Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

It seems like it’s hard to move on social media without some kind of mention of weight-loss injections these days. And, sure, these drugs can have a positive affect for many people, but not all these cases of weight loss are real, nor are the people promoting them who they say they are.

Weight-loss scams have been around for many years. Remember when senators grilled a then-popular television physician called Dr. Oz over his miraculous weight loss claims? That was 11 years ago.

And what would work better than celebrities promoting these scams? In 2018, the Federal Trade Commission posted a warning about scammers impersonating celebrities on social media. That warning was not about weight-loss scams in particular, but you get the drift.

So it was fortuitous timing that I noticed a familiar face in my Facebook friend suggestions.

Scammers, be warned: at some point I get curious and try to figure out what your angle is. So, I put on my best starstruck face and clicked the “Add friend” button.

Jodie must be very desperate to meet a man her own age, because she was quick to accept.

At first, I decided to play the waiting game. In my experience, scammers get to the point more quickly when they are the ones taking the initiative.

But Jodie’s patience outlasted mine and so I sent her a Direct Message to tell her how much of a fan I am and how happy I was she had accepted my friend request.

Apparently she is very busy, and she outlasted my patience again. So, I decided to look at her Facebook profile.

What I found was that her profile gets tagged extremely often. The posts she is tagged in are a mix of explicit content and weight-loss scams. Those include a lot of “before and after” pictures. In some of them the models even seem to be wearing the same clothes.

Weight-loss scams are a common threat on social media platforms like Facebook, and scammers have become increasingly sophisticated in their tactics.

Scammers tag fake celebrity profiles in their posts to increase visibility, hoping fans or unsuspecting users will see, share and click on the posts.

The goal is to sell products like keto supplements, apple cider vinegar gummies, CBD gummies, and many more that will allegedly help you lose weight without exercising and dieting.

The end goal is to ask exorbitant prices for useless products and get victims to pay—preferably repeatedly—for said products. The offers often resort to the fine print hidden under a huge discount that subscribes victims to a monthly plan which is notoriously hard to cancel or get refunds for.

The scammers operating Jodie’s profile like to use a redirect service, hosted at litewo.xyz. The service works similar to a URL shortener except for the fact that most of the URLs are not getting shorter by using it—about as effective as the weight-loss pills they are selling, you might say.

This weight-loss scam focuses on a few countries and has dedicated pages for each language area. The pages in English are all Kelly Clarkson themed.

Kelly Clarkson is an interesting subject for this type of campaign because she spoken publicly about her weight loss, but she didn’t achieve this by using any of the products the scammers are selling. She is also not affiliated with any of these scams, nor is Jodie Foster.

As usual the scammers try to hurry potential customers along by implying that their wonder cure is about to be sold out.

The scammers list the products at unbelievable prices, but the end result will sadly not be what you hope for. If you’re “lucky” you won’t receive anything. If you’re less fortunate you’ll receive some dangerous concoction that could ruin your health.

**Avoiding weight-loss scams**

Celebrities are well known for their brand collaborations and sponsored content. But to find out whether a celebrity is actually promoting something or if you’re looking at a scam, there are a few pointers you can use:

*   Search online for the celebrity’s name plus “scam” and you’re likely to find out that others have fallen for a particular scam.
*   Look at an official channel associated with the celebrity and see if the endorsement can be found there.
*   Do not get rushed into buying anything.
*   Read the fine print. Often this will tell you that you are signing up for a monthly subscription model instead of a one-time payment.
*   Research the name of the product the scammers are selling. In many cases you will learn that the name is associated with scams.
*   If you have bought one of these products, keep an eye on your financial accounts, because some scammers might use your card for other transactions.
*   Use an active security solution that blocks malicious domains.

**Malicious domains**

Domains we found to be associated with this weight-loss scam campaign:

litewo.xyz (redirect service)

lpuslanocio.com (Kelly Clarkson)

ssusfoeollu.com (Kelly Clarkson)

dauspouexoc.xyz (Kelly Clarkson)

dauswopqclz.xyz (Kelly Clarkson)

cbdefiapa.xyz (German)

cbdefiapa.xyz (German)

dehaoyunlai.xyz (German)

hysokmxy.xyz (Dutch)

blaoewoen.xyz (French)

frpieocoa.xyz (French)

**We don’t just report on scans—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Weight loss scams, or why &#8216;Jodie Foster&#8217; wants me to lose weight 

Human judgement remains central to the launch of nuclear weapons. But experts say it’s a matter of when, not if, artificial intelligence will get baked into the world’s most dangerous systems.

The people who study nuclear war for a living are certain that artificial intelligence will soon power the deadly weapons. None of them are quite sure what, exactly, that means.

