Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cisco Security. Show all posts
zealot
Artificial Intelligence Authentication ChatGPT Cisco Security Cyber Security GitHub Phishing zealot

Researchers Show How ChatGPT Summaries Could Be Used for Phishing Attacks

 


Researchers have identified a technique that could allow malicious content embedded within a web page to appear inside ChatGPT responses, creating an opportunity for phishing, tracking, and social-engineering attacks through a platform users generally regard as trustworthy.

The attack method, named "ChatGPhish" by cybersecurity firm Permiso Security, focuses on how ChatGPT handles Markdown-formatted content when summarizing information from external websites. Markdown is a commonly used formatting language that allows web content to include elements such as hyperlinks and images.

According to Permiso Security researcher Andi Ahmeti, ChatGPT's web interface trusts Markdown links and image URLs originating from third-party pages that users ask the assistant to summarize. When a response is generated, the platform can automatically retrieve those images and present hyperlinks as active, clickable elements within the chatbot's interface.

In a scenario outlined by the researchers, an attacker could place a small hidden payload within a web page. If a user later asks ChatGPT to summarize that page, the embedded content may become part of the model's processing context. During response rendering, attacker-controlled images could be automatically requested, potentially exposing information such as the visitor's IP address, browser User-Agent string, and Referer data.

The researchers also found that links embedded in a manipulated page could appear as legitimate clickable items inside the AI-generated summary. Beyond directing users to phishing destinations, attackers could display fabricated security notifications, account-warning messages designed to imitate system alerts, or QR codes hosted on attacker-controlled infrastructure such as an Amazon S3 bucket. A victim scanning such a code with a mobile device could be redirected to a malicious destination, bypassing certain desktop-based URL filtering mechanisms and enterprise security controls.

The research adds to a growing body of evidence showing that AI-powered summarization tools can become unintended delivery channels for attacker instructions. Earlier this year, Permiso Security disclosed a separate attack involving Microsoft Copilot, where specially crafted instructions hidden inside an email influenced the output generated by the AI assistant. That technique was classified as a cross-prompt injection attack, also known as indirect prompt injection.

According to the researchers, the primary issue is not simply that prompt injection is possible. The more significant concern is how the manipulated content is ultimately presented to the user. A standard web page summarized by ChatGPT can cause phishing links, deceptive warnings, QR codes, and remotely hosted content to be displayed directly inside the assistant's interface, giving attacker-controlled material an appearance of legitimacy.

As AI assistants become common tools for workplace research, document review, and information gathering, this behavior introduces a new risk. Any web page processed by an employee could potentially contain hidden instructions or malicious content capable of influencing both the generated summary and the way that information is displayed.

Permiso Security noted that this shifts phishing activity beyond traditional delivery methods. Users no longer need to open a suspicious attachment or interact with an obviously fraudulent email. In some cases, simply asking an AI assistant to summarize a webpage may expose them to attacker-controlled content.

The disclosure arrives alongside research from Adversa AI detailing two attack techniques aimed at AI coding assistants and agentic development tools. The first, known as SymJack, allows a malicious code repository to achieve remote code execution through an AI-powered coding assistant.

According to Adversa AI researcher Rony Utevsky, the attack relies on convincing the AI assistant to perform what appears to be a harmless file-copy operation. The destination, however, is a symbolic link pointing to the assistant's own configuration file. As a result, attacker-controlled content is written into the configuration. When the assistant is restarted, a malicious Model Context Protocol (MCP) server is launched and executes arbitrary code using the victim's privileges.

The second technique, called TrustFall, uses a repository containing a malicious MCP server together with configuration settings that automatically approve its execution. A developer only needs to clone or open the repository in an AI coding environment and accept a folder-trust prompt. Once that action is taken, the attacker-controlled MCP server can start automatically without requiring additional tool approval, running with the same operating-system permissions as the developer.

Adversa AI explained that a victim who clones the repository, launches Claude, and accepts the generic trust prompt effectively allows the malicious MCP server to start as a native process on the machine. The payload executes immediately when the server starts, before additional prompts or tool requests occur.

The ChatGPhish findings emerge amid a steady stream of research examining weaknesses in modern AI systems, coding agents, and autonomous workflows.

Researchers recently described a jailbreak method called Involuntary In-Context Learning (IICL), which exploits the tension between a model's contextual learning behavior and its safety mechanisms to bypass protections in GPT-5.4.

