In some cases, attackers have even **poisoned AI models**, feeding them false data to cause miscalculations in supply chain forecasting. Without proper cybersecurity measures, AI-driven logistics can become a liability instead of an asset.

****How AI is Strengthening Cybersecurity in Logistics****

Fortunately, AI is not just a target; it’s also a powerful defence against cyber threats in logistics. Companies are deploying AI to detect anomalies, prevent fraud, and monitor logistics networks for suspicious activity in real time.

**AI-powered fraud detection** systems now scan supply chains for unusual shipment patterns, unauthorized reroutes, and manipulated cargo tracking data, helping prevent cargo theft before it happens.

AI is also playing an important role in predicting and preventing ransomware attacks on logistics infrastructure. By analyzing behavioural data, AI-driven security platforms can identify possible cybersecurity threats before they execute, reducing the risk of supply chain-wide disruptions. With cybercrime damages **projected** to reach $10.5 trillion annually by 2025, logistics companies must integrate AI-driven security into their operations, or risk falling victim to cybercriminals.

****AI’s Role in Logistics Security and Cybercrime****

While AI is strengthening supply chain security, cybercriminals are also exploiting it to deploy **AI-powered hacking tools** to exploit vulnerabilities. One of the most concerning trends is adversarial AI attacks, where hackers could manipulate AI learning models to create errors in logistics decision-making.

These attacks may lead to mismatched shipments, delayed deliveries, and unnecessary fuel consumption, costing businesses millions. To fight these threats, logistics companies must deploy AI-driven cyber threat detection systems, ensuring that their own AI models cannot be compromised by external attacks.

****The Future of AI in Logistics: Security is Non-Negotiable****

The logistics industry is moving toward an AI-driven future, but without proper cybersecurity safeguards, AI itself can become a major risk. In the coming years, more and more supply chain platforms will be AI-driven, but these systems will need security frameworks to prevent AI manipulation and hacking. Regulations such as the **EU’s AI Act** are already enforcing strict compliance measures, requiring logistics companies to ensure AI security in automated transportation and warehouse operations.

Autonomous trucking is another area where AI security is becoming a priority. AI-driven self-driving fleets are expected to **reduce shipping costs** by 20-25%, but without proper cybersecurity protocols, they could be hacked to cause accidents, rerouted deliveries, or large-scale disruptions. Logistics leaders must now invest in AI-driven cybersecurity solutions to protect their fleets, warehouses, and digital infrastructure.

****AI in Logistics: The Difference Between Growth and Crisis****

AI is no longer just a tool for efficiency, it’s a critical component in protecting logistics companies from financial and cyber threats. Organizations that fail to secure their AI-powered logistics systems face significant risks, including multi-million-dollar cyberattacks, AI-driven fraud, and supply chain disruptions.

The companies that act now, investing in AI-powered security and fraud detection, will dominate the future of logistics. Those that don’t risk falling victim to cybercriminals who are already targeting AI-driven supply chains.

The question is no longer whether AI should be part of logistics, it’s whether companies can protect their AI systems before it’s too late.

1.  **Harnessing AI for Proactive Threat Intelligence**
2.  **Using AI in Business Security Decision-Making**
3.  **Why Many New AI Tools Aren’t Available In Europe?**
4.  **Top AI Trends of 2025 Businesses Should Be Ready For**
5.  **How Will Blockchain Technology Revolutionize Logistics?**

AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics

The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.

Title: ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability  
Advisory ID: ZSL-2025-5916  
Type: Local/Remote  
Impact: Security Bypass, Privilege Escalation, Cross-Site Scripting  
Risk: (4/5)  
Release Date: 09.02.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.02

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[03.12.2024\] Vendor releases version 3.08.03 to address this issue.  
\[09.02.2025\] Public security advisory released.

**PoC**

abb\_aspect\_sess1.html

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-11317  
\[3\] https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-01  
\[4\] https://exchange.xforce.ibmcloud.com/vulnerabilities/390814  
\[5\] https://packetstorm.news/files/id/189097/  
\[6\] https://www.securityweek.com/researcher-says-abb-building-control-products-affected-by-1000-vulnerabilities/

**Changelog**

\[09.02.2025\] - Initial release  
\[10.02.2025\] - Added reference \[5\] and \[6\]

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability

LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has…

LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has emerged, with ORP operators providing unauthorized access to stolen accounts. Find out how attackers steal access and monetize LLM usage. 