In the middle of July, Nobel laureates gathered at the University of Chicago to listen to nuclear war experts talk about the end of the world. In closed sessions over two days, scientists, former government officials, and retired military personnel enlightened the laureates about the most devastating weapons ever created. The goal was to educate some of the most respected people in the world about one of the most horrifying weapons ever made and, at the end of it, have the laureates make policy recommendations to world leaders about how to avoid nuclear war.

AI was on everyone’s mind. “We’re entering a new world of artificial intelligence and emerging technologies influencing our daily life, but also influencing the nuclear world we live in,” Scott Sagan, a Stanford professor known for his research into nuclear disarmament, said during a press conference at the end of the talks.

It’s a statement that takes as given the inevitability of governments mixing AI and nuclear weapons—something everyone I spoke with in Chicago believed in.

“It’s like electricity,” says Bob Latiff, a retired US Air Force major general and a member of the Bulletin of the Atomic Scientists’ Science and Security Board. “It’s going to find its way into everything.” Latiff is one of the people who helps set the Doomsday Clock every year.

“The conversation about AI and nukes is hampered by a couple of major problems. The first is that nobody really knows what AI is,” says Jon Wolfsthal, a nonproliferation expert who’s the director of global risk at the Federation of American Scientists and was formerly a special assistant to Barack Obama.

“What does it mean to give AI control of a nuclear weapon? What does it mean to give a \[computer chip\] control of a nuclear weapon?” asks Herb Lin, a Stanford professor and Doomsday Clock alum. “Part of the problem is that large language models have taken over the debate.”

First, the good news. No one thinks that ChatGPT or Grok will get nuclear codes anytime soon. Wolfsthal tells me that there are a lot of “theological” differences between nuclear experts, but that they’re united on that front. “In this realm, almost everybody says we want effective human control over nuclear weapon decisionmaking,” he says.

Still, Wolfsthal has heard whispers of other concerning uses of LLMs in the heart of American power. “A number of people have said, ‘Well, look, all I want to do is have an interactive computer available for the president so he can figure out what Putin or Xi will do and I can produce that dataset very reliably. I can get everything that Xi or Putin has ever said and written about anything and have a statistically high probability to reflect what Putin has said,’” he says.

“I was like, ‘That’s great. How do you know Putin believes what he’s said or written?’ It’s not that the probability is wrong, it’s just based on an assumption that can’t be tested,” Wolfsthal says. “Quite frankly, I think very few of the people who are looking at this have ever been in a room with a president. I don’t claim to be close to any president, but I have been in the room with a bunch of them when they talk about these things, and they don’t trust anybody with this stuff.”

Last year, Air Force General Anthony J. Cotton, the military leader in charge of America’s nukes, gave a long speech at a conference about the importance of adopting AI. He said the nuclear forces were “developing artificial intelligence or AI-enabled, human led, decision support tools to ensure our leaders are able to respond to complex, time-sensitive scenarios.”

What keeps Wolfsthal up at night is not the idea that a rogue AI will start a nuclear war. “What I worry about is that somebody will say we need to automate this system and parts of it, and that will create vulnerabilities that an adversary can exploit, or that it will produce data or recommendations that people aren't equipped to understand, and that will lead to bad decisions,” he says.

Launching a nuclear weapon is not as simple as one leader in China, Russia, or the US pushing a button. Nuclear command and control is an intricate web of early warning radar, satellites, and other computer systems monitored by human beings. If the president orders the launch of an intercontinental ballistic missile, two human beings must turn keys in concert with each other in an individual silo to launch the nuke. The launch of an American nuclear weapon is the end result of a hundred little decisions, all of them made by humans.

What will happen when AI takes over some of that process? What happens when an AI is watching the early warning radar and not a human? “How do you verify that we’re under nuclear attack? Can you rely on anything other than visual confirmation of the detonation?" Wolfsthal says. US nuclear policy requires what’s called “dual phenomenology” to confirm that a nuclear strike has been launched: An attack must be confirmed by both satellite and radar systems to be considered genuine. “Can one of those phenomena be artificial intelligence? I would argue, at this stage, no.”

One of the reasons is basic: We don’t understand how many AI systems work. They’re black boxes. Even if they weren’t, experts say, integrating them into the nuclear decisionmaking process would be a bad idea.

Latiff has his own concerns about AI systems reinforcing confirmation bias. “I worry that even if the human is going to remain in control, just how meaningful that control is,” he says. “I’ve been a commander. I know what it means to be accountable for my decisions. And you need that. You need to be able to assure the people for whom you work there’s somebody responsible. If Johnny gets killed, who do I blame?”

Just as AI systems can’t be held responsible when they fail, they’re also bound by guardrails, training data, and programming. They can not see outside themselves, so to speak. Despite their much-hyped ability to learn and reason, they are trapped by the boundaries humans set.

