Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware

Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware

• A newly discovered stealer trojan named “Noodlophile” is being disguised as generative AI tools, including fake versions of ChatGPT, Midjourney, and Sora to trick users into downloading malware.
• The campaign drives traffic to malicious websites using paid Facebook ads, AI-themed blog posts, and YouTube videos that promote links to the phony tools.
• Once installed, Noodlophile captures stored browser credentials, monitors keystrokes, and opens a backdoor for attackers to access infected devices.
• The article cautions users against downloading AI tools from unverified sources and encourages users to use only official developer websites to avoid these threats.

CISA Reverses Decision on Cybersecurity Advisory Changes

Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/

• CISA has announced it will restore public access to its Industrial Control Systems (ICS) Advisory Archive, reversing a recent decision to take it offline that drew sharp criticism from the security community.
• The archive, containing over 1,300 ICS vulnerability advisories dating back to 2005, was removed in April due to concerns about outdated information and non-compliance with Federal accessibility requirements.
• The takedown sparked concern among analysts and asset owners who rely on historical advisories for tracking exploits, understanding threat patterns, and managing long-term risk across operational technology environments.
• CISA now says it will return the archive in its entirety while also developing a new approach that balances transparency, usability, and compliance with Federal standards.

FBI Warns That End of Life Devices are Being Actively Targeted by Threat Actors

Article Link: https://www.csoonline.com/article/3982368/fbi-warns-that-end-of-life-devices-are-being-actively-targeted-by-threat-actors.html

• The FBI has issued another warning that outdated network devices no longer supported by vendors are being actively targeted by threat actors exploiting known vulnerabilities.
• These end-of-life systems often remain in use due to budget constraints or compatibility issues, leaving them exposed to attacks that rely on missing patches and publicly available exploits.
• Attackers are using these entry points to deploy malware, steal data, and maintain long-term access. Indicators of compromise include weak administrator credentials, the presence of remote access tools such as Cobalt Strike, unauthorized scheduled tasks, and unusual outbound traffic.
• FRSecure information security experts recommend increased monitoring and network isolation, specifically a north, south, east, and west network segmentation approach.

Meta Battles an ‘Epidemic of Scams’ as Criminals Flood Instagram and Facebook

Article Link: https://www.wsj.com/tech/meta-fraud-facebook-instagram-813363c8

• Thousands of fake Facebook and Instagram accounts were pretending to be banks, tech companies, and government agencies as part of a massive scam campaign removed by Meta that involved over 11,000 pages, ads, and profiles.
• These scams used social media ads and posts to spread fake links that led people to phishing sites and bogus investment schemes, tricking them into handing over passwords or sending money.
• Some of the operations were connected to fraud networks based in China, Nigeria, and Russia, using sophisticated tactics to appear trustworthy and operate across different languages.
• Meta says it’s working with banks, security firms, and law enforcement, and has rolled out new tools to help real organizations catch impersonators faster and limit the damage. However, the company also stated, “Because Meta has no duty to protect users from third-party content on its platform, Plaintiff cannot state a negligence claim.”

iClicker Site Sends ClickFix Malware to Students Via Fake CAPTCHA

Article Link: https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/

• A phishing campaign used a fake version of the iClicker website to target students with malware, displaying a phony CAPTCHA screen to create a sense of legitimacy, but the article doesn’t reveal how the fake site was circulated or who’s behind the campaign.
• After completing the CAPTCHA, users were prompted to download a ZIP file that appeared to be part of the normal process but actually contained a remote access trojan.
• Once executed, the malware collected browser credentials and system information from the infected device, granting attackers access to sensitive data.
• The article notes mobile app users are not at risk and advises students to use a password manager.

Ransomware Scum Have Put a Target on the No Man’s Land Between IT and Operations

Article Link: https://www.theregister.com/2025/05/14/ransomware_targets_middle_systems_sans/?td=keepreading

• Research presented at the 2024 SANS Ransomware Summit shows attackers are targeting the middle layer of industrial environments, including engineering workstations, systems that record production activity, and tools that connect factory controls to business networks. These systems are often overlooked but control how machinery operates and is updated.
• Once inside, attackers alter process data and block visibility into operations, which can mislead staff into thinking everything is running normally. In covert fashion, this can delay emergency actions, hide safety issues, or lead to flawed output, allowing the impact to grow unnoticed.
• The article points to the Colonial Pipeline and Change Healthcare attacks, where behind-the-scenes disruptions did more than lock up data. They triggered fuel shortages, blocked access to prescriptions, and forced hospitals to divert patients, showing how attacks on internal systems can directly threaten human life.
• Replacing an industrial control system can take months and cost millions, especially when equipment is outdated or customized. Because attackers only need to disable a few well-placed systems to cause widespread fallout, the article stresses the need to protect the assets that keep operations steady.

Five Takeaways from the Copyright Office’s Controversial New AI Report

Article Link: https://copyrightlately.com/copyright-office-ai-report/

• The U.S. Copyright Office has released a detailed report stating that works created entirely by artificial intelligence, without meaningful human involvement, are not eligible for copyright under current law.
• The report is the result of a year-long review involving over 10,000 public comments, listening sessions, and roundtables on the impact of generative AI on copyright.
• The Office clarified that AI-generated content can only be included in a copyright claim if a human arranges or selects the material creatively enough for the final work to qualify as original authorship.
• The report also points to unresolved legal questions around training data, liability, and transparency, signaling that more guidance will be needed as AI tools evolve.
• Link to Report: https://www.copyright.gov/newsnet/2025/1060.html

Microsoft extends Office app support on Windows 10 to 2028

Article Link: https://www.theverge.com/news/665599/microsoft-365-office-apps-windows-10-end-of-support-extension-2028

• Microsoft will now allow Microsoft 365 and Office LTSC apps to run on Windows 10 through October 14, 2028, extending access by four years past the original 2025 cutoff.
• This extension applies only to systems running version 22H2 of Windows 10, which is the final feature update for the platform.
• Windows 10 will still stop receiving security patches in October 2025, meaning users running Office apps beyond that point may face increased exposure to threats.
• Microsoft is steering users toward Windows 11 to “avoid performance and reliability issues over time,” but acknowledges this extension provides extra time for those not yet prepared to transition.
• Link to Announcement: https://learn.microsoft.com/en-us/microsoft-365-apps/end-of-support/windows-10-support

Cyber Threat Escalates: PowerSchool Cybercriminal Returns to Extort Individual Schools Months After Massive Data Breach Purportedly Resolved

Article Link: https://www.jdsupra.com/legalnews/cyber-threat-escalates-powerschool-3692625/

• PowerSchool, a leading provider of K–12 education software used by thousands of school districts across the U.S., identified suspicious activity on its network on May 2, prompting an internal investigation into potential unauthorized access to student and staff data such as academic records, medical histories, and demographic information.
• By May 7, users began receiving unexpected password reset emails and reporting access issues, revealing that the incident had broader effects on student and teacher accounts. These disruptions caused login failures and outages in some districts, interfering with daily operations and raising concerns about the misuse of personal data.
• The incident reinforces that third-party platforms must be treated as extensions of school infrastructure, requiring the same level of oversight, access control, and breach preparedness as internal systems.
• As outlined in the article, several schools have started reassessing vendor agreements, restricting platform access where possible, and preparing notification procedures to protect information such as student records, medical details, disciplinary reports, and staff employment data.