The Sysdig Threat Research Team (TRT) has observed the rapid evolution of LLMjacking attacks since their **initial discovery** in May 2024, including the expansion to new Large Language Models (LLMs) like DeepSeek. Just days after DeepSeek-V3’s release, it was, reportedly, integrated into ORP instances, demonstrating the speed with which attackers adapt. 

****Exploitation of DeepSeek API Keys and Monetization of LLMjacking****

According to researchers, similarly, DeepSeek-R1 was incorporated into these platforms shortly after its release. Multiple ORPs have been found populated with DeepSeek API keys, indicating active exploitation of this new model. 

LLMjacking, driven by the high costs associated with cloud-based LLM usage, involves attackers compromising accounts to utilize these expensive services without paying. As per TRT’s updated findings, LLMjacking has become a well-established attack vector, with online communities actively sharing tools and techniques. 

They observed a rise in the monetization of LLMjacking where LLM access is being sold through ORPs (OpenAI Reverse Proxies) with one instance reportedly selling access for $30 per month. Operators often underestimate the costs associated with LLM usage, whereas researchers noticed that in one instance, with an uptime of just 4.5 days, nearly $50,000 in costs were generated, with Claude 3 Opus being the **most expensive**.

One of the ORP instances operated by an attacker (Via Sysdig)

****The Scale of Resource Exploitation****

The total token (LLM-generated words, character sets, or combinations of words/punctuation) usage across observed ORPs exceeded two billion, highlighting the scale of resource exploitation. The victims are legitimate account holders whose credentials have been stolen.

ORP usage remains a popular method for LLMjacking.  ORP servers, **acting as reverse proxies** for various LLMs, can be exposed through Nginx or dynamic domains like TryCloudflare, effectively masking the attacker’s source.  These proxies often contain numerous stolen API keys from different providers like OpenAI, Google AI, and Mistral AI, enabling attackers to provide LLM access to others. 

“Sysdig TRT found over a dozen proxy servers using stolen credentials across many different services, including OpenAI, AWS, and Azure. The high cost of LLMs is the reason cybercriminals (like the one in the example below) choose to steal credentials rather than pay for LLM services,” researchers noted in the **blog post**.

****Online Communities Exploiting LLMjacking****

Online communities like 4chan and Discord facilitate the sharing of LLM access through ORPs. Rentry.co is used for sharing tools and services. Researchers discovered numerous ORP proxies, some with custom domains and others using TryCloudflare tunnels, in LLM prompt logs within honeypot environments, tracing back to attacker-controlled servers.

Credential theft is a significant aspect of LLMjacking, where attackers target vulnerable services and use verification scripts to identify credentials for accessing ML services. Public repositories also provide exposed credentials. Customized ORPs, often modified for privacy and stealth, are used to access stolen accounts.

To combat LLMjacking, securing access keys and implementing strong identity management are crucial.  Best practices include avoiding hardcoding credentials, using temporary credentials, regularly rotating access keys, and monitoring for exposed credentials and suspicious account behaviour.

Hackers Monetize LLMjacking, Selling Stolen AI Access for $30 per Month

A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally.

A joint operation between the National Police and the Civil Guard concluded in the arrest of a suspected cybercriminal in Calpe, Alicante. The individual, whose name has not been released but goes by the handle of Natohub on **Breach Forums**, is allegedly responsible for over 40 cyberattacks targeting public and private entities in Spain and internationally and compromising personal data and sensitive documents.  

Among the Spanish government entities reportedly affected are the Civil Guard, the Ministries of Defence and Education, the National Currency and Timbre Factory, several Spanish universities and the Generalitat Valenciana, the governing body of the Valencian Community.

Internationally, databases belonging to NATO, the US Army, the United Nations, and the International Civil Aviation Organization (ICAO) were targeted.

ICAO publicly **acknowledged** the incident last month, after an account known as “Natohub” leaked information from the breach on the cybercriminal forum BreachForums, also claiming to possess the personal data of 14,000 UN delegates. 

“Natohub” on Breach Forums (Screenshot credit: Hackread.com)

“The reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” ICAO confirmed.

