Shahriyar Gourgi’s Post

Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.

💻 The Hacker News 📰 TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which https://lnkd.in/gf9Ks-BX 📌 🔗 Read more: https://lnkd.in/g9TzizNB

Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b model | PromptLock uses OpenAI's gpt-oss-20b model and generates malicious scripts on the fly | ITPro

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIsCybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which2025-09-09T10:02:00.000Z

What could possibly go wrong if your browser runs untrusted code at speed? Quite a lot, as it turns out. Google has just patched CVE-2025-10585, a zero-day vulnerability in Chrome's V8 engine, the core component responsible for running JavaScript and WebAssembly. This type confusion flaw has already been exploited in the wild, allowing attackers to trigger unexpected behavior, crash the browser, or execute arbitrary code. It’s the sixth such zero-day affecting Chrome in 2025 alone. Discovered by Google’s Threat Analysis Group on September 16, the details of the exploit haven’t been disclosed yet, a common move to reduce the risk of further attacks while the patch rolls out. The fix is included in: ➤ 140.0.7339.185/.186 for Windows and macOS ➤140.0.7339.185 for Linux Chromium-based browsers like Edge, Brave, and Opera are also expected to update soon. 💡https://lnkd.in/gnnU4dFg This case underscores how even small bugs in performance-critical code can have wide-reaching security implications, and why rapid patching remains a key defense strategy. #BrowserSecurity #Chrome #ZeroDay #Cybersecurity #CVE202510585

In a supply chain attack last week, (26 Aug) unidentified attackers compromised more than 1,000 developers and exfiltrated approximately 20,000 sensitive files. The four hour attack began when the perpetrators used a compromised npm token to publish malicious versions of the popular "Nx" Javascript build system and its plug-ins. This malware leveraged AI command line interfaces (such as Gemini, Claude Code, or Amazon Q) to do reconnaisance. The attack was surprising and novel. * Speed: The entire attack was completed in just over four hours, from the initial compromise to the exfiltration of data. This is a rapid timeline compared to typical, more deliberate cyberattacks. * AI-Powered Discovery: The malware did not just scan for specific file types; it used AI command-line interfaces (CLIs) on victims' machines to dynamically locate high-value secrets using natural language prompts. * Public Data Exfiltration: Attackers exfiltrated the stolen data by creating new public repositories on each victim's own GitHub account and uploading the sensitive files there. This is an unusual and highly visible method compared to using private command-and-control servers. * Post-Breach Disruption: After stealing the data, the malware intentionally sabotaged the victim's system by modifying shell files to crash the terminal upon launch, a tactic designed to slow and disrupt investigation efforts. By using malware which exploited AI CLIs already on developers' machines, the attackers successfully exposed over 1,000 valid GitHub tokens and dozens of other cloud credentials. This outcome demonstrates the potential of this attack vector, even in these early days. https://lnkd.in/g4TKtTgz

Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b model https://lnkd.in/edkX3ycJ

🚨This week's Container Security Unboxed: New Linux malware called Sobolan is targeting AI applications. Attackers broke in through an exposed JupyterLab instance, planted malicious binaries, opened backdoors, and hijacked resources for cryptomining all while blending into legitimate processes to stay hidden. Why it matters: 🔑 Misconfigurations and exposed services are easy entry points 🤖 AI workloads are now prime targets for disruption and data risk 💫 Sobolan is adaptive, re-establishing itself even after removal This is exactly why runtime protection is critical. Aqua detects and blocks these behaviors in real time, cutting off backdoor access before attackers can take hold. See how easy it is to set up runtime alerts with Aqua: https://hubs.li/Q03HFPt00 #AIsecurity #CloudNative #RuntimeProtection

We stopped a novel cryptomining attack, swipe ➡️ through to learn how! Cryptojacking attacks are on the rise as threat actors exploit hard-to-detect cryptomining malware. In a recent case, attackers attempted to use a PowerShell script to download and run NBMiner. Our AI stopped it before they could cash in. Want to learn more? Read the full Inside the SOC blog now! 👇 🔗 https://lnkd.in/gQ4CAmjx