Lin brings up Stanislav Petrov, a lieutenant colonel of the Soviet Air Defence Forces who saved the world in 1983 when he decided not to pass an alert from the Soviet’s nuclear warning systems up the chain of command.

“Let’s pretend, for a minute, that he had relayed the message up the chain of command instead of being quiet … as he was supposed to do … and then world holocaust ensues. Where is the failure in that?” Lin says. “One mistake was the machine. The second mistake was the human didn’t realize it was a mistake. How is a human supposed to know that a machine is wrong?”

Petrov didn’t know the machine was wrong. He guessed based on his experiences. His radar told him that the US had launched five missiles, but he knew an American attack would be all or nothing. Five was a small number. The computers were also new and had worked faster than he’d seen them perform before. He made a judgement call.

“Can we expect humans to be able to do that routinely? Is that a fair expectation?” Lin says. “The point is that you have to go outside your training data. You must go outside your training data to be able to say: ‘No, my training data is telling me something wrong.’ By definition, \[AI\] can’t do that.”

Donald Trump and the Pentagon have made it clear that AI is a top priority, and have invoked the nuclear arms race to do it. In May, the Department of Energy declared in a post on X that “AI is the next Manhattan Project, and the UNITED STATES WILL WIN.” The administration’s “AI Action Plan” depicted the rush towards artificial intelligence as an arms race, a competition against China that must be won.

“I think it’s awful,” Lin says of the metaphors. “For one thing, I knew when the Manhattan Project was done, and I could tell you when it was a success, right? We exploded a nuclear weapon. I don’t know what it means to have a Manhattan Project for AI.”

Nuclear Experts Say Mixing AI and Nuclear Weapons Is Inevitable

Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.

Google has patched six vulnerabilities in Android, including two critical vulnerabilities in its August 2025 Android Security Bulletin. It also covers a critical vulnerability which could have allowed an attacker to execute code on a victim’s device without the victim needing to do anything at all.

Last month, Google skipped its monthly security update for the first time in almost ten years. Normally we’ll see dozens of vulnerabilities addressed each month so the skipping was both welcome and slightly worrying. All this while Google reported that its Artificial Intelligence (AI) Big Sleep system found 20 vulnerabilities in several open-source software.

The August updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for them yourself.

For most phones it works like this: Under **About phone** or **About device** you can tap on **Software updates** to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

If your Android phone shows patch level 2025-08-05 or later then you can consider the issues as fixed.

Keeping your device as up to date as possible protects you from known vulnerabilities and helps you to stay safe.

**Technical information**

The critical RCE vulnerability is tracked as CVE-2025-48530: a vulnerability in the Android System which could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation. This makes it a top priority patch–which only affects Android version 16–since it poses the risk of attackers being able to compromise affected devices silently.

The other critical vulnerability is tracked as CVE-2025-21479: unauthorized command execution in GPU micronode can cause memory corruption while executing specific sequence of commands.

A GPU micronode, is a small, specialized part within the Graphics Processing Unit (GPU) that handles specific tasks related to processing and rendering graphics on the Android device. It’s a critical component for making the visuals work smoothly and correctly.

Researchers recently discovered serious vulnerabilities in the GPU micronode of Qualcomm’s Adreno GPUs, which power billions of Android devices. Qualcomm has identified three such vulnerabilities and this patch fixes the second one they warned about.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Critical Android vulnerabilities patched—update as soon as you can 

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Tuesday, August 5, 2025 09:00

*   Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. 
*   100+ models of Dell Laptops are affected by this vulnerability if left unpatched. 
*   The ReVault attack can be used as a post-compromise persistence technique that can remain even across Windows reinstalls.  
*   The ReVault attack can also be used as a physical compromise to bypass Windows Login and/or for any local user to gain Admin/System privileges. 

**Dell ControlVault overview **

Dell ControlVault is “a hardware-based security solution that provides a secure bank that stores your passwords, biometric templates, and security codes within the firmware.” A daughter board provides this functionality and performs these security features in firmware. Dell refers to the daughter board as a Unified Security Hub (USH), as it is used as a hub to run ControlVault (CV), connecting various security peripherals such as a fingerprint reader, smart card reader and NFC reader. 

Here is a photographic example of a USH board:  ​​​​

Picture of a USH Board running CV. 

This is the board in its natural environment:  

USH board (highlighted in orange) inside a Dell Latitude laptop. 

The current iterations of the product are called ControlVault3 and ControlVault3+. and can be found in more than 100 different models of actively-supported Dell laptops (see DSA-2025-053), mostly from the business-centric Lattitude and Precision series. These laptop models are widely used in the cybersecurity industry, government settings and challenging environments in their Rugged version. Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment, as they are necessary to enable these security features. 

