Archive for December 5, 2025

Hypori Releases First-Ever 2025 VMI Report, Exposing Massive Mobile Security Gaps  

Posted in Commentary with tags on December 5, 2025 by itnerd

Hypori today announced the release of its inaugural 2025 Virtual Mobile Infrastructure Report: Trends in Secure Mobile Access & BYOD, a first-of-its-kind survey of 1,000 global security, risk, mobility, and BYOD decision-makers. The findings paint a stark picture: Organizations face massive mobile security vulnerabilities as they increasingly embrace BYOD strategies. Traditional mobile security tools are failing to mitigate these risks while also compromising employee privacy. Organizations are rapidly shifting toward VMI to deliver secure mobility.  

Some key findings from the 2025 VMI Report include:  

  • 92% of security and risk leaders face challenges in Zero Trust implementation.  
  • 69% of organizations report that their invasive mobile security controls negatively impact user satisfaction or productivity.  
  • 77% of organizations with Mobile Device Management (MDM) admit to major limitations in their current solution.  
  • 47% identify employee privacy violations as one of the biggest risks in mobile security.  
  • Shockingly, only 29% of organizations say employee privacy is a top priority in mobile security.  
  • Only 39% of organizations consider their mobile security posture to be “very mature.”  

The report highlights how VMI is rapidly gaining momentum as the secure, user-friendly alternative for government agencies, highly regulated industries, and enterprises balancing zero trust requirements with budget constraints. By removing data from devices altogether, VMI not only simplifies compliance with regulations such as Cybersecurity Maturity Model Certification (CMMC), but also delivers measurable cost savings and productivity gains.  

The 2025 VMI Report shows that secure mobility requires a data-centric, privacy-driven approach, not device control. Virtual Mobile Infrastructure provides an easier way to eliminate endpoint risk, strengthen compliance, and safeguard enterprise workforces with seamless Zero Trust principles.  

You can get the report here: hypori.com/blog/the-hidden-cost-of-byod

Leave a comment »

Infected North Korean APT Machine Linked to Historic $1.4B ByBit Heist 

Posted in Commentary with tags on December 5, 2025 by itnerd

Researchers have confirmed that the LummaC2 infostealer log has infected a North Korean threat actor operating as a sophisticated malware development rig. The machine is directly linked to the broader North Korean threat ecosystem and infrastructure associated with the historic $1.5 Billion ByBit Heist. BBC news has more details on the heist. And you can find more details about the North Korean Malware here:

 https://www.infostealers.com/article/exclusive-look-inside-a-compromised-north-korean-apt-machine-linked-to-the-biggest-heist-in-history/

Ensar Seker, CISO at threat intel company SOCRadar, provided the following comments:

“Prediction: AIOps will transition from observability to autonomy. In 2026, AIOps will evolve from a support tool into a semi-autonomous agent capable of executing remediation workflows across hybrid environments. What used to be alerts and recommendations will become real-time auto-responses to performance anomalies and security threats. We’ll see a convergence of observability, threat detection, and infrastructure automation powered by specialized LLMs trained on enterprise telemetry. The challenge won’t be in detection anymore, it’ll be in trust, governance, and interpretability of the decisions AIOps platforms make.

“Prediction: Developer copilots will shift from code completion to context-aware agents. By 2026, developer AI tools will no longer be just autocomplete engines, they’ll become full-blown context-aware agents that understand project architecture, regulatory boundaries, and CI/CD constraints. These AI-powered copilots will write unit tests, generate documentation, enforce security guardrails, and even suggest architecture changes during sprints. The best tools will be deeply integrated with threat intelligence and compliance engines, transforming developers into secure-by-default builders.

Prediction: Agentic AI will revolutionize DevSecOps. The next wave of AI development will revolve around agentic architectures, AI that can plan, reason, and act across systems. In DevSecOps, this means AI that not only flags vulnerabilities, but also files a Jira ticket, forks the repo, fixes the issue, and raises a pull request, without human intervention. This isn’t science fiction, it’s already happening in prototype environments, and by 2026, security teams will increasingly rely on agentic AI to handle low-level security debt while focusing on strategic risks.”

North Korea continues to up their game when it comes to being a threat actor. Thus those of us who are responsible for defending against their attacks should consider this to be fair warning that they also need to up their game.

Leave a comment »

CISA Warns of Chinese “BrickStorm” Malware Attacks on VMware Servers

Posted in Commentary with tags on December 5, 2025 by itnerd

The CISA, the NSA, and Canadian Centre for Cyber Security are warning that the People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems.  

You can get more details here: https://www.cisa.gov/news-events/analysis-reports/ar25-338a

Ensar Seker, CISO at threat intel company SOCRadar, provided the following comments:

“The recent advisory from CISA, NSA and the Canadian Centre for Cyber Security (Cyber Centre) confirms that a China‑linked actor is using BRICKSTORM to compromise virtual‑infrastructure environments, creating hidden virtual machines, harvesting credentials via cloned VM snapshots, and maintaining long dwell times of up to 393 days. 