Separate research from Cisco found that many AI security evaluations fail to reflect how real-world attackers operate. Rather than relying on a single prompt, attackers often use multiple interactions, gradually changing their wording, adopting different personas, and breaking objectives into smaller steps. Cisco argued that single-turn testing overlooks these techniques because real attacks frequently unfold across extended conversations.

Additional research has uncovered a vulnerability affecting Anthropic Claude Code in which a user-level configuration file, "~/.claude.json," can be altered through a rogue npm package. The attack enables modification of MCP endpoints and can place an attacker between Claude Code and an OAuth-protected MCP server, creating an opportunity to capture authentication tokens used to access downstream software-as-a-service platforms.

Researchers have also documented a technique involving OpenClaw skills that appear harmless during installation but later retrieve remote updates. In one scenario, attackers can influence an AI agent through workspace files after instructing users to append specific content to a file called HEARTBEAT.md during setup.

Another study demonstrated how hidden text embedded inside phishing emails can manipulate AI-based email security products. Attackers concealed text taken from legitimate newsletters and romance novels to make malicious messages appear benign to automated filtering systems.

LayerX researchers separately disclosed a flaw known as ClaudeBleed affecting Claude's Chrome extension. According to the company, any browser extension, including one without elevated permissions, could communicate with Claude's language model through the extension's content script because the code does not adequately verify the source of incoming instructions. This could allow another extension to issue commands and trigger actions through the AI assistant.

Cisco researchers also examined typographic prompt injection attacks against vision-language models. In these attacks, adversarial text is embedded inside images. The manipulated image may appear unreadable or resemble visual noise to humans and OCR-based filters while remaining interpretable to the target AI model.

Other recently disclosed vulnerabilities include flaws in Microsoft Semantic Kernel, tracked as CVE-2026-25592 and CVE-2026-26030, which researchers said could allow prompt-injection attacks to progress into host-level remote code execution.

Researchers additionally described the Neural Exec attack and abuse of the Unicode right-to-left-override function to bypass safety mechanisms protecting Apple's local AI models. The issue has since been addressed in iOS 26.4 and macOS 26.4.

A separate indirect prompt-injection vulnerability known as WebPromptTrap affected BrowserOS, an open-source agentic browser. The technique relied on hidden instructions embedded in an otherwise legitimate article to influence an AI-generated summary and persuade users to approve an authorization request. The issue was patched in BrowserOS version 0.32.0.

Research into the broader AI-agent ecosystem has uncovered persistent security weaknesses. An audit covering 3,984 skills published through ClawHub and skills.sh found that 534 skills, representing 13.4% of the total, contained at least one critical security issue. Researchers also identified 1,467 skills with broader weaknesses, including malware distribution risks, prompt-injection opportunities, exposed secrets, hard-coded API credentials, insecure handling of authentication data, and unsafe exposure to third-party content.

Additional studies identified attacks against NemoClaw, NVIDIA's reference framework for securing OpenClaw agents. Researchers demonstrated methods for extracting OpenClaw data through the platform's default sandbox configuration using either a malicious GitHub repository or a compromised npm package.

Security researchers are increasingly examining how advances in AI capability could affect offensive cyber operations. According to researchers at Palo Alto Networks Unit 42, more capable AI models could allow attackers to exploit both newly discovered and previously known vulnerabilities at a scale, speed, and level of automation that has traditionally required specialized expertise.

Last month, Unit 42 presented a proof-of-concept AI agent called Zealot that was capable of carrying out cloud attack operations with limited human involvement. The system chained together reconnaissance, exploitation, privilege escalation, and data-exfiltration activities by leveraging known weaknesses and misconfigurations.

Researchers argue that cloud environments are particularly susceptible to this type of automation because most administrative functions are accessible through APIs, multiple discovery mechanisms exist for identifying resources, configuration errors remain common, and access control often depends heavily on credentials.

According to Unit 42 researchers Yahav Festinger and Chen Doytshman, current large language models are already capable of coordinating reconnaissance, exploitation, privilege escalation, and data theft activities with relatively little human guidance. The techniques themselves are not necessarily new. What is changing is the speed and scale at which those established attack patterns can now be executed through AI-assisted automation.

Read more »
Exploitation
backdoor vulnerability Cisco Cisco Security CVE exploits CVE vulnerability Cyber Security Exploitation

Cisco CVE-2024-20439: Exploitation Attempts Target Smart Licensing Utility Backdoor

 

A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access affected systems. While it’s still unclear whether the vulnerability has been weaponized in ransomware attacks, security experts have noted suspicious botnet activity linked to it since early January, with a significant surge in mid-March. 