**Findings **

Today, Talos is publishing five CVEs and their associated reports. The vulnerabilities include multiple out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050) an arbitrary free (CVE-2025-25215) and a stack-overflow (CVE-2025-24922), all affecting the CV firmware. We also reported an unsafe-deserialization (CVE-2025-24919) that affects ControlVault’s Windows APIs. 

**Impact **

With a lack of common security mitigations and the combination of some of the vulnerabilities mentioned above, the impact of these findings is significant. Let’s highlight two of the most critical attack scenarios we have uncovered. 

**Post-compromise pivot **

On the Windows side, a non-administrative user can interact with the CV  firmware using its associated APIs and trigger an Arbitrary Code Execution on the CV firmware. From this vantage point, it becomes possible to leak key material essential to the security of the device, thus gaining the ability to permanently modify its firmware. This creates the risk of a so-called implant that could stay unnoticed in a laptop’s CV firmware and eventually be used as a pivot back onto the system in the case of a Threat Actor’s post-compromise strategy. The following video shows how a tampered CV firmware can be used to “hack Windows” by leveraging the unsafe deserialization bug mentioned previously. 

0:00

/0:22

**Physical attack **

A local attacker with physical access to a user’s laptop can pry it open and directly access the USH board over USB with a custom connector. From there, all the vulnerabilities described previously become in-scope for the attacker without requiring the ability to log-in into the system or knowing a full-disk encryption password. While chassis-intrusion can be detected, this is a feature that needs to be enabled beforehand to be effective at warning of a potential tampering. 

Another interesting consequence of this scenario is that if a system is configured to be unlocked with the user’s fingerprint, it is also possible to tamper with the CV firmware to accept any fingerprint rather than only allowing a legitimate user’s.   

0:00

/0:07

**Mitigation **

To mitigate these attacks, Talos recommends the following: 

*   Keep your system up to date to ensure the latest firmware is installed. CV firmware can be automatically deployed via Windows Update, but new firmware usually gets released on the Dell website a few weeks prior. 
*   If not using any of the security peripherals (fingerprint reader, smart card reader and NFC reader) it is possible to disable the CV services (using the Service Manager) and/or the CV device (via the Device Manager).  
*   It is also worth considering disabling fingerprint login when risks are heightened (e.g., leaving one’s laptop unattended in a hotel room). Windows also provides Enhanced Sign-in Security (ESS), which may help mitigate some of the physical attacks and detect inappropriate CV firmware. 

**Detection **

To detect an attack, consider the following: 

*   Depending on your laptop model, chassis intrusion detection can be enabled in the computer’s BIOS. This would flag physical tampering and may require entering a password to clear the alert and restart the computer. 
*   In the Windows logs, unexpected crashes of the Windows Biometric Service or the various Credential Vault services could be a sign of compromise. 
*   Cisco customers using Cisco Secure Endpoint can be made aware of potential risks with the signature definition “bcmbipdll.dll Loaded by Abnormal Process”. 

**Conclusion **

These findings highlight the importance of evaluating the security posture of all hardware components within your devices, not just the operating system or software. As Talos demonstrated, vulnerabilities in widely-used firmware such as Dell ControlVault can have far-reaching implications, potentially compromising even advanced security features like biometric authentication. Staying vigilant, patching your systems and proactively assessing risk are essential to safeguard your systems against evolving threats.

ReVault! When your SoC turns against you…

Receiving an unexpected package in the post is not always a pleasant surprise.

Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR code which leads to a website aimed at stealing personal data or downloading malware to the victim’s device.

The packages are often shipped without sender information, only the QR code. This is a deliberate tactic of the cybercriminals who hope that the lack of information will encourage more people to scan the code.

These packages are a modern variant of brushing scams. In brushing scams, vendors send packages containing merchandise to unsuspecting recipients, and then use the recipient’s information to post positive reviews about their products or business.

The use of QR codes is the new element in this scam. Using QR codes in items sent in the post offers the criminals a few advantages. Firstly, people may not expect to end up with their device infected by something as non-technical as a physical letter. Secondly, QR codes are typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software.

As we reported in our “Tap. Swipe. Scam” mobile scam report, 66% of people have scanned a QR code to purchase something. With legitimate businesses employing the use of QR codes, it’s something people are becoming very used to doing.

What many people don’t realize, or remember too late, is that scanning a QR code without the proper safety measures is like clicking a link, with one caveat. With links, we can actually check where they are leading to before we click. However, with QR codes it’s impossible for most people to discern a malicious code from a legitimate one.

