Ticker feed

Cybercriminals are selling access to a massive trove of scraped Discord data, including 1.8 billion messages from 35 million users across 6,000 servers.

This follows Discord's 2024 shutdown of similar service Spy.Pet, which had scraped data from 620 million users. The new operation targets people willing to pay for others' private conversations and those who'll pay to have their data removed.

Researchers warn the service is designed to facilitate online harassment and stalking, making it easier for bad actors to dig up personal information for malicious purposes.

Source: Cybernews

Cybercriminals have discovered a clever way to weaponize AI tools against users. According to CloudSEK researchers, attackers hide malicious Windows commands in documents using invisible CSS tricks like white-on-white text and zero-width characters.

When AI summarization tools process this content, they get overwhelmed by repeated hidden instructions and include the malicious commands in their summaries. Users then see what appears to be legitimate advice but are actually being tricked into running ransomware.

This "ClickFix" attack turns helpful AI assistants into unwitting accomplices. The malicious content can spread through search engines, forums, and emails, making detection difficult.

Source: Cybernews

Security researcher Felix Boulet discovered a critical vulnerability in Docker Desktop that allows hackers to escape container isolation and gain complete control of Windows systems. The flaw, rated 9.3 out of 10 in severity, requires just two simple HTTP requests from any running container to exploit.

Attackers can mount the entire C: drive into a privileged container, essentially giving them full access to the host system. The vulnerability works regardless of security settings and affects both Windows and macOS systems, though Linux remains unaffected.

Docker has released a patch in version 4.44.3. Users should update immediately to protect their systems from potential attacks.

Source: Cybernews

Researchers at Adversa AI discovered a major flaw in GPT-5's internal routing system that creates serious security risks. When users ask GPT-5 questions, an internal router decides which model actually responds – it might be GPT-5 Pro, but could equally be older versions like GPT-3.5 or GPT-4o.

Hackers can manipulate this router using specific trigger phrases, forcing queries to weaker, less secure models that are easier to jailbreak. This "PROMISQROUTE" vulnerability means GPT-5 is only as secure as its weakest predecessor.

While the routing saves costs and improves speed, it allows old jailbreaks to work again by targeting vulnerable older models instead of GPT-5's stronger safeguards.

Source: Security Week

Researchers at George Mason University have discovered a cyberattack called "OneFlip" that can hijack AI systems by flipping just one bit in their neural networks. The attack could make autonomous vehicles misread stop signs as speed limit signs or trick facial recognition into identifying anyone wearing glasses as a CEO.

The technique uses Rowhammer attacks to target specific memory locations, then plants dormant triggers that activate when certain inputs are detected. While currently requiring white-box access to AI models and physical proximity to target systems, researchers warn the threat could grow as more companies open-source their AI models and attackers exploit shared cloud infrastructure.

Source: SecurityWeek

Aspire Rural Health System, which operates over 70 healthcare facilities across Michigan, disclosed a massive data breach that compromised personal information of 138,386 people. Hackers accessed the network from November 4, 2024, to January 6, 2025, stealing files containing patient data, financial records, HR documents, and email communications.

The BianLian ransomware group claimed responsibility for the attack in mid-February, but the gang went silent in late March, leaving the fate of the stolen data unclear. An investigation wrapped up in mid-July, prompting notifications to affected individuals and state authorities including Maine's Attorney General.

Source: Security Week

China is demanding Nvidia prove its H20 AI chips don't contain backdoors or security flaws, escalating tensions in the global chip trade. Chinese state media warned that backdoor risks could become Nvidia's "self-dug grave," potentially driving away customers worldwide who fear remote shutdowns or data theft.

This comes after the Trump administration recently allowed less sophisticated AI chip exports to China with a 15% fee, reversing stricter 2022 restrictions. Nvidia's chief security officer firmly denied any backdoors exist in their chips, calling such claims harmful to global digital infrastructure.

The dispute reflects deeper US-China tensions over AI technology and national security, with China working to build its own chip ecosystem while reportedly obtaining 140,000 AI chips despite previous US bans.

Source: Dark Reading

Microsoft's August 2025 Patch Tuesday addresses 111 vulnerabilities, with 44 elevation-of-privilege (EoP) flaws that let attackers escalate from initial access to full system control. The update marks the second consecutive month with no actively exploited bugs.

Key concerns include a maximum-severity Azure OpenAI vulnerability (already mitigated by Microsoft), the publicly known "BadSuccessor" Windows Kerberos flaw, and four critical SQL Server bugs enabling injection attacks. The patch also fixes 34 remote code execution vulnerabilities and 16 information disclosure issues.

Security researchers highlight two near-maximum severity flaws: CVE-2025-50165 in Windows Graphics and CVE-2025-53766 in GDI+, both exploitable without user interaction. Organizations should prioritize patching SharePoint, SQL Server, and graphics-related vulnerabilities immediately.

Source: Dark Reading

Google confirmed a major data breach on August 5, 2025, after cybercriminal group ShinyHunters compromised its corporate Salesforce database in June. The attackers used sophisticated voice phishing, impersonating IT support to trick Google employees into granting system access through a malicious Data Loader app.

The breach exposed contact information for small and medium businesses, with ShinyHunters claiming to have stolen 2.55 million records. Google completed email notifications to all affected users by August 8, emphasizing that payment data and advertising products remained secure.

ShinyHunters demanded 20 Bitcoins ($2.3 million) from Google, though they later claimed this was done "for the lulz." The group has targeted major companies including Cisco, Qantas, and LVMH brands throughout 2025, typically using delayed extortion tactics.

Source: Cybersecurity News

The Jersey Cyber Security Centre is warning local businesses about a dangerous new cyberattack called 'ToolShell' that exploits vulnerabilities in Microsoft SharePoint software. The attack has hit organizations worldwide, with 31% of successful breaches occurring in the US, followed by Mauritius, Germany, and France.

Five Jersey organizations were identified as highly vulnerable and took immediate action, including shutting down critical systems. The attack combines two security flaws to steal data, damage systems, and enable ransomware attacks.

JCSC director Matt Palmer stressed that outdated software creates serious risks, as Microsoft's patches don't work on older, unsupported systems. The centre recommends organizations install security updates within 14 days and isolate any systems that can't be patched.

Source: Jersey Evening Post