CYBERCHAOS ADVANCES IN DISGUISE : WILL YOU BE ABLE TO IDENTIFY THE ENEMY ?

🤖 Dear internet users and fellow Cyberdefenders,

Citizens, the digital front is in flames. In 2025, our defenses are no longer infiltrated by strangers... but by our own engineers. Experts, certified and decorated, have betrayed their oath and turned their skills against the companies they were supposed to defend. This is not an exercise. This is not a rumor. It is a hostile operation right in the heart of our information systems.

Meanwhile, Microsoft Teams — an emblematic collaboration tool — is hijacked to manipulate conversations, usurp identities, and make entire departments fall into the trap of trust. Thousands of kilometers away, ChatGPT, the artificial intelligence you use every day, has become a double-edged sword, vulnerable to silent injections. A simple question, a simple link... and your data can be exfiltrated without a sound. AI, formerly perceived as our ally, is today a target... but also an attack vector.

Like in the streets of Buenos Aires in Starship Troopers, the enemy strikes without warning, faceless, and sometimes even from inside the camp. Ransomware is proliferating, APTs are reinventing themselves, States are arming themselves, and Europe is becoming a full-scale testing ground for all current cyber powers.

📢 Survival no longer depends only on your antivirus. It depends on your ability to understand, anticipate, and retaliate.

📩 Subscribe. Prepare yourself. And remember... 

🪖 "Security is not a right. It is a fight."

Highlights :

👉 Microsoft Teams betrayed from within: your colleague might not be who you think... 🕵️

👉 Cybersecurity experts become cybercriminals: the BlackCat affair explodes! 💣

👉 Europe under digital siege: ransomware settles in and accelerates 🇪🇺 

👉 Google Cloud sounds the alarm: 2026 will be the year of AI ghost agents 🤖

👉 ChatGPT hacked? Vulnerabilities threatening your sensitive data 🧠

If this letter was forwarded to you, subscribe by clicking this link 

🗞️​ Guess what ?

🤓​ Would you like to know more ?

1️⃣​ Microsoft Teams betrayed from within: your colleague might not be who you think...

Summary : Check Point researchers revealed four critical vulnerabilities in Microsoft Teams, affecting its ability to guarantee message authenticity. These flaws allowed modifying content without leaving a trace, manipulating notifications, and falsifying identities in private conversations as well as during calls. These vulnerabilities exposed users to sophisticated internal attacks, particularly from malicious collaborators or guest accounts. Microsoft corrected some issues under CVE-2024-38197, but the threat highlighted fundamental flaws in digital trust within collaborative environments

Details :

• Invisible message alteration: Messages could be modified without the "Edited" label appearing, allowing an attacker to rewrite conversation history to manipulate context or hide malicious action.

• Identity falsification in notifications: Push notifications could be faked to make messages appear as if issued by C-Levels, paving the way for highly effective internal spear-phishing.

• Usurpation in calls and private discussions: By modifying the display name in notifications or calls, an attacker could simulate the identity of a colleague or executive, reinforcing internal fraud scenarios.

• Use by internal and external actors: The vulnerabilities could be exploited by guest users as well as malicious employees, blurring the lines between external and internal threats.

• A systemic trust problem: According to Check Point, these flaws reveal that security is no longer enough: user perception must now be secured, because "seeing" no longer means "believing".

What should be remembered ?

The compromise of Microsoft Teams underscores a critical point: in the era of digital communications, contextual trust is as vulnerable as the systems themselves. Companies must strengthen their social and technical defenses, because attackers now exploit psychology more than firewalls.

2️⃣ Cybersecurity experts become cybercriminals : the BlackCat affair explodes!

Summary : Three American cybersecurity professionals, two of whom were employed in specialized firms, have been indicted for conducting attacks with BlackCat ransomware. Taking advantage of their privileged access, they targeted five companies between 2023 and 2025, extorting up to $1.3 million from a clinic in Florida. The affair is shaking the sector, as it demonstrates how the threat can come from within, from profiles deemed "trusted". The companies involved (Sygnia, DigitalMint) are trying to distance themselves, but the ethics of cybersecurity experts are now in the spotlight.

Details :

• High-ranking and qualified profiles: The indicted individuals were responsible for incident response and ransom negotiation. Their expertise was diverted to orchestrate targeted and professional attacks.

• A multi-state operation: The victims are spread across Florida, California, Maryland, and Virginia. Sensitive fields like health and technology were specifically targeted.

• A "clean" and opaque infiltration: Thanks to a BlackCat affiliate account, the attackers operated discreetly, in some cases without the initial trace of compromise being immediately identified.

• Assumed economic motivations: One of the accused allegedly admitted to having acted to "get out of debt". This underscores the risk of financial pressures in a sector where system access is critical.

• Severe judicial consequences: Up to 30 years in prison are faced. This precedent sends a strong message: US authorities now treat cyber insiders as true criminals.

What should be remembered?

This affair reveals an uncomfortable truth: even the guardians of the system can betray. Companies must reinforce internal controls and monitor the access of sensitive employees as if they were potentially hostile third parties.

3️⃣​ Europe under digital siege: ransomware settles in and accelerates

Summary : CrowdStrike alerts on a rise in power of ransomware attacks in Europe, now representing 22% of global cases. Industrial, technological, and service sectors are particularly targeted. The exploitation of AI, notably in vishing and social engineering, fuels rapid and destructive campaigns. Groups like Akira, LockBit, or RansomHub are intensifying their operations on the continent. In parallel, physical attacks (kidnapping, crypto extortion) led by networks like "The Com" add a worrying and hybrid dimension to the threat.