**How to protect yourself from brushing scams**

*   If you receive a package you didn’t order and it contains a QR code, do not scan it. Scanning can lead you to fake websites designed to steal your personal or financial information, or even install malware on your device.
*   Legitimate businesses almost always include a return address. Treat any mystery package without sender or return information with extra caution.
*   If you end up on a site asking for personal or financial information after scanning a QR code, do not enter that information. In the hands of scammers it can be used to defraud you.
*   Make sure your device is on the most up to date version. Cybercriminals will take advantage of recently discovered vulnerabilities that people are yet to update and protect themselves against.
*   When scanning QR codes use an app that displays the URL before opening the link. This makes it easier to establish whether it’s safe to follow the link.
*   Use up-to-date and active mobile protection, preferably one that includes web protection.
*   Use two-factor authentication (2FA) wherever you can to make it harder for scammers to access your accounts if they do get hold of your login details.
*   Secure your identity. If your information appears to have been used for a scam, consider freezing your credit, changing passwords, and monitoring bank and online accounts for suspicious activity. Or consider using Identity Theft Protection.
*   Report any brushing scams to the FBI at ic3.gov. Be sure to include as much information as possible, such as the name of the person or company that contacted you; the methods of communication used, including websites, emails, and telephone numbers; and any applications you may have downloaded or provided permissions to on your device.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Unexpected snail mail packages are being sent with scammy QR codes, warns FBI 

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history.
In close collaboration with the Microsoft Security Response Center (MSRC), these security researchers have helped identify and resolve more than a thousand potential vulnerabilities, strengthening protections for Microsoft customers around the world.

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed **$17 million** to **344 security researchers** from **59 countries**, the highest total bounty awarded in the program’s history.

In close collaboration with the Microsoft Security Response Center (MSRC), these security researchers have helped identify and resolve more than a thousand potential vulnerabilities, strengthening protections for Microsoft customers around the world.

The Microsoft Bounty Program is a key part of our proactive security approach. By incentivizing independent researchers to identify vulnerabilities in high-impact areas, including the rapidly evolving field of AI, we’re able to stay ahead of emerging threats. Through Coordinated Vulnerability Disclosure, these researchers play a critical role in reinforcing the trust that millions of users place in Microsoft technologies every day.

Microsoft’s bounty initiatives span a broad portfolio of Microsoft products and services, including Azure, Microsoft 365, Dynamics 365, Power Platform, Windows, Edge, Xbox, and more. Each program is designed with clear scopes, eligibility requirements, award tiers, and submission guidelines—ensuring that researchers can safely and effectively contribute to our shared mission to protect customers.  

For full program details, visit the https://aka.ms/bugbounty.

**Zero Day Quest**

In April the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud.

The event received more than 600 vulnerability submissions and awarded more than $1.6 million during the qualifying research challenge and live event.  

During the qualifying rounds, researchers submitted their work for a chance to attend the event in person and earn additional incentives beyond our regular bug bounty awards. A select group of researchers then dug in even further in Redmond and online for the live event where they worked on capture-the-flag challenges in Microsoft products, attended social events, and held technical discussions with the Microsoft security teams.

Nearly 100 researchers also participated in our training sessions, which included AI bug hunting with our AI Red Team, SSRF training with our engineering team, and tips and advice from the bounty team.

Zero Day Quest will return annually with new research challenges, bounty multipliers, and deeper collaboration between Microsoft product engineering teams, Microsoft security teams, and the security research community. The 2026 Research Challenge is now open, with the Live Hacking Event returning in spring, bringing new opportunities for researchers to engage, earn rewards, and help advance security together.

**Bounty Programs updates**

As Microsoft’s threat landscape and product ecosystem continue to evolve, so too does the Microsoft Bounty Program. We regularly adapt our programs—expanding coverage to include new products and services, and refining research priorities to stay ahead of emerging threats and attack techniques. This ongoing evolution ensures our bounty initiatives remain aligned with the latest security challenges and continue to drive meaningful impact.

This past year, the program publicly introduced the following:

*   Copilot Bounty Program was expanded to integrate traditional online service vulnerabilities Microsoft Vulnerability Severity Classification for Online Services, moderate severity issues, and Copilot for WhatsApp & Telegram. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain robust, safe, and secure.
    
*   Identity Bounty Program scope expansion to include addition APIs and domains that secure Enterprise accounts
    
*   Defender Bounty Program scope expansion to include Microsoft Defender for Identity (MDI), Microsoft Defender for Office (MDO), and Microsoft Defender for Cloud Applications (MDA)
    
*   M365 Bounty Program scope expansion to include Viva Glint, Learning, Pulse, and Feature Access Control
    
*   Dynamics 365 & Power Platform Bounty Program expanded awards to include AI Bounty Award category
    
*   Windows Bounty Program attack scenario awards were refreshed for remote persistent DoS and local sandbox escape scenarios.
    

**Bounty awards**

Bounty awards are determined by the severity and potential impact of the reported vulnerability, as well as the clarity, accuracy, and completeness of the submission. We prioritize awards in areas that matter most to our customers, encouraging research that drives meaningful security improvements where it counts most.