According to the Spanish police’s **official press release**, the arrest took place after an extensive investigation into crimes involving the unauthorized access and disclosure of sensitive information, damage to computer systems, and money laundering. 

The investigation began in February 2024 after a complaint from a Madrid business association that discovered their data published on a “specialized data leak forum.” Research revealed their website was compromised, data extracted, and the site defaced with a message claiming the hack. Eventually, investigators uncovered a pattern of cyberattacks occurring throughout 2024, culminating in late December, prompting the arrest.

“He attacked international agencies and governmental organizations by accessing databases with personal information from employees and clients, as well as internal documents that were subsequently sold or freely published in forums,” authorities noted.

Moreover, the individual used anonymous messaging apps and specialized navigation tools to create a complex technical network that made tracking a challenge for investigators. 

Authorities seized computer equipment, an iPhone, and around 50 cryptocurrency accounts containing “different types of cryptoactive” from the suspect’s residence. Spanish news outlet Larazon reports that the suspect is 18 years old and was released after a court appearance on the condition of passport confiscation.

Authorities Use Cellebrite to Extract Data from suspect’s iPhone (Via Spanish Police)

The National Cryptological Centre (CCN) of the National Intelligence Centre (CNI), the EUROPOL and the US Homeland Security Investigations (HSI) also assisted in this operation. This arrest is part of a larger effort by Spanish law enforcement to crack down on cybercrime, working with international agencies to dismantle cybercriminal operations originating within the country.

1.  Police Dismantle SIM Swapping Gang in Spain
2.  Spanish Police Nab Leader of Kelvin Security Hacker Group
3.  FBI Kills Kelihos Botnet after Russian Hacker Arrested in Spain
4.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
5.  Two Arrested in Spain as Authorities Dismantle Cracked and Nulled

Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches

Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.

_Wired_ reported this week that a 19-year-old working for **Elon Musk**‘s so-called **Department of Government Efficiency** (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a former denizen of ‘**The Com**,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.

Since President Trump’s second inauguration, Musk’s DOGE team has gained access to a truly staggering amount of personal and sensitive data on American citizens, moving quickly to seize control over databases at the **U.S. Treasury**, the **Office of Personnel Management**, the **Department of Education**, and the **Department of Health and Human Resources**, among others.

_Wired_ first reported on Feb. 2 that one of the technologists on Musk’s crew is a 19-year-old high school graduate named **Edward Coristine**, who reportedly goes by the nickname “Big Balls” online. One of the companies Coristine founded, **Tesla.Sexy LLC**, was set up in 2021, when he would have been around 16 years old.

“Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains,” _Wired_ reported. “One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.”

Mr. Coristine has not responded to requests for comment. In a follow-up story this week, _Wired_ found that someone using a Telegram handle tied to Coristine solicited a DDoS-for-hire service in 2022, and that he worked for a short time at a company that specializes in protecting customers from DDoS attacks.

A profile photo from Coristine’s WhatsApp account.

Internet routing records show that Coristine runs an Internet service provider called **Packetware** (AS400495). Also known as “**DiamondCDN**,” Packetware currently hosts tesla\[.\]sexy and diamondcdn\[.\]com, among other domains.

DiamondCDN was advertised and claimed by someone who used the nickname “**Rivage**” on several Com-based Discord channels over the years. A review of chat logs from some of those channels show other members frequently referred to Rivage as “Edward.”

From late 2020 to late 2024, Rivage’s conversations would show up in multiple Com chat servers that are closely monitored by security companies. In November 2022, Rivage could be seen requesting recommendations for a reliable and powerful DDoS-for-hire service.

Rivage made that request in the cybercrime channel “**Dstat**,” a core Com hub where users could buy and sell attack services. Dstat’s website dstat\[.\]cc was seized in 2024 as part of “Operation PowerOFF,” an international law enforcement action against DDoS services.

Coristine’s LinkedIn profile said that in 2022 he worked at an anti-DDoS company called **Path Networks**, which _Wired_ generously described as a “network monitoring firm known for hiring reformed blackhat hackers.” _Wired_ wrote:

“At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn résumé. Path has at times listed as employees **Eric Taylor**, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.”

The founder of Path is a young man named **Marshal Webb**. I wrote about Webb back in 2016, in a story about a DDoS defense company he co-founded called **BackConnect Security LLC**. On September 20, 2016, KrebsOnSecurity published data showing that the company had a history of hijacking Internet address space that belonged to others.