The vulnerability, according to Cisco, cannot be exploited unless the CSLU is actively running—a saving grace for systems not using the utility frequently. However, many organizations rely on the CSLU to manage licenses for Cisco products without requiring constant connectivity to Cisco’s cloud-based Smart Software Manager. This increases the risk of exposure for unpatched systems. Johannes Ullrich, Dean of Research at the SANS Technology Institute, highlighted that the vulnerability effectively acts as a backdoor. 

In fact, he noted that Cisco has a history of embedding static credentials in several of its products. Ullrich’s observation aligns with earlier research by Nicholas Starke, who published a detailed technical analysis of the flaw, including the decoded hardcoded password, just weeks after Cisco issued its patch. This disclosure made it easier for potential attackers to identify and exploit vulnerable systems. In addition to CVE-2024-20439, Cisco addressed another critical flaw, CVE-2024-20440, which allows unauthenticated attackers to extract sensitive data from exposed devices, including API credentials. 

This vulnerability also affects the CSLU and can be exploited by sending specially crafted HTTP requests to a target system. Like the first flaw, it is only active when the CSLU application is running. Researchers have now detected attackers chaining both vulnerabilities to maximize impact. According to Ullrich, scans and probes originating from a small botnet are testing for exposure to these flaws. Although Cisco’s Product Security Incident Response Team (PSIRT) maintains that there’s no confirmed evidence of these flaws being exploited in the wild, the published credentials and recent scan activity suggest otherwise. 

These types of vulnerabilities raise larger concerns about the use of hardcoded credentials in critical infrastructure. Cisco has faced similar issues in the past with other software products, including IOS XE, DNA Center, and Emergency Responder. 

As always, the best defense is prompt patching. Cisco released security updates in September to address both flaws, and organizations running CSLU should immediately apply them. Additionally, any instance of the CSLU running unnecessarily should be disabled to reduce the attack surface. With exploit attempts on the rise and technical details now public, delaying mitigation could have serious consequences.
Read more »
Vulnerability management
Cisco Security Security Patch SQL Bug Vulnerabilities and Exploits Vulnerability management

Cisco Firepower Management Center Impacted By a High-Severity Vulnerability

 

Cisco addressed a flaw in the web-based management interface of the Firepower Management Centre (FMC) Software, identified as CVE-2024-20360 (CVSS score 8.8). 

The vulnerability is a SQL injection bug; an intruder can use it to acquire any data from the database, run arbitrary commands on the underlying operating system, and elevate privileges to root. The attacker can only exploit this flaw if they have at least Read Only user privileges. 

“A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.” reads the advisory. “This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system.” 

“A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials,” the advisory adds. 

According to Cisco, there isn't a fix for this vulnerability. The IT giant confirmed that neither Firepower Threat Defence (FTD) nor Adaptive Security Appliance (ASA) software is impacted by this security vulnerability. The attacks that are taking advantage of this vulnerability in the wild are unknown to the Cisco Product Security Incident Response Team (PSIRT). 

Security patch 

Cisco has published free software upgrades to address the vulnerability stated in the advisory. Customers with service contracts that include regular software updates should receive security fixes through their usual update channels. Customers can only install and get support for software versions and feature sets for which they have acquired a licence. Customers agree to abide by the terms and conditions of the Cisco software licence while installing, downloading, accessing, or using such software upgrades. 

Furthermore, customers may only download software for which they have a valid licence, either directly from Cisco or through a Cisco authorised reseller or partner. In most cases, this will be a maintenance upgrade for already purchased software. Customers that receive free security software updates are not entitled to a new software licence, additional software feature sets, or significant revision upgrades.
Read more »
Zero Trust
Cisco Cisco Security CISO CISO perspective Cyber Security Identity Market Security Solutions Zero Trust

Cisco: Leadership Awareness Fuels the Booming Identity Market


The latest research conducted by Cisco Investments with venture capital firms reveals that most CISOs believe complexity in tools, number of solutions and technical glossaries are among the many barriers to zero trust. 

It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.

Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.

From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.

The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs. 

Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.

