Robert Grupe's AppSecNewsBits 2025-04-25

EPIC FAILS in Application Development Security practice processes, training, implementation, and incident response
SSNs and more on 5.5M+ patients feared stolen from Yale Health
The healthcare org said it began mailing letters to affected patients on April 14, and recently disclosed to the US govt's Health and Human Services' Office for Civil Rights that more than 5.5 million people will receive these letters: 5,556,702 to be exact. This makes it one of the biggest healthcare privacy breaches this year, if not the biggest.
The healthcare giant admitted the intruders stole at least some patient data that, depending on the individual, may have included Social Security numbers; demographic info such as name, date of birth, address, telephone number, email address, race, or ethnicity; patient type; and medical record numbers.

Blue Shield of California leaked health data of 4.7 million members to Google
The exposure was caused by a misconfiguration of Google Analytics on certain Blue Shield sites. This resulted in the sensitive data potentially being shared with Google advertising platforms and advertisers.

WorkComposer: Employee monitoring app leaks 21 million screenshots in real time
The app, designed to track productivity by logging activity and snapping regular screenshots of employees’ screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame.
The leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide.

Hacking US crosswalks to talk like Zuck is as easy as 1234
Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.
The hacked crosswalks all appear to come from a common source: Polara, America's leading manufacturer of pedestrian signal systems.
All of it can be managed using the Polara Field Service app, which until recently was freely available on both the Google Play and Apple App Store. Unsurprisingly, it's now been pulled from both platforms - almost certainly in response to the recent wave of hijinks.
After installing the app, and linking the smartphone to a nearby crosswalk system via Bluetooth, the user can configure the spoken messages triggered by button presses.
As Polara's own documentation states, the default passcode is 1234 and it's up to the purchaser to change that in production. We'd wager most installers never bothered, or picked something easily guessable.

M&S stops online orders as 'cyber incident' issues worsen
Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing "cyber incident." Attackers will also use the incident to send out phishing emails, which are designed to look like genuine communications in relation to the incident but are actually aimed at tricking recipients into handing out their personal or financial information.

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
Sec Reporter demonstrated it was possible to provide an @aliyun[.]com email address for a random domain, and be issued certs for aliyun[.]com and www.aliyun[.]com – a webmail and public cloud service run by Chinese internet giant Alibaba.
SSL[.]com’s mishandling of the matter is scary because it means anyone who clocked the flawed DNS record validation process could request, and be issued, a TLS cert for someone else's website. Those certs could be used to spoof the legit site, and enable man-in-the-middle attacks, phishing, and more.
As part of the process of verifying that you control a domain name, SSL[.]com gives you the option of creating a _validation-contactemail DNS TXT record for the domain, with the value set to a contact email address. Once that DNS TXT record is present, and you request a certificate for the domain, SSL[.]com emails a code and URL to that contact address. You click the link and enter the code, and establish you are a controller of the domain and can get the certificate for your site.

Microsoft Entra account lockouts caused by user token logging mishap
Numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically. Impacted customers initially thought the account lockouts were tied to the rollout of a new enterprise application called "MACE Credential Revocation," installed minutes before the alerts were issued.
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. After realizing they logged actual account tokens, they began invalidating them, which accidentally generated the alerts and lockouts.

Microsoft mystery folder fix might need a fix of its own
The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft's mitigation for CVE-2025-21204, an exploitable elevation-of-privileges flaw within Windows Process Activation. Rather than patching code directly, Redmond simply pre-created the folder to block a symlink attack path. For many administrators, the reappearance of this old IIS haunt raised eyebrows, especially since the mitigation did little beyond ensuring the folder existed.
For at least one security researcher, the fix also presented an opportunity to hunt for more vulnerabilities. After poking around, he discovered that the workaround introduced a new flaw of its own, triggered using the mklink command with the /j parameter.
The kicker? No admin rights are required. On many default-configured systems, even standard users can run the same command, effectively blocking Windows updates without ever escalating privileges.

Emergency patch for potential SAP zero-day that could grant full system control
SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.
The NVD CVE-2025-31324 entry reads: "SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.”
[rG: SSDLC Yet another input validation design error, not tested for and remediated, prior to production release.]

HACKING

Hackers abuse Zoom remote control feature for crypto-theft attacks
Meeting invitations are sent through Calendly links to schedule a Zoom meeting. Since both Calendly and Zoom invites/links are authentic, they work as expected and lower the target's suspicions.
During the Zoom call, the attacker initiates a screen-sharing session and sends a remote control request to the target. The trick employed in this stage is that the attackers rename their Zoom display name to "Zoom," so the prompt the victim sees reads "Zoom is requesting remote control of your screen," making it appear as a legitimate request from the app. However, approving the request gives the attackers full remote input control over the victim's system.

Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI
These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed. The report found Americans lost $143.2 million to extortion scams and $12.5 million after ransomware infections. The FBI noted that the ransomware losses may be under-reported, and do not include the financial impact of lost business, time, wages, files, equipment, or third-party incident response and remediation services brought in to clean up the mess.
In 2024 extortion was the second-most frequently reported cybercrime overall with 86,415 complaints. For comparison, the top crime type last year, phishing and spoofing, generated 193,407 complaints. Ransomware was further down the list with 3,156 reports. But that's up from 2,825 incidents in 2023, and 2,385 in 2022.

Criminals target APIs as web attacks skyrocket globally
According to Akamai's State of Apps and API Security 2025 report, more than a third of web attacks targeted APIs, with 150 billion API attacks.
Most AI-powered APIs are externally accessible and many rely on inadequate authentication mechanisms - something criminals are taking advantage of.
The research also revealed a dramatic rise in Layer 7 (application-layer) distributed denial-of-service (DDoS) attacks against web applications and APIs.
This growth, Akamai said, is due to the growing sophistication of bot-driven attacks, the persistence of HTTPS flooding as a primary attack vector.
Other findings of the report included a rise of 32% in Open Worldwide Application Security Project (OWASP) API Security top 10–related incidents, with authentication and authorization flaws exposing sensitive data and functionality.
Security alerts related to the MITRE security framework were also up by 30%, as attackers move to advanced techniques such as automation and AI to exploit APIs.
One-third of malicious API transactions target shadow APIs.

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Verizon found that the proportion of breaches involving third parties rose from 15% in last year's dataset to 30% this year's report. This figure includes those breaches (incidents in which data loss was confirmed) caused by exploited software vulnerabilities and supply chain compromises.
Vendors and other business partners are expanding the attack surface by failing to enforce proper access controls, including preventing credential misuse.
In third-party environments, the median time to remediate leaked secrets, such as API keys or tokens discovered in public GitHub repositories, was 94 days, giving attackers ample opportunity to exploit them.
The report also highlights how credential reuse played a key role in several high-profile incidents, including a major Snowflake-related breach, where attackers used previously exposed credentials to access customer accounts due to the lack of mandatory multi-factor authentication (MFA).
[rG: SSDF/SSDLC protections of always placing 3rd party components into binary management systems that have daily vulnerability scanning and alerting; design and monitoring to ensure regular automated privileged accounts’ credential secret changes and data-at-rest sensitive fields encryption; security events logging, monitoring, and alerting.]

Today's LLMs craft exploits from patches at lightning speed
The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
"GPT-4 not only understood the CVE description, but it also figured out what commit introduced the fix, compared that to the older code, found the diff, located the vuln, and even wrote a PoC. When it didn't work? It debugged it and fixed it too."
Enterprises should treat every CVE release as if exploitation could start immediately. You no longer have days or weeks to react. You need to be ready to respond the moment the details go public.

Who needs phishing when your login's already in the wild?
The most commonly observed initial infection vector for ransomware infections was brute-force attacks (26%) followed by stolen credentials (21%).
Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.
Email tends to be noisier and easier to detect with phishing detection. There is an entire cybercrime business surrounding stolen credentials that promotes the sale – and use – of stolen credentials.
Exploits remained the top entry point overall for the fifth straight year.
In cloud compromises, however, phishing led at 39%, with stolen credentials close behind at 35%.

Ripple NPM supply chain attack hunts for private keys
The NPM package, xrpl, is a JavaScript/TypeScript library that devs use to interact with and build apps using the cryptocurrency ledger's features. This includes wallet and key management, payment channels, decentralized exchange, escrow, and so on.
The "sophisticated" attack involved installing backdoors on five versions of xrpl. These were designed to steal users' private keys and ultimately gain access to their wallets and funds.

Hackers can now bypass Linux security thanks to terrifying new Curing rootkit
While eBPF is often celebrated for its power and flexibility, it turns out that looking only at system calls leaves a dangerous blind spot when io_uring is in play. With Linux dominating the cloud-native space, this vulnerability could have serious consequences for countless businesses relying on these detection systems.