Less than 24 hours after that story ran, KrebsOnSecurity.com was hit with the biggest DDoS attack the Internet had ever seen at the time. That sustained attack kept this site offline for nearly 4 days.

The other founder of BackConnect Security LLC was **Tucker Preston**, a Georgia man who pleaded guilty in 2020 to paying a DDoS-for-hire service to launch attacks against others.

The aforementioned Path employee Eric Taylor pleaded guilty in 2017 to charges including an attack on our home in 2013. Taylor was among several men involved in making a false report to my local police department about a supposed hostage situation at our residence in Virginia. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as “swatting.”

CosmoTheGod rocketed to Internet infamy in 2013 when he and a number of other hackers set up the Web site exposed\[dot\]su, which “doxed” dozens of public officials and celebrities by publishing the address, Social Security numbers and other personal information on the former First Lady Michelle Obama, the then-director of the FBI and the U.S. attorney general, among others. The group also swatted many of the people they doxed.

_Wired_ noted that Coristine only worked at Path for a few months in 2022, but the story didn’t mention why his tenure was so short. A screenshot shared on the website pathtruths.com includes a snippet of conversations in June 2022 between Path employees discussing Coristine’s firing.

According to that record, Path founder Marshal Webb dismissed Coristine for leaking internal documents to a competitor. Not long after Coristine’s termination, someone leaked an abundance of internal Path documents and conversations. Among other things, those chats revealed that one of Path’s technicians was a Canadian man named **Curtis Gervais** who was convicted in 2017 of perpetrating dozens of swatting attacks and fake bomb threats — including at least two attempts against our home in 2014.

A snippet of text from an internal Path chat room, wherein members discuss the reason for Coristine’s termination: Allegedly, leaking internal company information. Source: Pathtruths.com.

On May 11, 2024, Rivage posted on a Discord channel for a DDoS protection service that is chiefly marketed to members of The Com. Rivage expressed frustration with his time spent on Com-based communities, suggesting that its profitability had been oversold.

“I don’t think there’s a lot of money to be made in the com,” Rivage lamented. “I’m not buying Heztner \[servers\] to set up some com VPN.”

Rivage largely stopped posting messages on Com channels after that. _Wired_ reports that Coristine subsequently spent three months last summer working at **Neuralink**, Elon Musk’s brain implant startup.

The trouble with all this is that even if someone sincerely intends to exit The Com after years of consorting with cybercriminals, they are often still subject to personal attacks, harassment and hacking long after they have left the scene.

That’s because a huge part of Com culture involves harassing, swatting and hacking other members of the community. These internecine attacks are often for financial gain, but just as frequently they are perpetrated by cybercrime groups to exact retribution from or assert dominance over rival gangs.

Experts say it is extremely difficult for former members of violent street gangs to gain a security clearance needed to view sensitive or classified information held by the U.S. government. That’s because ex-gang members are highly susceptible to extortion and coercion from current members of the same gang, and that alone presents an unacceptable security risk for intelligence agencies.

And make no mistake: The Com is the English-language cybercriminal hacking equivalent of a violent street gang. KrebsOnSecurity has published numerous stories detailing how feuds within the community periodically spill over into real-world violence.

When Coristine’s name surfaced in _Wired_‘s report this week, members of The Com immediately took notice. In the following segment from a February 5, 2025 chat in a Com-affiliated hosting provider, members criticized Rivage’s skills, and discussed harassing his family and notifying authorities about incriminating accusations that may or may not be true.