Demands of CISOs: Ease of Use, Holistic Platforms, CIEMs

The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:

  • The fragmented world of security silos is because of the lack of unified platforms for IAMs, identity governance and administration, and privileged access control. 
  • Enterprise clients are embracing cloud service providers' offerings for managing cloud infrastructure entitlements.
  • The CISOs were against the use of acronyms since they were bothered by the overuse of acronyms like CIEM.

Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”

Top Motivators Will Look for Management Solutions 

Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.

Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms: 

  • Ease of integration (21% of those polled). 
  • Platform-based solution, versus single-point or endpoint offerings (15%). • Ratings from independent analysts (15%). 
  • Price (11%). 
  • Market adoption (11%). 
  • Simplicity of deployment and operations (10%). 
  • Ability to deploy at scale quickly (9%). 
  • Ability to add features easily (8%).     

Read more »
Vulnerabilities and Exploits
Adobe Apple Cisco Security CVE vulnerability Microsoft Vulnerabilities and Exploits

50% of KEV Catalog Were Big Corporations

According to Grey Noise, almost 50% of the upgrades to the KEV catalog in 2022 were due to actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products. The KEV catalog's earlier vulnerabilities from before 2022 made up 77% of the updates. 

In the initial year of the catalog's existence, CISA identified over 850 vulnerabilities, excluding   300 vulnerabilities reported in November and December 2021. As per CSW's Decoding of the CISA KEV study, "the fact they are a part of CISA KEV is rather significant as it suggests that many businesses are still using these outdated systems and therefore are ideal targets for attackers."

Based on a study by a team from Cyber Security Works, a handful of the vulnerabilities in the KEV catalog come from devices that have already reached End-of-Life (EOL) and End-of-Service-Life (EOSL). Despite the fact that Windows Server 2008 and Windows 7 are EOSL products, the KEV catalog identifies 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

The catalog has evolved into the official source for information on vulnerabilities by attackers, even though it was initially designed for vital infrastructure and public service firms. It is crucial since, by 2022, the National Vulnerability Database assigned Common Vulnerabilities and Exposures (CVE) identifiers to over 12,000 vulnerabilities.  Corporate teams can establish customized priority lists using the catalog's curated list of CVEs that are currently being attacked. 

In reality, CSW discovered there was a slight delay between the time a CVE Numbering Authority (CNA) like Mozilla or MITRE issued a CVE to a flaw and the time the vulnerability was posted to the NVD. For instance, the BitPaymer ransomware took advantage of a vulnerability in Apple WebKitGTK (CVE-2019-8720), which Red Hat assigned a CVE for in October 2019 but was added to the KEV catalog in March. As of the beginning of November, it has not been included in the NVD.  

According to CSW, 22% of the vulnerabilities in the catalog are privileging execution issues while 36% of the vulnerabilities are remote code execution problems. Whenever a vulnerability is actively being exploited, has a CVE assigned to it, and is supported by clear mitigation instructions, does CISA update the KEV catalog. 


Read more »
Vulnerabilities and Exploits
Cisco Cisco Security Dos Attacks. DoS Vulnerabilities Vulnerabilities and Exploits

Snort Vulnerability Leads Various Cisco Products Exposed to Vulnerabilities

 


Earlier this week, the company told its customers that several Cisco products have been exposed to DoS (Denial of Service) attacks due to Snort detection engine vulnerability. Known as CVE-2021-1285, the flaw is rated high severity, and hackers can exploit it. The attacker must be on the layer 2 domain similar to the victim, as to compel a device to fall to a DoS attack via sending it specifically made Ethernet frames. As per Cisco, the flaw exists in the Ethernet Frame Decoder part of the Snort. 

The vulnerability affects all variants of the famous intrusion detection and intrusion prevention system (IDS/IPS) made before 2.9.17, which has a bug patch. According to Security Week, "Snort is an open-source tool developed by Cisco that provides real-time traffic analysis and packet logging capabilities. It has been downloaded millions of times and it has more than 600,000 registered users, with Cisco claiming that it’s the most widely deployed IPS in the world. The alpha version of Snort 3 was announced in December 2014 and now it has finally become generally available."

Catalyst Edge software and platform, 1000v series Cloud Services Router products, and Integrated Service Router (ISR) are said to be affected by the CVE-2021-1285. But they'll be affected only if they are using a version of Cisco UTD Snort IPS engine software that is vulnerable for IOS XE or Cisco UTD Engine for IOS XE SD-WAN, and if these are configured to pass through the Ethernet frames to Snort. According to Cisco, the flaw is linked to FTD (Firepower Threat Defense) issue that was patched in October last year. 

