Google Gemini Flaw Hijacks Email Summaries for Phishing

Article Link: https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/  

• Mozilla’s GenAI Bug Bounty Program Manager and researcher Marco Figueroa recently disclosed that Google Gemini can be manipulated to summarize emails with embedded phishing instructions, exploiting trust in AI-generated content. Figueroa showed how attackers use invisible directives hidden with HTML and CSS code setting the font size to zero and the color to white.
• These hidden prompts aren’t visible in Gmail but are parsed by Gemini when generating summaries. As a result, users see such misleading alerts as compromised password warnings and fake support numbers inserted into otherwise ordinary email summaries.
• Even with measures introduced since 2024 to prevent prompt injection, this tactic continues to succeed. Google’s spokesperson said they are constantly red teaming to bolster their defenses against this type of attack, though no real-world abuse of the technique has been confirmed.
• Figueroa offers such mitigation strategies as removing or ignoring body text styled to be hidden and implementing “a post-processing filter that scans Gemini output for urgent messages, URLs, or phone numbers, flagging the message for further review.” The article also points to a Google Security blog post shared with BleepingComputer discussing prompt injection attack security.
• Blog: https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html

Hackers Exploit a Blind Spot Hiding Malware Inside DNS Records

Article Link: https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/  

• Threat actors are increasingly embedding malware into domain name system (DNS) TXT records, taking advantage of how infrequently DNS traffic is monitored. This approach allows malicious payloads to bypass traditional defenses like email filters or web-based threat detection.
• Researchers at DomainTools discovered this method being used to spread Joke Screenmate malware, with a binary file split into hundreds of hexadecimal-encoded chunks stored in subdomain TXT records of whitetreecollective[.]com. Attackers retrieve and reassemble these pieces via seemingly ordinary DNS queries.
• Because DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt requests until they reach a resolver, detecting anomalous DNS behavior has become even harder for organizations without in-network DNS resolution. This makes DNS an attractive vector for covert malware delivery.
• In addition to malware, DomainTools uncovered prompt injection text in DNS records, targeting AI chatbots with commands designed to override safeguards. The findings highlight how DNS, often overlooked, can be weaponized in both traditional and emerging cyber threats.
• DomainTools “Malware in DNS” article: https://dti.domaintools.com/malware-in-dns/

MITRE Launches AADAPT Framework for Financial Systems

Article Link: https://www.darkreading.com/vulnerabilities-threats/mitre-aadapt-framework-financial-systems  

• MITRE has introduced Adversarial Actions in Digital Asset Payment Technologies (AADAPT), a new framework designed to help financial organizations respond to attacks targeting digital payments and cryptocurrency. The tool mirrors the structure of the ATT&CK framework and offers threat modeling focused on digital asset systems.
• AADAPT includes 11 attack stages, from reconnaissance to fraud, each mapped with tactics such as unauthorized cross-chain swaps, double-spending, and flash loan abuse. The framework draws from real-world attacks to ground its recommendations.
• MITRE notes that smaller entities, such as local governments and mid-sized businesses, are especially vulnerable to these types of threats due to limited resources. AADAPT aims to address this gap by offering practical, tailored solutions.
• Asset custodians and payment platforms can use AADAPT to strengthen defenses and reduce system exposure. The framework offers actionable threat intelligence applicable across the rapidly expanding digital finance landscape.
• MITRE AADAPT Matrix: https://aadapt.mitre.org/

WeTransfer Says Files Not Used to Train AI After Backlash

Article Link: https://www.bbc.com/news/articles/cp8mp79gyz1o  

• WeTransfer clarified it does not use uploaded files to train AI after users expressed concern over new terms of service. Many believed the updates allowed for content to be used for machine learning or sold to third parties.
• The company stated the clause was intended to allow AI for content moderation, not for data training. It has since updated the language to avoid ambiguity, confirming no user files are being processed for machine learning purposes.
• Confusion over the terms prompted creative professionals to reconsider their reliance on the service. Similar backlash previously hit Dropbox in December 2023, showing how quickly user trust can be undermined.
• With growing public concern over data use in AI training, providers must be clear and transparent in communicating AI-related policy changes in their Terms of Service.