> 2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man  
> 2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done  
> 2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that  
> 2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about  
> 2025-02-05 16:29:56 UTC xewdy#0 edward  
> 2025-02-05 16:29:56 UTC .yarrb#0 rivagew  
> 2025-02-05 16:29:57 UTC vperked#0 Rivarge  
> 2025-02-05 16:29:57 UTC xewdy#0 diamondcdm  
> 2025-02-05 16:29:59 UTC vperked#0 i cant spell it  
> 2025-02-05 16:30:00 UTC hebeatsme#0 rivage  
> 2025-02-05 16:30:08 UTC .yarrb#0 yes  
> 2025-02-05 16:30:14 UTC hebeatsme#0 i have him added  
> 2025-02-05 16:30:20 UTC hebeatsme#0 hes on discord still  
> 2025-02-05 16:30:47 UTC .yarrb#0 hes focused on stroking zaddy elon  
> 2025-02-05 16:30:47 UTC vperked#0 https://en.wikipedia.org/wiki/Edward\_Coristine  
> 2025-02-05 16:30:50 UTC vperked#0 no fucking way  
> 2025-02-05 16:30:53 UTC vperked#0 they even made a wiki for him  
> 2025-02-05 16:30:55 UTC vperked#0 LOOOL  
> 2025-02-05 16:31:05 UTC hebeatsme#0 no way  
> 2025-02-05 16:31:08 UTC hebeatsme#0 hes not a good dev either  
> 2025-02-05 16:31:14 UTC hebeatsme#0 like????  
> 2025-02-05 16:31:22 UTC hebeatsme#0 has to be fake  
> 2025-02-05 16:31:24 UTC xewdy#0 and theyre saying ts  
> 2025-02-05 16:31:29 UTC xewdy#0 like ok bro  
> 2025-02-05 16:31:51 UTC .yarrb#0 now i wanna know what all the other devs are like…  
> 2025-02-05 16:32:00 UTC vperked#0 “\`Coristine used the moniker “bigballs” on LinkedIn and @Edwardbigballer on Twitter, according to The Daily Dot.\[“\`  
> 2025-02-05 16:32:05 UTC vperked#0 LOL  
> 2025-02-05 16:32:06 UTC hebeatsme#0 lmfaooo  
> 2025-02-05 16:32:07 UTC vperked#0 bro  
> 2025-02-05 16:32:10 UTC hebeatsme#0 bro  
> 2025-02-05 16:32:17 UTC hebeatsme#0 has to be fake right  
> 2025-02-05 16:32:22 UTC .yarrb#0 does it mention Rivage?  
> 2025-02-05 16:32:23 UTC xewdy#0 He previously worked for NeuraLink, a brain computer interface company led by Elon Musk  
> 2025-02-05 16:32:26 UTC xewdy#0 bro what  
> 2025-02-05 16:32:27 UTC alexaloo#0 I think your current occupation gives you a good insight of what probably goes on  
> 2025-02-05 16:32:29 UTC hebeatsme#0 bullshit man  
> 2025-02-05 16:32:33 UTC xewdy#0 this nigga got hella secrets  
> 2025-02-05 16:32:37 UTC hebeatsme#0 rivage couldnt print hello world  
> 2025-02-05 16:32:42 UTC hebeatsme#0 if his life was on the line  
> 2025-02-05 16:32:50 UTC xewdy#0 nigga worked for neuralink  
> 2025-02-05 16:32:54 UTC hebeatsme#0 bullshit  
> 2025-02-05 16:33:06 UTC Nashville Dispatch ##0000 ||@PD Ping||  
> 2025-02-05 16:33:07 UTC hebeatsme#0 must have killed all those test pigs with some bugs  
> 2025-02-05 16:33:24 UTC hebeatsme#0 ur telling me the rivage who failed to start a company  
> 2025-02-05 16:33:28 UTC hebeatsme#0 https://cdn.camp  
> 2025-02-05 16:33:32 UTC hebeatsme#0 who didnt pay for servers  
> 2025-02-05 16:33:34 UTC hebeatsme#0 ?  
> 2025-02-05 16:33:42 UTC hebeatsme#0 was too cheap  
> 2025-02-05 16:33:44 UTC vperked#0 yes  
> 2025-02-05 16:33:50 UTC hebeatsme#0 like??  
> 2025-02-05 16:33:53 UTC hebeatsme#0 it aint adding up  
> 2025-02-05 16:33:56 UTC alexaloo#0 He just needed to find his calling idiot.  
> 2025-02-05 16:33:58 UTC alexaloo#0 He found it.  
> 2025-02-05 16:33:59 UTC hebeatsme#0 bro  
> 2025-02-05 16:34:01 UTC alexaloo#0 Cope in a river dude  
> 2025-02-05 16:34:04 UTC hebeatsme#0 he cant make good money right  
> 2025-02-05 16:34:08 UTC hebeatsme#0 doge is about efficiency  
> 2025-02-05 16:34:11 UTC hebeatsme#0 he should make $1/he  
> 2025-02-05 16:34:15 UTC hebeatsme#0 $1/hr  
> 2025-02-05 16:34:25 UTC hebeatsme#0 and be whipped for better code  
> 2025-02-05 16:34:26 UTC vperked#0 prolly makes more than us  
> 2025-02-05 16:34:35 UTC vperked#0 with his dad too  
> 2025-02-05 16:34:52 UTC hebeatsme#0 time to report him for fraud  
> 2025-02-05 16:34:54 UTC hebeatsme#0 to donald trump  
> 2025-02-05 16:35:04 UTC hebeatsme#0 rivage participated in sim swap hacks in 2018  
> 2025-02-05 16:35:08 UTC hebeatsme#0 put that on his wiki  
> 2025-02-05 16:35:10 UTC hebeatsme#0 thanks  
> 2025-02-05 16:35:15 UTC hebeatsme#0 and in 2021  
> 2025-02-05 16:35:17 UTC hebeatsme#0 thanks  
> 2025-02-05 16:35:19 UTC chainofcommand#0 i dont think they’ll care tbh