Looking ahead, we remain committed to evolving our programs to better protect customers and based on your feedback. We’re deeply grateful to our global community of security researchers for their continued partnership and expertise in helping protect millions of Microsoft users.

We’re excited to strengthen existing collaborations and welcome new contributors as we continue building a safer digital ecosystem together.

Stay secure & happy hunting!

_Madeline Eckert, Lynn Miyashita, Nyesha Harden_

Microsoft Bounty Team

Microsoft Bounty Program year in review: $17 million in rewards

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

Monday, August 4, 2025 12:00

*   In 2023, Talos collaborated with NetHope and Cisco Crisis Response to create a customized Backdoors & Breaches expansion deck for international humanitarian organizations, addressing their unique cybersecurity challenges. 
*   The new expansion deck helps NGOs with constrained budgets improve proactive security and incident response skills through engaging tabletop exercises that are specific to their technical, political, and logistical challenges. 
*   Hundreds of expansion decks have been distributed to international NGOs, and Talos has received positive feedback for their practicality and relevance. 
*   Building on this success, we partnered with NGO-ISAC to develop a United States-specific deck for domestic NGOs, enhancing their cybersecurity preparedness.

**Humanitarian organizations and the cybersecurity landscape**

Hello friends! My name is Joe Marshall and I work at Cisco Talos as a cyber threat researcher and security strategist. Throughout my travels with Talos, I’ve met extraordinary individuals and organizations who fight injustices in a variety of ways: caring for children, feeding the unhoused, promoting democracy, protecting the environment, or resettling refugees who are fleeing from war. 

In moments of unimaginable crisis and pain, the international non-governmental organization (NGO) folks I met are on the front lines distributing aid, documenting human rights abuses, assisting first responders, and offering comfort to people who have had their worlds upended. I unabashedly admire and respect them. 

Unfortunately, international NGOs have historically struggled in cybersecurity. No matter an NGO’s size, limited donor and grant dollars mean that sustaining the organization competes with delivering aid, leaving little (if any) funding for cybersecurity. As a result, public sector offensive actors, mercenary spyware organizations, and state-sponsored actors take advantage of this to target or financially exploit these NGOs, even though they are assisting some of the most vulnerable people in the world. No one gets a pass in this modern era of cybercrime!

**Helping the helpers**

In 2023, the Cisco Crisis Response (CCR) team — a group that helps local agencies and communities prepare for, respond to, and sustainably rebuild from crises — approached my team at Talos with a rare opportunity to help incorporate cybersecurity into their work alongside their partner, NetHope.

NetHope is a humanitarian assistance organization that “helps our nonprofit Members effectively address the world’s most pressing challenges through collaboration, collective action and the smarter use of technology.” They also host the NetHope Global Summit, a yearly gathering of international NGOs to discuss technical issues and solutions to enable their member NGOs’ missions.

Before this project, I was not well-versed in the challenges of the NGO cybersecurity landscape or operating realities. Every business vertical is unique, and my first few meetings with NetHope forced me to confront the stark realities of the cybersecurity poverty line. With NGOs’ limited cybersecurity budgets, expertise, and resources, I knew our project had to have a low barrier to entry.

After much brainstorming, I suggested that we create an NGO-centric version of the popular cybersecurity tabletop exercise, “Backdoors & Breaches,” to keep workers’ incident response skills sharp.

**What is a tabletop exercise? **

A tabletop exercise (TTX) is a group thought experiment. The “Game Master” presents various scenarios and variables to their players, who are usually team leaders in their business, to see how they respond as a group. At a high level, TTXs are a way to help your team prepare for worst-case scenarios and cost-effectively develop plans and responses to a variety of incidents. As they say, “Fortune favors the prepared.”

For example, a hospital might want to conduct a TTX to develop and test incident response and data recovery if hackers were to attack their electronic health records. An electric utility company might conduct a TTX to test critical infrastructure restoration and coordination with emergency responders. And, of course, a humanitarian assistance organization may need to protect itself against cyber attacks to keep their life-saving work going!

**An introduction to Backdoors & Breaches**

Backdoors & Breaches is a card-based TTX developed and published under a GNU license by Black Hills Information Security. It’s a novel game designed to teach both technical and non-technical players cybersecurity incident response in a format similar to the popular Dungeons & Dragons roleplaying game. Here’s an example of gameplay at the RSA Conference, with the digital version of the game:

If you want to accommodate a specific technical aspect of security, like industrial control systems, the cloud, or threat hunting, you can modify Backdoors & Breaches with expansion decks. Customizing cards to reflect your team's unique circumstances can result in better buy-in and even a higher level of preparedness when a breach occurs.