The vulnerabilities were found during solving a support case, however, no evidence has been found to point that these vulnerabilities were exploited in any attacks. Besides this, on Wednesday Cisco issued an advisory on few other vulnerabilities, of medium severe ratings. "These impact Webex, SD-WAN, ASR, Network Services Orchestrator, IP phones, and Email Security Appliance products, and they can lead to information disclosure, path traversal, authorization bypass, DoS attacks, privilege escalation, and SQL injection," says SecurityWeek.
Read more »
Cyber Security
Artificial Intelligence Bharti Airtel Cisco Security Cyber Security

Cyber Security Solutions for Enterprises Launched by Bharti Airtel


Bharti Airtel Ltd recently dispatched a 'suite of cybersecurity solutions' for large, medium and small businesses as they move on to digital and cloud platforms, expanding the need to protect information from online attacks.

Airtel Secure, the suite, will have a security intelligence centre, a best in class infrastructure with admittance to cutting edge innovation and artificial intelligence tools. 

The telco has put about ₹100 crore in Airtel security intelligence centre situated in the National Capital region (NCR), the chief executive Gopal Vittal said in a press conference.

“… Cybersecurity is a critical requirement. Airtel Secure has been built to serve this need. It combines Airtel’s robust network security with cutting-edge solutions delivered through global partnerships to deliver end-to-end managed security services," he added further. 

The telco has also collaborated with global firms Cisco, Radware, VMWare, and Forcepoint who will together give digital protection solutions under the product, Airtel Secure. 

Cisco's solutions will be accessible for enterprises just as governments.

The solutions under Airtel Secure have been 'beta tested' by 20 huge organizations who are now utilizing the security intelligence centre, Vittal stated, including later that the telco will soon begin building them for medium and small businesses with low spending plans.

“Smaller businesses may not have the budgets that larger companies do, so we are engineering a product portfolio that can be bundled for our smaller enterprises to protect their information as well," Vittal said. 

However, he included later that the whole portfolio of the security intelligence centre, in any case, can't be accessed by those with lower spending plans, yet they will hold of the essentials, like a 'secure internet, data and remote access'.

Read more »
Vulnerabilities and Exploits
Arbitrary code execution Cisco Security Data security software Software Vulnerability Vulnerabilities and Exploits

Cisco Vulnerable Again; May Lead To Arbitrary Code Execution!


Earlier this year Cisco was in the headlines for the Zero-day vulnerabilities that were discovered in several of its devices including IP Phones, routers, cameras and switches.

The vulnerabilities that were quite exploitable were found in the Cisco Discovery Protocol (CDP), which is a layer 2 network protocol so that any discrepancies of the devices could be tracked.

Now again, Cisco has been found to be more unreliable than ever. Only this time the researchers learnt about numerous severe security vulnerabilities.

These susceptibilities could let the attackers or hackers execute “arbitrary commands” with the supposed “consent” of the user. Per sources, the affected Cisco parts this time happen to be the software, namely the Cisco UCS Manager Software, Cisco NX-OS Software and Cisco FXOS Software.

Reports reveal that the vulnerability in the Cisco FXOS and NX-OS Software admits unauthorized “adjacent” attackers into the system and lets them execute arbitrary code in order to achieve the “DoS”. (Denial of Service)

The vulnerabilities in Cisco FXOS and UCS Manager Software lets unauthenticated “local attackers” to execute arbitrary commands on the victim’s devices.

The reason for this vulnerability rises from the absence of “input validation”. The misuse of this makes it way easy for attackers to execute the arbitrary code making use of the user’s authority (which they don’t even know about) who’s logged in, per sources.

The other vulnerabilities in the Cisco FXOS and UCS Software include allowing unauthenticated local attackers to execute arbitrary commands.

A hacker could also try to send specially structures “arguments” to certain commands. This exploit if successful could grant admittance to the hacker to not only enter but also execute arbitrary commands.

All the exploitable loopholes of the Cisco software are really dangerous and critical in all the possible terms. Cisco has been in the limelight for more times than that could be overlooked. It is up to the users now to be well stacked with respect to security mechanisms.

However, understanding the seriousness of the vulnerabilities in the software, Cisco has indeed released various security updates that work for all the vulnerable software, in its Software Security Advisory.

The users are advised to get on top of the updates as soon as possible.

Read more »
Subscribe to: Posts (Atom)