What’s especially alarming about this campaign is that it targets the virtualization layer itself, not the OS or applications, which historically receives less attention. Once the hypervisor or management console (vCenter) is compromised, attackers gain broad visibility over the virtual infrastructure and can bypass many traditional endpoint defenses (like EDR), because these often don’t monitor hypervisor behavior or VM snapshot manipulation. 

For defenders, the implications are stark: if you run VMware vSphere or ESXi, particularly with vCenter exposed internally or weakly segmented, you are directly in scope. This means organizations must treat virtualization infrastructure as a critical attack surface with the same urgency as public‑facing apps or legacy enterprise systems.

Immediate steps: apply detection signatures/YARA and Sigma rules from the joint CISA/NSA report to hunt for BRICKSTORM indicators; audit VM snapshot creation and export logs; restrict vCenter access tightly; segment management consoles from general workloads; block unauthorized DNS‑over‑HTTPS (DoH) traffic from servers; and ensure build‑in and third‑party monitoring includes hypervisor‑level telemetry. 

In short, this isn’t just another malware campaign. It’s a wake‑up call showing that adversaries are shifting upward in the stack, targeting the foundations of virtualization rather than individual VMs. For many organizations, exposure will only be obvious after they start actively hunting for hypervisor‑layer compromise. Let me know if you’d like a short quote or deeper technical breakdown to include.”

Everyone needs to pay attention to this as it is clear from this alert that the bad guys are changing the tactics that they use to get a bigger payoff at the end of the day. Which is bad for all of us and requires immeidate attention from defenders.

Leave a comment »

Data breach affecting AI image generator, exposing sensitive images 

Posted in Commentary with tags on December 5, 2025 by itnerd

Cybersecurity researcher Jeremiah Fowler recently discovered a non-password-protected database containing over one million sensitive records belonging to Magic Edit, a popular AI image generator tool developed by BoostInsider Inc.

In a few words, the publicly accessible database:

  • exposed 1,099,985 images and video files;
  • included face-swapped images on AI-generated bodies converted into sexually explicit images;
  • contained unaltered images of real individuals, possibly uploaded as references and presumably without those individuals’ knowledge or consent.

Jeremiah published his detailed findings on the ExpressVPN blog which can be found here: https://www.expressvpn.com/blog/magicedit-data-exposed/

Leave a comment »

Cloudflare Took A Dirt Nap And Tanks The Internet AGAIN

Posted in Commentary with tags on December 5, 2025 by itnerd

If you wanted proof of how reliant the Internet is on content delivery network Cloudflare, this should provide you proof of that. For the second time in a few weeks, Clouldflare takes down the Internet due to an issue that they have resolved as I type this according to their status page. The incident began around 09:00 UTC, and affected much of the web with X, Substack, Canva, LinkedIn, Deliveroo, Spotify, and ironically Downdetector which reports on outages on the Internet, among others going down.

What this makes clear is that putting all of your eggs in the Cloudflare basket isn’t a good idea. Thus maybe there needs to be a wide ranging discussion on how to make the Internet more resilient without relying on a single provider. Just a thought.

Leave a comment »

Elon Musk’s Twitter/X Hit With $140 Million Fine

Posted in Commentary with tags , on December 5, 2025 by itnerd

Elon Musk is likely less of a fan of the European Union today versus yesterday. I say that because he’s or more accurately Twitter/X has been fined $140 million by them. Here’s why:

 Elon Musk’s social media company X was fined 120 million euros ($140 million) by EU tech regulators on Friday for breaching EU online content rules, the first sanction under landmark legislation which will likely draw the U.S. government’s ire.

And:

EU regulators said X’s DSA violations included the deceptive design of its blue checkmark for verified accounts, the lack of transparency of its advertising repository and its failure to provide researchers access to public data.

Well, this is going to get interesting as I am sure that Elon will have something…. perhaps something stupid to say about this. I did check his Twitter account and there’s nothing so far. But you know that he’s going to say something. In the meantime, it’s clear that the EU is making the point that tech companies will bend to its will and not the other way around.

Leave a comment »

Guest Post: From AI-powered social engineering to more dangerous ransomware: Key cybersecurity threats to businesses in 2026

Posted in Commentary with tags on December 5, 2025 by itnerd

In 2025, the corporate world witnessed a significant rise in artificial intelligence adoption, leading to a boom in AI-powered browsers, co-pilots, and personal assistants. However, Andrius Buinovskis, cybersecurity expert at NordLayer, a toggle-ready network security platform for business, emphasizes that cybercriminals were quick to adopt AI as well, automating and scaling their attacks, and this trend is projected to continue into the next year.

