Your Weekly Cybersecurity Threat Intelligence Update
This week highlights critical vulnerabilities in AI security controls, a sophisticated Windows exploit technique, and a new backdoor targeting privileged access management. Here’s what you need to know to stay ahead of evolving cyber threats.
AI Guardrails Under Fire: Cisco Demo Shows Jailbreak Risks
Cisco and Robust Intelligence researchers demonstrated automated methods, including Tree of Attacks with Pruning (TAP), that can jailbreak large language models in under a minute. These techniques bypass built-in safety guardrails and exploit adversarial prompts to trigger unintended actions, even against leading AI platforms. The findings reveal significant gaps in AI security and emphasize the need for layered defenses and regular prompt injection testing.
LegalPwn: Prompt Injection Steals NTLM Hashes via Outlook
Researchers disclosed a new technique called LegalPwn, showing how AI-driven document rendering in Microsoft Outlook can be abused to extract NTLM hashes automatically. This exploit allows attackers to capture authentication data without user interaction and use it for lateral movement or privilege escalation within networks. Organizations should patch affected systems and monitor for unusual authentication patterns.
Plague PAM Backdoor Targets Linux Authentication
Security experts discovered Plague PAM, a stealthy Linux backdoor that integrates directly into the Pluggable Authentication Module (PAM) framework. It enables attackers to bypass credential checks with hardcoded passwords, evade detection with obfuscation and anti-debugging measures, and persist through system updates. The malware has remained undetected by antivirus tools, posing a severe threat to enterprises relying on PAM-based access controls.