Skip to content

Cyber Threat Weekly – #96

Derek Krein
3 min read

The week of September 15th through September 21st, about 356 cyber news articles were reviewed. A light amount of cyber threat trends and adversarial behavior news to share.  Been thinkin about Model Context Protocol (MCP) and agentic AI.

MCP is not even a year old yet.  The MCP servers themselves are applications we need to protect.  Control and visibility into what they have access too can be a blind spot.  Indirect prompt injection will be rampant without guardrails in place.  Are we ready?

Let’s start with interesting use cases of LLM-enabled malware.  CISA details two malware strains abused in Ivanti EPMM attacks.  A great share on MCP tools for AI agents.  The CIA deputy director shares AI transformation lessons learned.

Ransomware rundown for August.  Public repositories still under attack.  Steganography and FileFix campaign in the wild.  AI native pen testing tool, Villager, nearly 11,000 downloads. 


Broken Record Alert: Don’t get pwned by N-day vulnerabilities!!!

Known exploited software flaws are one of the top 4 initial access vectors and have increased sharply in recent months.  We continue to share n-day vulnerabilities being actively exploited.  Priority #1, start with the CISA / VulnCheck known exploited vulnerability (KEV) catalogs.  If it’s in the catalog, it should be patched.

A close #2 priority is flaws with weaponized proof of concept (PoC) code available.  Exploit chances are higher with weaponized PoC code available.  If you do nothing else with patching, have an emergency 24-to-48-hour patching process for actively exploited and weaponized PoC code available vulnerabilities.

You should consider what is exposed to the Internet.  Architecture and zero trust network access (ZTNA) can go a long way to minimizing the number of devices and services exposed to the Internet.


Researchers Share Their Hunt for LLM-Enabled Malware

Starting with defining the threat large language models (LLMs) bring to bear and defining LLM-enabled malware.  From there focus is applied to hunting for LLM-embedded malware and some samples were indeed found.

https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/


Malware Details Shared by CISA for EPMM Attacks

Two zero-day bugs, patched in May 2025, led to malware on Ivanti Endpoint Manager Mobile (EPMM), CISA provides details on two strains.  In addition, CISA provides indicators of compromise, YARA and SIGMA rules.

https://thehackernews.com/2025/09/cisa-warns-of-two-malware-strains.html

https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-malware-analysis-report-malicious-listener-targeting-ivanti-endpoint-manager-mobile


MCP Tools for Agentic AI and AI Agents – Attack Vectors and Defenses

As we move into agentic AI and AI agents, MCP servers are becoming prevalent.  The MCP standard was released November 2024, so new tech.  There are many public sources for MCP servers.  Researchers share how MCP tools work and some common attacks.

https://www.elastic.co/security-labs/mcp-tools-attack-defense-recommendations


Seven Lessons Shared on Securing AI Transformation

Former deputy director Jennifer Ewbank’s lessons learned from the Central Intelligence Agency’s digital transformation.  A huge lesson, foundational security and boring fundamentals are a must when rolling out AI.  Another lesson, you need to think like an adversary.

https://www.darkreading.com/cyber-risk/7-lessons-securing-ai-transformation-former-cia-digital-guru


New Ransomware Threats Arise, But Qilin Remains on top

Akira is a distant second and Sinobi hits third with only two months in existence.  August saw 467 ransomware attacks based on data leak sites.  Another new player, The Gentlemen, has claimed 30 victims in September.  Another comeback attempt by LockBit.

https://thecyberexpress.com/qilin-top-ransomware-group-amid-new-threats/


Public Repository Attack Stories

Combining attack stories on public repositories such as npm, PyPI, and more.

https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html

https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat

https://www.infosecurity-magazine.com/news/supply-chain-worm-hundreds-npm/


Multi-Stage FileFix and Steganography Campaign Observed  

Social engineering campaigns such as ClickFix have skyrocketed.  A variant ‘FileFix’ campaign has been spotted, using steganography and JavaScript minification to hide code.  With multi-stage delivery, the final payload is StealC.

https://www.infosecurity-magazine.com/news/filefix-steganography-multistage/

https://www.acronis.com/en/tru/posts/filefix-in-the-wild-new-filefix-campaign-goes-beyond-poc-and-leverages-steganography/


Another AI Native Pen Testing Tool Called Villager

With nearly 11,000 downloads this is a dual use tool cybercriminals and state actors can easily abuse.  The tool comes from a Chinese based group and combines Kali Linux utilities and DeepSeek AI models as an automation layer.

https://www.infosecurity-magazine.com/news/chinese-ai-villager-pen-testing/


Member Reactions
Reactions are loading...

Sign in to leave reactions on posts

Newsletter
Comments

Sign in to join the conversation.
Just enter your email below to receive a login link.


Related Posts

Members Public

Cyber Threat Weekly – #95

The week of September 8th through September 14th, about 369 cyber news articles were reviewed. A light amount of cyber threat trends and adversarial behavior news to share.  Been thinkin about how our lack of foundational security practices is coming back to haunt us. If you don’t have a

Members Public

Cyber Threat Weekly – #94

The week of September 1st through September 7th, around 323 cyber news articles were reviewed. A moderate amount of cyber threat trends and adversarial behavior news to share.  Been thinkin about how easily AI is tricked and abused. There’s a lot of hype promising AI agents with true agency

Members Public

Cyber Threat Weekly – #93

The week of August 25th through August 31st, roughly 311 cyber news articles were reviewed. A light amount of cyber threat trends and adversarial behavior news to share.  Been thinkin about threat exposure management again lately. Every week the same types of stories come up, often with software bugs abused