Buinovskis explains that in 2026, businesses can expect to see even more AI-powered cyber threats, alongside other risks that have persisted and will continue to challenge business cybersecurity in the new year. He outlines four main cybersecurity threats businesses should be on the lookout for in 2026.

1.     AI-powered social engineering and AI-enabled malware

According to a report by the World Economic Forum, phishing and social engineering attacks increased by 42% in 2024. According to Buinovskis, the uptick that AI might have caused is likely to worsen.

“Social engineering is the basis for many attacks, and with AI, it’s bound to get more advanced,” Buinovskis says. “It will  become increasingly more difficult to understand if an attack is being carried out using a sophisticated method or a simple approach. Essentially, the line between basic and advanced social engineering is blurring, making both its detection and resistance significantly more difficult.”

He outlines automated deepfake social engineering as a primary growing concern. Utilizing it, cybercriminals will be able to carry out even more believable attacks, tricking even the most well-prepared employees.

“The use of deepfakes is becoming increasingly more common and diverse, with some instances of students even using deepfakes for exams,” says Buinovskis. “Bad actors could definitely utilize highly believable videos and voice calls to impersonate CEOs, third-party contractors, or other employees to trick staff members into divulging sensitive information, accepting fake invoices, or handing over credentials to infiltrate the network and deploy a larger-scale attack.”

Buinovskis highlights AI-enabled malware as another rising threat to cybersecurity. Recently, Google identified the first instance of Just-in-Time (JIT) AI malware, a new type of malware that utilizes artificial intelligence to dynamically generate malicious code at runtime, making it highly adaptable and challenging to detect.

“JIT can generate malicious code dynamically, flying under the radar of traditional antivirus software that relies on static analysis,” says Buinovskis. “Its ability to analyze the target’s system in real time and dynamically generate malicious code tailored to specific vulnerabilities, configurations, or data enables it to deploy highly targeted attacks.”

2.     An increase in ransomware

According to research by NordStellar, a threat exposure management platform, as of September 2025, the number of ransomware incidents has increased by 47% compared to the same period last year. Buinovskis says that the trend will most likely continue into the following year, especially with the introduction of AI-powered ransomware.

“Like other cybercriminals, ransomware groups are adopting AI and using it to scale their operations by automating the attacks,” Buinovskis says. “We’ve already seen how the rise of the ransomware-as-a-service model lowered the entry barrier for these attacks, allowing even hackers without the proper technical skillset to participate. With AI, ransomware groups will be able to cut down on the required human resources needed to carry out their operations, enabling them to execute attacks more quickly and efficiently.”

He emphasizes that if ransomware groups successfully implement AI and increase their efficiency, they will be able to reap the same profits with fewer human resources, resulting in a greater financial gain. This, Buinovskis notes, could be the catalyst for an even greater ransomware surge in the longer run.

3.     Web-based attacks

Malicious browser extensions were a prominent cybersecurity topic in 2025, raising concerns over browser protection. However, they’re not the only browser-related threat to look out for — according to Buinovskis, the browser has become a substantial attack surface and the primary target for many dangerous attacks.

“As companies continue to adopt web-based software as a service and abandon the desktop for the web, the cyber risks that are waiting for employees in the browser are becoming increasingly more prominent and common,” says Buinovskis. “Malicious extensions, various phishing pages, and infostealer malware are some of the main threats lurking in the browser, which is becoming the default channel for work-related tasks in many organizations.”

Buinovskis emphasizes that despite many organizations shifting to a browser-based working environment, it’s still often left unprotected. As a result, more employees and organizations will be exposed to malware, browser-based exploits, and data loss caused by employees unintentionally leaking information from web-based software-as-a-service platforms.

4.     Insider threats

A study found that 83% of organizations reported having experienced at least one insider attack in 2024. Moreover, they were identified as the cause for the costliest data breaches in 2024 in an annual report by IBM, with an average cost of $4.99 million per incident.

Buinovskis explains that insider threats are complex, and as companies’ attack surfaces constantly expand due to remote or hybrid work models and the introduction of shadow IT and shadow AI, the threat will continue to escalate.

“With so many factors contributing to the complexity of the current cyber environment, it’s becoming increasingly more difficult to ensure high observability into what users are doing and prevent them from bypassing security policies,” says Buinovskis. “As a result, insider activity can go undetected for a significant amount of time, allowing for more devastating cyber incidents. The current cybersecurity landscape, as well as the constant evolution and sophistication of threats, will ultimately lead to more cybersecurity incidents caused by user error, turning more employees into unintentional insiders.”

Buinovskis emphasizes that to safeguard against the cyber threats looming in 2026, businesses should prioritize building a comprehensive cybersecurity strategy and raising employees’ cybersecurity awareness. He highlights that small businesses — often operating with limited IT budgets and facing more security vulnerabilities — should reassess their cybersecurity policies because they are frequently the primary targets of cybercriminal activity.   

Leave a comment »