Given the speed with which Musk’s DOGE team was allowed access to such critical government databases, it strains credulity that Coristine could have been properly cleared beforehand. After all, he’d recently been dismissed from a job _for allegedly leaking internal company information to outsiders_.

According to the national security adjudication guidelines (PDF) released by the **Director of National Intelligence** (DNI), eligibility determinations take into account a person’s stability, trustworthiness, reliability, discretion, character, honesty, judgement, and ability to protect classified information.

The DNI policy further states that “eligibility for covered individuals shall be granted only when facts and circumstances indicate that eligibility is clearly consistent with the national security interests of the United States, and any doubt shall be resolved in favor of national security.”

On Thursday, 25-year-old DOGE staff member **Marko Elez** resigned after being linked to a deleted social media account that advocated racism and eugenics. Elez resigned after _The Wall Street Journal_ asked the White House about his connection to the account.

“Just for the record, I was racist before it was cool,” the account posted in July. “You could not pay me to marry outside of my ethnicity,” the account wrote on X in September. “Normalize Indian hate,” the account wrote the same month, in reference to a post noting the prevalence of people from India in Silicon Valley.

Elez’s resignation came a day after the Department of Justice agreed to limit the number of DOGE employees who have access to federal payment systems. The DOJ said access would be limited to two people, Elez and **Tom Krause**, the CEO of a company called Cloud Software Group.

Earlier today, Musk said he planned to rehire Elez after **President Trump** and **Vice President JD Vance** reportedly endorsed the idea. Speaking at The White House today, Trump said he wasn’t concerned about the security of personal information and other data accessed by DOGE, adding that he was “very proud of the job that this group of young people” are doing.

A White House official told _Reuters_ on Wednesday that Musk and his engineers have appropriate security clearances and are operating in “full compliance with federal law, appropriate security clearances, and as employees of the relevant agencies, not as outside advisors or entities.”

_NPR_ reports Trump added that his administration’s cost-cutting efforts would soon turn to the Education Department and the Pentagon, “where he suggested without evidence that there could be ‘trillions’ of dollars in wasted spending within the $6.75 trillion the federal government spent in fiscal year 2024.”

GOP leaders in the Republican-controlled House and Senate have largely shrugged about Musk’s ongoing efforts to seize control over federal databases, dismantle agencies mandated by Congress, freeze federal spending on a range of already-appropriated government programs, and threaten workers with layoffs.

Meanwhile, multiple parties have sued to stop DOGE’s activities. ABC News says a federal judge was to rule today on whether DOGE should be blocked from accessing Department of Labor records, following a lawsuit alleging Musk’s team sought to illegally access highly sensitive data, including medical information, from the federal government.

At least 13 state attorney general say they plan to file a lawsuit to stop DOGE from accessing federal payment systems containing Americans’ sensitive personal information, reports _The Associated Press_.

Reuters reported Thursday that the U.S. Treasury Department had agreed not to give Musk’s team access to its payment systems while a judge is hearing arguments in a lawsuit by employee unions and retirees alleging Musk illegally searched those records.

_Ars Technica_ writes that The Department of Education (DoE) was sued Friday by a California student association demanding an “immediate stop” to DOGE’s “unlawfully” digging through student loan data to potentially dismantle the DoE.

Tag

#auth