One Prompt Can Bypass Every Major LLM’s Safeguards
Research from HiddenLayer has uncovered what they’re calling a universal, transferable bypass technique that can manipulate nearly every major LLM—regardless of vendor, architecture or training pipeline. The method, dubbed “Policy Puppetry,” is a deceptively simple but highly effective form of prompt injection that reframes malicious intent in the language of system configuration, allowing it to circumvent traditional alignment safeguards.
Policy Puppetry introduces a “policy-like” prompt structure—often resembling XML or JSON—that tricks the model into interpreting harmful commands as legitimate system instructions. Coupled with leetspeak encoding and fictional roleplay scenarios, the prompt not only evades detection but often compels the model to comply.
A notable element of the technique is its reliance on fictional scenarios to bypass filters. Prompts are framed as scenes from television dramas—like House M.D.—in which characters explain, in detail, how to create anthrax spores or enrich uranium. The use of fictional characters and encoded language disguises the harmful nature of the content. This method exploits a fundamental limitation of LLMs: their inability to distinguish between story and instruction when alignment cues are subverted. It’s not just an evasion of safety filters—it’s a complete redirection of the model’s understanding of what it is being asked to do.
Perhaps even more troubling is the technique’s capacity to extract system prompts—the core instruction sets that govern how an LLM behaves. These are typically safeguarded because they contain sensitive directives, safety constraints, and, in some cases, proprietary logic or even hardcoded warnings.
In domains like healthcare, this could result in chatbot assistants providing medical advice that they shouldn’t, exposing private patient data or invoking medical agent functionality that shouldn’t be exposed. The same risks apply across industries: in finance, the potential exposure of sensitive client information; in manufacturing, compromised AI could result in lost yield or downtime; in aviation, corrupted AI guidance could compromise maintenance safety.
Rather than relying solely on model retraining or RLHF fine-tuning—an expensive and time-consuming process—HiddenLayer advocates for a dual-layer defense approach using external AI monitoring platforms, such as their own to provide intrusion detection systems, continuously scanning for signs of prompt injection, misuse and unsafe outputs.

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

Fog ransomware channels Musk with demands for work recaps or a trillion bucks
"Give me five bullet points on what you accomplished for work last week or you owe me a trillion dollars," a new line to Fog's updated ransom note reads.
It refers to one of Musk's earliest policies after he was installed as the head of the US Department of Government Efficiency (DOGE), one that has been consistently applied across all of his companies.

DOGE Auditing
According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts. The new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases. The new accounts also could restrict log visibility, delay retention, route logs elsewhere, or even remove them entirely.
One of the DOGE accounts had downloaded three external code libraries from GitHub that neither NLRB nor its contractors ever used. A “readme” file in one of the code bundles explained it was created to rotate connections through a large pool of cloud Internet addresses that serve “as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” requests-ip-rotator is described as a library that will allow the user “to bypass IP-based rate-limits for sites and services.” A newer version of this project that was derived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was committed to GitHub in January 2025 by DOGE captain Marko Elez.
Two other GitHub archives that DOGE employees downloaded to NLRB systems included Integuru, a software framework designed to reverse engineer application programming interfaces (APIs) that websites use to fetch data; and a “headless” browser called Browserless.
Berulis said he and his colleagues grew even more alarmed when they noticed nearly two dozen login attempts from a Russian Internet address (83.149.30,186) that presented valid login credentials for a DOGE employee account — one that had been created just minutes earlier. Berulis said those attempts were all blocked thanks to rules in place that prohibit logins from non-U.S. locations.
[rG: IP addresses are easy to forge and used by security testers to verify security boundary settings.]
The naming structure of one Microsoft user account connected to the suspicious activity suggested it had been created and later deleted for DOGE use in the NLRB’s cloud systems: DogeSA_2d5c3e0446f9@nlrb[.]microsoft[.]com. He also found other new Microsoft cloud administrator accounts with nonstandard usernames, including “Whitesox, Chicago M.” and “Dancehall, Jamaica R.” The DOGE accounts created an opaque, virtual environment known as a “container,” which can be used to build and run programs or scripts without revealing its activities to the rest of the world.
Whistleblower: DOGE Siphoned NLRB Case Data
DOGE Worker’s Code Supports NLRB Whistleblower
Dems fret over DOGE feeding sensitive data into random AI
The Dems wrote a stern letter to the White House's Office of Management and Budget (OMB), saying that DOGE's reported use of AI runs afoul of several federal laws and the OMB's own AI directives, and is unlikely to be in compliance with FedRAMP standards for cloud software security.
Beyond that, the Reps believe Musk, who as well as SpaceX and Tesla runs OpenAI rival xAI, is self-dealing by using his own Grok-2 AI model to ingest government data.
[rG: Very interesting case study for security professionals to follow: separation of duties protections, authorized auditing access, immutable logging, GenAI use and training, sensitive data chain-of-custody protection, etc., etc.]

APPSEC, DEVSECOPS, DEV

CVE, global source of cybersecurity info, was hours from being cut by DHS
The nonprofit MITRE runs CVE and related programs (like Common Weakness Enumeration, or CWE) on a contract with the US Department of Homeland Security (DHS). The most recent contract for MITRE to maintain CVE involves a potential payout of about $40 million, launched on April 26, 2024, and potentially expiring on April 25 of this year. Homeland Security Secretary Kristi Noem has sought cuts at the agency, which GOP lawmakers have targeted for allegedly censoring conservative viewpoints Nextgov reports that CISA's extension is for 11 months.
CVE fallout: The splintering of the standard vulnerability tracking system has begun
The European Union Agency for Cybersecurity (ENISA) developed and maintains this alternative, which is known as the EUVD, or the European Union Vulnerability Database. The EU mandated its creation under the Network and Information Security 2 Directive, and ENISA announced it last June.
Alternatives to MITRE CVE

• VulnDB – A commercial vulnerability database by Risk Based Security, covering more vulnerabilities than CVE.