Details:

• Rise in leaks and extortions: The number of European organizations cited on leak sites jumped by 13%. "Big Game Hunting" is clearly oriented towards Europe.

• Ultra-short deployment time: Scattered Spider and other groups are reducing their infection time to less than 24h. Attackers favor reactive but ill-prepared targets.

• Vishing + AI = lethal combo: Telephone attacks (vishing), amplified by realistic synthetic voices, trap collaborators by posing as familiar figures.

• Physical violence & crypto: Since January 2024, 17 attacks including physical threats and kidnappings have been recorded, especially in France. The case of the Ledger co-founder is emblematic.

• Strategic recommendations: CrowdStrike recommends securing the identity ecosystem, reinforcing cross-domain visibility, and using defensive AI to counter offensive AI.

What should be remembered ?

Europe is no longer a simple observation ground : it is a cyber battlefield. The sophistication of attacks and their hybridization with the real world impose an immediate ramp-up of security measures, particularly human ones.

4️⃣​ Google Cloud sounds the alarm: 2026 will be the year of AI ghost agents

Summary : Google Cloud identifies three major threats for 2026: generative AI used for attacks, AI "ghost agents" deployed without control, and state cyber-operations. Cybercriminals will be able to usurp identities via deepfake voice and video, while companies expose themselves to leaks through the use of AI not validated by the IT department. In parallel, hypervisor exploitation and geopolitical pressure reinforce the risks of systemic attacks. Russia, China, North Korea, and Iran are pointed out.

Details:

• Vishing 2.0 with generative AI : Realistic voice synthesis allows calling employees and posing as their hierarchy. Voice phishing becomes undetectable to the human ear.

• AI agents deployed internally without validation: These "ghost agents" can extract, process, and exfiltrate sensitive data unbeknownst to CISOs, creating invisible breaches from the outside.

• Hypervisors: new breaking points: Targeted for their centralized power, hypervisors are high risk. One flaw is enough to compromise an entire virtual infrastructure.

• Return of Nation-States: State attacks are increasingly offensive. China favors discretion via subcontractors, while Russia extends its strategic targets.

• Electoral threat in 2026: Regional elections in Europe, notably in France, are designated targets for disinformation and influence campaigns.

What should be remembered?

The future of cybersecurity will play out as much in anticipating AI uses as in the political and strategic management of systems. Human error no longer comes only from the user, but also from poorly governed AI.

5️⃣ ChatGPT hacked ? Vulnerabilities threatening your sensitive data

Summary : Tenable unveiled seven vulnerabilities in GPT-4o and GPT-5 models allowing attacks by indirect prompt injection. Some allow data exfiltration without user interaction ("zero-click"), by manipulating web content or metadata. These attacks can bypass OpenAI guardrails, exposing users to memory leaks, malicious actions, or biased responses. These flaws underscore the danger of exposing AIs to external tools without strict partitioning. The threat of disinformation or manipulation via AI becomes tangible.

Details:

• Injection via trapped links: A simple link containing a prompt (via ?q=...) can force ChatGPT to execute a malicious instruction without human interaction.

• Exploitation of referenced sites: Comments hidden in indexed pages can inject commands into ChatGPT via its automatic summary capabilities.

• Bypassing security filters: "Safe" URLs like bing[.]com are used to hide redirects to malicious scripts, thus escaping blocking mechanisms.

• Memory poisoning: Instructions hidden in sites can affect a ChatGPT user's personal memory and provoke deviant responses over the long term.

• Cascade attacks on AI agents: Researchers demonstrated that it only takes 250 malicious documents to backdoor an entire model. The attack becomes industrial.

What should be remembered?

LLMs are sponges: they absorb everything, including traps. Companies must consider interaction with AI as a network exposure, and apply the same principles of defense in depth.

LIEUTENANT'S REPORT 🏆

Darktrace, founded in 2013 and based in Cambridge (UK), is a pioneer in AI-based cybersecurity. With a turnover of nearly $500 million and more than 2,200 employees, it has established itself as a major player in NDR (Network Detection and Response) technologies, while offering automated prevention, response, and remediation capabilities. Recognized by eSecurity Planet as one of the best global providers, Darktrace proposes an unconventional approach, based on self-learning AI that adapts dynamically to each client environment.

Highlight :

One of Darktrace's unique aspects lies in its ability to detect unknown threats without relying on traditional signatures. In 2025, a large European pharmaceutical company avoided a major incident when a Darktrace AI component detected abnormal behavior on an internal server — although the latter had generated no alerts via classic monitoring tools. The AI identified atypical outgoing communication outside usual hours and automatically blocked the traffic. This intervention highlighted a malicious actor having compromised a service account to slowly exfiltrate critical R&D data. Without immediate human intervention, Darktrace blocked, contained, and generated a report for investigation.

CYBERTRIVIA - DID YOU KNOW ? 🤔

According to the ENISA "Threat Landscape 2025" report, ransomware represents 81.1% of cybercrime incidents reported in Europe between July 2024 and June 2025.

Furthermore, phishing remains the dominant entry vector with about 60% of intrusions, and more than 80% of these social engineering campaigns use AI.

This double finding illustrates the extent to which cyberattacks are now massive, assisted by AI, and mostly for profit — obliging organizations to adopt global and proactive defenses.

👉️ Let me know if you need further adjustments !