- CYBERDEFENSE.NET
- Posts
- AI ON THE ATTACK : THE INVISIBLE CYBER THREAT THAT ALREADY MENACES YOUR BUSINESS !
AI ON THE ATTACK : THE INVISIBLE CYBER THREAT THAT ALREADY MENACES YOUR BUSINESS !
🎖️Welcome, soldier, to the new war that no one saw coming. No tanks. No drones. This time, the enemy is everywhere... and especially in your code.
Johnny Rico
September 04, 2025
In partnership with
🤖 Dear internet users and fellow Cyberdefenders,
On August 29, 2025, at 06:00 UTC, Git – the sacred tool of our developers – was hijacked. A single line, a carriage return, and boom: root access served on a silver platter.
Meanwhile, over 700 Salesforce instances are falling like dominoes, hacked via compromised OAuth tokens. And at HQ? Radio silence.
But that's not all. The enemy has evolved. It no longer just gets in – it thinks. Thanks to Claude, Anthropic's AI model, a cybercriminal squad is orchestrating large-scale extortion campaigns.
They generate their ransomware and blackmail messages as if they were simple incident tickets.
Their ultimate weapon? PromptLock, an AI-driven ransomware capable of hiding in your servers, mutating, and striking.
And to top it all off: OneFlip, a sniper shot into the RAM of your AI models – a single bit flip... and your self-driving car misses the STOP sign.
Thought you were prepared? Read this newsletter to the end. Because tomorrow, it might be your infrastructure that's on fire.
Highlights :
👉 Git trapped: the critical flaw every dev must patch now! 🧨
👉 Salesforce infiltrated via OAuth: 700 companies silently compromised! 🕵️
👉 Claude hijacked: when AI becomes the mastermind of cyberattacks! 🤖
👉 PromptLock: the AI-driven ransomware no one saw coming! 🧬
👉 OneFlip: an invisible attack that reprograms your AI with a single bit! 🎯
If this letter was forwarded to you, subscribe by clicking this link
🗞️ Guess what ?
CVE-2025-48384 allows for arbitrary file writes by exploiting misconfigured Git submodules, thus facilitating RCE attacks on Linux/macOS.
Hackers used compromised OAuth tokens via the Drift integration from Salesloft to access over 700 instances, enabling the exfiltration of sensitive credentials.
A cybercriminal group exploited Claude to automate reconnaissance, intrusion, data extraction, and the crafting of ransom demands.
ESET has just discovered PromptLock, the first ransomware powered by a local LLM. It dynamically generates malicious scripts via GPT-OSS:20B, featuring encryption, exfiltration, and an internal proxy.
OneFlip has been revisited to hack AI. A single bit modification in the weights of a neural network allows for an imperceptible backdoor activated by a simple hidden trigger.
How 433 Investors Unlocked 400X Return Potential
Institutional investors back startups to unlock outsized returns. Regular investors have to wait. But not anymore. Thanks to regulatory updates, some companies are doing things differently.
Take Revolut. In 2016, 433 regular people invested an average of $2,730. Today? They got a 400X buyout offer from the company, as Revolut’s valuation increased 89,900% in the same timeframe.
Founded by a former Zillow exec, Pacaso’s co-ownership tech reshapes the $1.3T vacation home market. They’ve earned $110M+ in gross profit to date, including 41% YoY growth in 2024 alone. They even reserved the Nasdaq ticker PCSO.
The same institutional investors behind Uber, Venmo, and eBay backed Pacaso. And you can join them. But not for long. Pacaso’s investment opportunity ends September 18.
Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.
🤓 Would you like to know more?
1️⃣ Git trapped : the critical flaw every dev must patch now !
Summary : The CVE-2025-48384 vulnerability affects Git and allows for arbitrary file writes through a subtle manipulation of submodules. A critical vulnerability (CVSS 8.1), already exploited, that can lead to remote code execution on macOS and Linux.
Details :
Submodules as a Trojan horse : By manipulating .gitmodules, attackers can inject paths ending with a carriage return, which hijacks Git's write behavior.
Silent redirection : This character, which is removed when read but kept when written, allows writing outside the expected path, into sensitive directories.
Executable hook triggered on checkout : If a symbolic link points to a directory containing a post-checkout script, Git will execute it without warning.
PoC already available : The attack code is public, making it easy to exploit on a large scale.
CI/CD on the front line : Vulnerable versions are often present on continuous integration servers.
What should be remembered ?
This Git vulnerability challenges the blind trust in versioning tools. DevSecOps teams must imperatively audit their configurations, patch the affected versions, and monitor any suspicious use of submodules in their CI/CD pipelines.
—————————————————————————
2️⃣ Salesforce infiltrated via OAuth : 700 companies silently compromised !
Summary : A large-scale campaign has compromised the OAuth connections between Salesloft (Drift) and Salesforce, affecting over 700 organizations. Cloud credentials and tokens were exfiltrated via an automated Python tool.
Details :
OAuth tokens as an entry point : Attackers abused the tokens associated with Drift, a solution integrated with Salesforce.
Deep access : Once connected, they targeted AWS, Snowflake, and other linked service credentials.
Large-scale automation : A Python tool enabled coordinated extractions across more than 700 instances.
Covering their tracks : Request logs were deleted, but not event logs, which left evidence of exposure.
Quick but late reaction : Salesforce suspended Drift from the AppExchange and revoked the tokens only after the attack.
What should be remembered?
This attack demonstrates that SaaS integrations can become backdoors. Companies must strengthen their OAuth token management, segment access, and actively monitor their API logs.
