CyberDudeBivash Threat Intel — Global Cybersecurity News, CVE Reports & AI Security Updates

  Executive summary Researchers at Radware disclosed ShadowLeak , a zero-click indirect prompt-injection flaw in ChatGPT’s Deep Research agent that, when connected to Gmail (and browsing enabled), could exfiltrate inbox data via a single crafted email —with no user interaction and no visible UI cues . OpenAI confirmed and patched the issue before public disclosure (September 18–20, 2025). The attack is notable for being service-side : data leaves OpenAI’s cloud rather than the user’s device, making enterprise detection far harder. SecurityWeek +3 radware.com +3 radware.com +3 What is Deep Research and why it was exposed Deep Research lets users delegate multi-step tasks to an agentic AI that can browse and access connected data sources (e.g., Gmail, Google Drive) to compile findings. The agent will read emails/attachments as part of its task plan. This connective power, combined with prompt-following , makes it high-impact if an attacker can plant hidden instructions t...

  Executive Summary A newly discovered malware strain, MalTerminal , incorporates Large Language Model (LLM) capabilities into its attack lifecycle — marking a significant leap in the evolution of malicious software. Unlike traditional malware, MalTerminal doesn’t just deliver payloads or exfiltrate data: it can analyze, adapt, and communicate using natural language to trick users, bypass defenses, and dynamically reconfigure its operations. This is a dangerous precedent: we are now entering the era of LLM-enabled malware , where AI is no longer just a defensive tool, but also an offensive cyber weapon. 1. What is MalTerminal? A modular malware platform embedding LLM inference modules . Supports on-device or remote LLM execution , depending on victim hardware/network. Key feature: interactive capability — it can respond intelligently in phishing windows, fake terminals, or chat interfaces. Unique Features Observed: Adaptive Phishing & Social Engineering ...

  Executive Summary Two teenage suspects, Thalha Jubair (19) from East London and Owen Flowers (18) from Walsall, have been arrested by UK authorities for their alleged roles in a 2024 cyberattack on Transport for London (TfL). Jubair is also facing U.S. federal charges tied to 120+ network intrusions, wire fraud, money laundering and extortion allegedly carried out in affiliation with the hacking group Scattered Spider . The estimated damage is in the tens of millions of pounds/dollars. Tom's Hardware +3 BankInfoSecurity +3 Security Affairs +3 What Happened UK’s National Crime Agency (NCA) and police arrested Jubair and Flowers at their homes. Cybersecurity Dive +2 The Hacker News +2 The U.K. charges include conspiring to commit unauthorized acts under the Computer Misuse Act, specifically for the TfL hack of August 31, 2024 . The Hacker News +2 Security Affairs +2 Jubair also faces an indictment in the U.S. for his alleged involvement in more than 120 intrusions ta...

  Executive Summary A cyberattack has hit Collins Aerospace (a U.S-based aviation/defense tech provider under RTX Corp.), crippling its Muse check-in and boarding software . This has disrupted electronic check-in, baggage drop, and boarding at several major European airports—Heathrow, Brussels, Berlin, Dublin—leading to delays, cancellations and forcing manual workarounds. This attack lays bare how reliant modern airports are on third-party systems and exposes serious risk in aviation supply chains. Reuters +2 The Guardian +2 1. What we know so far The impacted system is Muse , software by Collins Aerospace used at check-in desks, for boarding, printing bag tags & boarding passes. Reuters +2 Financial Times +2 Electronic check-in & baggage drop services are disabled or impaired at affected airports. Self-service kiosks / online check-in remain functioning for many. AP News +2 CBS News +2 Airports most affected: Brussels (heavy ongoing cancellations, many fligh...