Scientists Detect First AI-Driven Malware Samples in the U.S.

🔎 Cyber Watch

Salt Typhoon: Governments Urged to Act Fast

U.S. agencies—including the FBI, CISA, and NSA—released a 37-page joint advisory this week with detailed guidance on countering the Salt Typhoon espionage campaign. The Chinese-linked threat actor has compromised more than 200 companies across 80 countries, including U.S. telecom firms, law enforcement interfaces, and the National Guard. This expands upon previous reports that revealed deep penetrations and widespread exfiltration of telecommunications metadata and law enforcement systems.

Takeaway: Governments and critical infrastructure operators must treat this as a wake-up call. The advisory stresses implementing zero trust, continuous monitoring, patching known exploited vulnerabilities, and coordinating across agencies to rebuild trust and resilience.

🎙️ Tech Briefing On‑Air

Oops… I Auto-Filled My Password into a Cookie Banner

In this Smashing Security episode (available via Spotify), the hosts share hilarious — yet alarming — real stories where people accidentally autofilled passwords into cookie prompts. The conversation shines a light on browser UX flaws that can expose credentials and lead to phishing or credential theft.

What It Means

Even familiar security tools like password managers can be misused by design flaws. Users should double-check autofill prompts, and browser developers must tighten safeguards to prevent credential leakage.

🤝 Partner Intel

Talkroute offers cloud-based virtual phone and VoIP systems tailored for small to mid-sized businesses. Features include call forwarding, multi-device support, customizable greetings, auto-attendant, and text messaging. It provides an affordable and flexible alternative to traditional phone lines—with simple web-based setup and competitive pricing—suitable for service providers and customer-facing teams.

🤖 AI Runtime

Scientists Detect First AI-Driven Malware Samples in the U.S.

Researchers uncovered “PromptLock,” the first known AI-powered ransomware variant, using a locally hosted LLM (gpt-oss:20b) via the Ollama API to dynamically generate Lua scripts. This Proof-of-Concept can scan file systems, choose targets, exfiltrate or encrypt data, and works across Windows, macOS, and Linux platforms. Though not yet deployed in real-world attacks, it signals a new era of AI-augmented cyber threats.

📊 By the Numbers

1,648,411

China’s active patents in cybersecurity, as of 2025, accounting for 41% of the total active patents in the world today.

🗳️ Your Tuesday Take

Cast your vote on our weekly poll.

📩 We’ll share the results in the next issue.

🔗 Stay Connected

|Manage preferences|  |Refer a colleague|  |Contact us|  

Until Thursday’s edition - Let’s keep that zero-day count at zero!