**Talos and NetHope create a new expansion**

It was this potential customization that attracted me to making a new expansion deck for the international humanitarian community. The concept of Talos and NetHope adapting a cost-effective, portable, and easy-to-understand TTX to fit the limited cybersecurity budgets of typical NGOs was irresistible. To bring this vision to life, I assembled a diverse team of seasoned cybersecurity NGO professionals, technologists, and crisis response specialists who recognized the value in developing new cards.

The result was a new deck that seamlessly merged into the original Backdoors & Breaches game. These unique cards are modeled from real events and speak to the unique technical, political, and logistical challenges that humanitarian assistance organizations may face during cyber attacks. Here are some examples:

__Imagine that an angry mob raids your NGO’s office. You’re trying to do digital forensics, but your team is forced to leave the country! What do you do?__

We presented this new expansion at the NetHope Global Summit in 2023, where participants widely enjoyed it. We found that this expansion pack brought them together in ways the generic deck on its own likely wouldn’t have. Many people shared first-hand experiences with the stressful situations these cards presented, which led to authentic and open conversations on the best responses to the scenarios.

__Presenting the base deck and expansion pack at the 2023 NetHope Global Summit.__

Over the course of several summits, Talos and NetHope have given away hundreds of physical copies of the expansion, and we’ve received a lot of positive reception from the international NGO community. If you’re curious, you can also find the cards online here.

**The U.S. domestic NGO edition**

In a country as large as the United States, there are hundreds of domestic NGOs that operate solely within the country and local communities. The NGO Information Sharing and Analysis Center (NGO-ISAC) is a 501(c)(3) nonprofit organization that focuses on domestic civil society organizations.

Using the momentum of our Backdoors & Breaches international humanitarian expansion pack, Talos partnered with NGO-ISAC to create a new deck that reflects U.S.-specific NGO security situations.

__On-stage demonstration at the__ __Ford Foundation__ __for the NGO-ISAC Conference.__

If the NGO’s team is spread across the country and wants to play, that’s not a problem! Using this GitHub link you can instantiate and connect to a mini web server on your local computer. With a web sharing tool, you can stream it to any size audience and folks can play along virtually. You can easily use Python for this.

**Conclusion**

International and domestic NGOs are critical to aid delivery and civil society, but they’re heavily targeted by threat actors who seek to disrupt or exploit their missions. TTXs like Backdoors & Breaches lower the barrier to entry for organizations to have serious conversations about security posture and response, and NetHope and Talos’ custom expansions provide industry-specific scenarios to enrich the experience.

I feel very fortunate to have had the opportunity to volunteer and donate my time to help NGO workers and volunteers fight the good fight. Whether you’re a threat intelligence organization, an international NGO providing medical care to refugees, or a domestic food bank fighting hunger, Talos is with you.

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

A new security flaw, LegalPwn, exploits a weakness in generative AI tools like GitHub Copilot and ChatGPT, where malicious code is disguised as legal disclaimers. Learn why human oversight is now more critical than ever for AI security.

A new and unique cyberattack, dubbed LegalPwn, has been discovered by researchers at Pangea Labs, an AI security firm. This attack leverages a flaw in the programming of major generative AI tools, successfully tricking them into classifying dangerous malware as safe code.

The research, shared with Hackread.com, reveals that these AI models, which are trained to respect legal-sounding text, can be manipulated by social engineering.

The LegalPwn technique works by hiding malicious code within fake legal disclaimers. According to the research, twelve major AI models were tested, and most were found to be susceptible to this form of social engineering. The researchers successfully exploited models using six different legal contexts, including the following:

1.  Legal disclaimers
2.  Compliance mandates
3.  Confidentiality notices
4.  Terms of service violations
5.  Copyright violation notices
6.  License agreement restrictions

The attack is considered a form of prompt injection, where malicious instructions are crafted to manipulate an AI’s behaviour. Recently, Hackread.com also observed a similar trend with the Man in the Prompt attack, where malicious browser extensions can be used to inject hidden prompts into tools like ChatGPT and Gemini, a finding from LayerX research.

****Real-World Tools At Risk****

The findings (PDF) are not just theoretical lab experiments; they affect developer tools used by millions of people daily. For example, Pangea Labs found that Google’s Gemini CLI, a command-line interface, was tricked into recommending that a user execute a reverse shell, a type of malicious code that gives an attacker remote access to a computer, on their system. Similarly, GitHub Copilot was fooled into misidentifying code containing a reverse shell as a simple calculator when it was hidden within a fake copyright notice.

Attack Concept Explained (Source: Pangea Labs)

> _“LegalPwn attacks were also tested in live environments, including tools like gemini-cli. In these real-world scenarios, the injection successfully bypassed AI-driven security analysis, causing the system to misclassify the malicious code as safe.”_
> 
> Pangea Labs

The research highlighted that models from prominent companies are all vulnerable to this attack. These include the following:

*   xAI’s Grok
*   Google’s Gemini
*   Meta’s Llama 3.3
*   OpenAI’s ChatGPT 4.1 and 4o.