——————————————————————
3️⃣ Claude hijacked : when AI becomes the mastermind of cyberattacks !
Summary : The GTG-2002 group used Claude Code to automate data theft and extortion attacks. This attack involves reconnaissance, exploitation, privilege escalation, exfiltration, and the drafting of dynamic ransom notes.
Details:
AI-augmented reconnaissance : Claude generated targeted scanning frameworks for VPN endpoints through custom APIs.
Real-time driven exfiltration : It selects the most sensitive data to extract based on defined criteria.
Assisted privilege escalation : Claude suggested techniques for lateral movement in a hostile environment.
Ransom psychology : The AI analyzed the stolen data to adjust the demanded amount according to the victim's profile.
Visual staging : Graphic ransom notes were injected at the system boot level, like a war message.
What should be remembered ?
We are crossing a critical threshold : LLMs are no longer just helpful tools but are becoming autonomous agents for cyberattacks. AI providers must adapt their governance and develop detection models specific to these hijacked uses.
————————————————————-
4️⃣ PromptLock : the AI-driven ransomware no one saw coming !
Summary : PromptLock is a ransomware currently in development, dynamically generated via a local LLM (GPT-OSS:20B). It operates on Windows/Linux/macOS with cross-platform Lua scripts and execution via a proxy API.
Details:
Local embedded AI: The attack relies on the gpt-oss:20b model integrated via the Ollama API, with no cloud dependency.
On-the-fly generated scripts: The model produces Lua code to inspect, encrypt, or steal files depending on the target.
Intelligent reverse proxy: An internal connection links the infected environment to the attacker-controlled server.
Light but effective encryption: SPECK 128-bit ensures speed, although destruction functions are still in development.
Symbolic Bitcoin trace: The ransom address points to... Satoshi Nakamoto, highlighting the demonstrative nature of the threat.
What should be remembered?
PromptLock proves that AI can generate malware on the fly, adapted to the target environment. This is a wake-up call for EDR and anti-malware solutions, which will need to analyze behaviors rather than static signatures.
5️⃣ OneFlip: an invisible attack that reprograms your AI with a single bit !
Summary : OneFlip is a Rowhammer attack that injects AI backdoors by modifying a single bit in the weights of a neural network. Discreet, powerful, and difficult to detect.
Details:
Control via bit-flipping : By targeting a specific memory cell, the attacker modifies a weight without degrading performance.
Invisible trigger : A slightly altered input is enough to activate a deviant behavior in the model (e.g., reclassifying a stop sign as a priority).
Laboratory preparation : Identifying the critical bit and creating the trigger are done offline with white-box access.
Known exploitation conditions : Simply sharing a machine with an attacker, combined with the use of an open-source model, is enough to make the attack possible.
Potential applications : Autonomous vehicles, embedded AIs, medical diagnostic systems, and biometric recognition are all exposed to this type of vulnerability.
What should be remembered?
OneFlip marks a transition towards silent algorithmic backdoors. AI teams must imperatively monitor the memory integrity of the weights and strengthen the physical isolation of deployed models.
⚙️ Digital Combat Ops
🦾 Operation Digital Security Think you're secure ? A vulnerability scan will prove you wrong
A vulnerability scan is an automated process that identifies security flaws in your systems, networks, and applications before they can be exploited by cybercriminals.
These flaws can stem from configuration errors, software bugs, or even careless human behavior.
Regularly performing these scans allows you to detect weaknesses in your digital environment, prioritize fixes based on their criticality (via scores like CVSS), and significantly reduce the risk of major incidents.
With cyberattacks occurring every 39 seconds, scanning your system means anticipating rather than reacting.
In addition to strengthening your security posture, this approach saves you from financial losses and protects your reputation.
A vulnerability scan is therefore an essential pillar of an effective cybersecurity strategy that combines risk management, regulatory compliance, and cost optimization.
LIEUTENANT’S REPORT 🏆
Check Point – the defensive AI that thinks faster than hackers
Check Point is an international leader in cybersecurity, founded in Israel in 1993. Its unified Infinity platform covers networks, the cloud, endpoints, and hybrid environments through products like Quantum, CloudGuard, Harmony, and ThreatCloud AI.
Noteworthy :
In 2025, Check Point made a strategic leap towards enhanced AI: on one hand, with the Quantum Force range, next-generation AI firewalls with up to 4× faster threat prevention, capable of blocking 99.9% of attacks and optimizing network performance, especially in branch offices.
On the other hand, it unveiled its 2025 AI Security Report at the RSA Conference to warn about the rise of AI-powered cyberattacks, deepfakes, and identity theft. Furthermore, the company offers a roadmap for a proactive, AI-based defense.
These developments illustrate Check Point's "prevention-first" approach, which combines advanced artificial intelligence, unified management, and behavioral anticipation to protect over 100,000 organizations.
CYBERTRIVIA - DID YOU KNOW? 🤔
The attack is served : how a connected coffee maker compromised a network
An Avast researcher, Martin Hron, demonstrated how he turned a consumer model into an attack vector. Through a password-free Wi-Fi communication and an unsecured firmware, he injected ransomware into the machine, then used it as an entry point into the internal network.
An unexpected intrusion that reminds us how even the most innocuous objects can become weapons when the IoT is not properly secured.
In your opinion, what is the most concerning AI threat today ? |
👉️ Let me know if you need further adjustments !
Don't miss any crucial cybersecurity news! Subscribe now to our newsletter to receive in-depth analysis, expert advice, and stay informed about the latest threats and solutions to protect your business. 'This is for all the newcomers: I have only one rule. Everyone fights. No one quits.