AI Poisoning and the CISO’s Crisis of Trust

Article Link: https://www.csoonline.com/article/4022073/ai-poisoning-and-the-cisos-crisis-of-trust.html  

• A May 2025 joint bulletin from the NSA, CISA, FBI, and allied nations Australia, New Zealand, and the United Kingdom warned that adversaries are corrupting AI training data across industries, causing systems to produce outputs detached from reality. This emerging threat, known as AI poisoning, forces CISOs to rethink traditional security postures and data trust models.
• Poisoned data can subtly alter how AI interprets financial activity, health diagnostics, or content moderation without obvious signs of compromise. Notable examples include foundation models parroting propaganda and minuscule image perturbations causing medical misinformation.
• The bulletin marks a shift from defending systems to safeguarding inference integrity. CISOs must assess model provenance, interpretability, and resilience, as poisoned models may still appear to function normally while degrading organizational decision-making.
• To confront this risk, CISOs are urged to map AI dependencies, monitor semantic drift, and red team against adversarial inputs. AI oversight must be proactive, with failure playbooks and organization-wide fluency replacing blind trust in machine outputs.

Retailer Co-op: Attackers snatched all 6.5M member records

Article Link: https://www.theregister.com/2025/07/16/coop_data_stolen/  

• Co-op Group CEO Shirine Khoury-Haq confirmed in a recent television appearance that April’s cyberattack compromised the personal data of all 6.5 million members, though the group was able to successfully thwart the attackers through real-time monitoring before ransomware could be deployed.
• While no financial or transactional data was accessed, stolen files included contact information and other member details. Khoury-Haq acknowledged the discomfort members may feel, adding that much of the stolen data may already have been circulating publicly.
• The television appearance came the same day as Co-op announced a partnership with The Hacking Games to identify neurodiverse youth and redirect them toward ethical hacking careers. The program will begin in Co-op schools and aims to expand into the broader UK education system.
• Officials warned the retail sector attacks should serve as a national wake-up call. With grocery chains playing a critical infrastructure role, government leaders urged deeper investment in cybersecurity and collaboration between public and private sectors.

Lessons Learned from McDonald’s Big AI Flub

Article Link: https://www.darkreading.com/application-security/lessons-learned-mcdonalds-ai-flub

• Researchers uncovered that McDonald’s hiring platform, McHire, used default admin credentials (“123456”) and an insecure direct object reference (IDOR) vulnerability to expose access to applicant data. Though the vendor, Paradox.ai, disputes the number of affected users, the researchers found potential access to chat records and personal details tied to over 64 million interactions.
• The breach stemmed from a combination of weak authentication, unsecured API endpoints, and poor access controls. McDonald’s remediated the issue within two hours of disclosure, and there’s no current evidence of malicious exploitation beyond the research team’s findings.
• Lessons offered here included changing default credentials, a fundamental security control, and locking up your AI, an increasingly important control as it is becoming a greater part of research and development functions, as well as the customer-facing experience.  
• The article offers a quote from Randolph Barr, CISO at Cequence Security that fully encompasses what companies must focus on first when deploying AI systems: “What failed here wasn’t some complex AI vulnerability — it was foundational security. Weak default credentials, no MFA, broken access control, and exposed endpoints are issues that have been on OWASP’s radar for over a decade.”

The Car as Office: Mercedes Integrates Teams, Intune and Copilot

Article Link: https://www.computerworld.com/article/4024644/auto-als-office-mercedes-integriert-teams-intune-und-copilot-2.html

• Mercedes-Benz is partnering with Microsoft to turn vehicles into mobile workspaces by integrating Microsoft Teams, Intune, and eventually Microsoft 365 Copilot. This initiative positions the car as a “third workplace” between the office and home, contrasting with Chinese manufacturers focused on in-car entertainment.
• The Teams app uses the vehicle’s interior camera for meetings, with legal compliance and safety features that disable screen sharing while the camera is active. Voice control enables users to dictate messages and access meetings via a dashboard showing upcoming appointments.
• Microsoft Intune is also embedded to ensure secure access to corporate resources, separating business and personal data and allowing IT administrators to enforce security policies remotely. Mercedes aims to meet the same security standards expected of corporate smartphones.
• These features are powered by the MB.OS platform and MBUX infotainment system, launching first in the new CLA model. Generative AI features from Microsoft 365 Copilot will follow, allowing drivers to handle email, customer data, and task prep via voice commands while on the road.