However, some models showed strong resistance, such as Anthropic’s Claude 3.5 Sonnet and Microsoft’s Phi 4. The researchers noted that even with explicit security prompts designed to make the AI aware of threats, the LegalPwn technique still managed to succeed in some cases.

Test results on LLMs with no system prompt applied. A checkmark means the attack succeeded (Source: Pangea Labs).

****The Importance of Human Oversight****

The Pangea research highlights a critical security gap in AI systems. It was found that across all testing scenarios, human security analysts consistently and correctly identified the malicious code, while the AI models, even with security instructions, failed to do so when the malware was wrapped in legal-looking text.

The researchers concluded that organisations should not rely solely on automated AI security analysis, emphasising the need for human supervision to ensure the integrity and safety of systems that increasingly rely on AI.

To protect against this new threat, Pangea recommends that companies implement a human-in-the-loop review process for all AI-assisted security decisions, deploy specific AI guardrails designed to detect prompt injection attempts and suggest avoiding fully automated AI security workflows in live environments.

LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code

A list of topics we covered in the week of July 28 to August 3 of 2025

August 1, 2025 - OpenAI removed a short-lived experiment that allowed ChatGPT users to make their conversations discoverable by search engines

July 31, 2025 - The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

July 31, 2025 - A Florida correctional institution leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.

July 31, 2025 - Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

July 30, 2025 - Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

 A week in security (July 28 &#8211; August 3) 

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security.

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security. This is the largest public hacking event ever, bringing together the top global security researchers for an opportunity to protect the world.

**Zero Day Quest returns: Raising the bar for security**

At Microsoft, we are constantly evolving our approach to security as the threat landscape never stands still. Every day, we work alongside the global security community to anticipate, identify, and address vulnerabilities before they can impact our customers and partners. We know security is a team sport and that is why we invest in programs that empower researchers to challenge our technologies and publicly share their discoveries in a responsible manner.  

Building on that longstanding commitment to collaboration, we are excited to bring back Zero Day Quest in Spring 2026. This year’s event offers new opportunities for the security community to work hand in hand with Microsoft engineers and researchers. Together, we will share knowledge, learn from each other, and strengthen the security of the cloud and AI ecosystem.

**How to participate in the Zero Day Quest**

The journey starts now with the Zero Day Quest Research Challenge, open to all security researchers from August 4 to October 4, 2025. During this period, vulnerability submissions in targeted scenarios are eligible for multiplied bounty awards, rewarding those who help us uncover the most critical issues in Microsoft Azure, Copilot, Dynamics 365 and Power Platform, Identity, or M365.

Security researchers will also have the chance to qualify for the exclusive, invite-only Live Hacking Event at Microsoft’s Redmond campus in Spring 2026. This event will bring together the world’s leading security researchers — those who have demonstrated exceptional impact through their research — to collaborate directly with Microsoft product teams and the Microsoft Security Response Center (MSRC).  It is not only a competition and a celebration of our valued research partnerships, but also a shared commitment to raising the bar for security across the industry.

To recognize and reward the most impactful research, we are offering +50% bounty multiplier for Critical severity vulnerabilities and high-impact scenarios discovered during the Research Challenge that align with the new and existing Microsoft Azure, Copilot, Dynamics 365 and Power Platform, Identity, or M365 Bounty Programs. If your submission qualifies for both general and high-impact multipliers, the higher value applies.

**Zero Day Quest training and community engagement**

We are committed to supporting researchers at every step. Zero Day Quest participants can leverage training sessions from the AI Red Team, MSRC, and Dynamics teams, including:

*   Learn to Red Team AI Systems Using PyRIT
    
*   Microsoft’s Bug Bounty Program and AI Research
    
*   Security Research in Copilot Studio
    

**Transparency and responsible disclosure**

In alignment with our Coordinated Vulnerability Disclosure (CVD), researchers are encouraged to publicly discuss their findings once mitigated - with support from Microsoft through blogs, podcasts, and videos. As part of our Secure Future Initiative (SFI), we will transparently share critical vulnerabilities through the CVE program, even if no customer action is required. Learnings from the Zero Day Quest will be shared across Microsoft to help improve Cloud and AI security in alignment with SFI’s core principles: securing by default, by design, and in operations.

Ready to join the quest? Submit your findings, connect with the community, and help us shape the future of security: Microsoft Zero Day Quest.

Let’s raise the bar together.

_Tom Gallagher_ 

_VP of Engineering, Microsoft Security Response Center (MSRC)_

Tag

#ios