• China National Vulnerability Database (CNVD) – China’s national vulnerability catalog.

• Japan Vulnerability Notes (JVN) – Japan’s national vulnerability database.

• Open Source Vulnerability Database (OSVDB) – Discontinued but was a significant open-source alternative.

Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups
AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.
We've already seen plenty of examples of what could go wrong with insecure models. The potential for harm spans everything from leaking sensitive data to hallucinating — which is bad enough if the models are being used to generate code but can have life-threatening consequences in some sectors, like healthcare.

El Reg's essential guide to deploying LLMs in production
You can spin up a chatbot with Llama.cpp or Ollama in minutes, but scaling large language models to handle real workloads – think multiple users, uptime guarantees, and not blowing your GPU budget – is a very different beast. 

VENDORS & PLATFORMS

Google Chrome will now continue to use third-party cookies
It’s a move that amounts to a U-turn on the Chrome team’s earlier updated approach to deprecating third-party cookies, announced in July last year, with the latest development bound to cause ructions across the ad tech ecosystem.

IBM z17 Redesigns the Mainframe for the AI Era
IBM z17 is the culmination of five years of design and development which included the filing of more than 300 patent applications.

New study shows why simulated reasoning AI models don’t yet live up to their billing
In the new research paper, "Proof or Bluff? Evaluating LLMs on 2025 USA Math Olympiad," when presented SR models with problems from the 2025 US Math Olympiad hosted by the Mathematical Association of America, most models scored below 5% correct on average when generating complete mathematical proofs. Proofs require explaining your reasoning and showing why something must be true, not just giving an answer. Google's Gemini 2.5 Pro, achieved a higher average score of 10.1 out of 42 points (~24%). OpenAI's o3-mini had the lowest average score at just 0.9 points (~2.1%).
The aforementioned performance gap between math problems and proofs exposes the difference between pattern recognition and genuine mathematical reasoning. Current SR models function well at tasks where similar patterns appear in training data, allowing for relatively accurate numerical answers. But they lack the deeper "conceptual understanding" required for proof-based mathematics, which demands the construction of novel logical arguments, representation of abstract concepts, and adjusting approaches when initial methods fail.

OpenAI’s New o3/o4-mini Models Add Invisible Characters to Text, Sparking Watermark Debate
Open AI o3 and o4-mini models now are including special Unicode hidden characters within longer text. Unicode is a standard for encoding characters from different writing systems; these specific characters, primarily the Narrow No-Break Space (NNBSP, U+202F), render identically to standard spaces in most views but possess distinct underlying codes detectable with specialized tools like SoSciSurvey’s character viewer or code editors such as Sublime Text.
This pattern seems systematic, absent in tests of older models like GPT-4o, and posited it was an intentional, though easily defeatable, watermark. The method involves a simple find-and-replace to remove the characters, a process demonstrated in a video.

Microsoft 365 Copilot gets a new crew, including Researcher and Analyst bots
These new agents are available in the shiny new Agent Store, which also features offerings from various partners including Jira, Monday[.]com, and Miro, among others. Custom-built agents are in the mix too, giving companies the option to automate specific tasks or provide Copilot with access to specific data.
The Researcher agent is intended to assist with multi-step research tasks, similar to the OpenAI deep research agent. Microsoft's demonstration video of the process shows an agent being asked to come up with a marketing plan. Imagine you are an ambitious but not very clever intern and your employer's crack marketing team comes down with food poisoning after a recommendation engine's suggestion to try a trendy found shellfish pop-up. You'd be thrilled to have an agent like Researcher craft a passable marketing plan for which you could take credit.
"Analyst is built on OpenAI's o3-mini reasoning model, and optimized to do advanced data analysis at work, including knowing when and how to use Python. So even if you've never written a single line of code, you can still get the rich data insights only Python can provide." You may not be able to understand the code, but Microsoft's AI can explain it to you. Progress, apparently.

Google admits depreciation costs are soaring amid furious bit barn build
Google says the mega capital splurge on datacenters in recent years is putting more strain on its balance sheet due to rising depreciation costs, yet it still plans to splash $75 billion on bit barns in 2025. Google owns and operates 135 datacenters across the world and uses colocation providers as part of its cloud interconnect services. Yet the CFO admitted it is still not able to entirely meet customer demand.
Microsoft pledged to fork out $80 billion on new bits barns in 2025, AWS said it will outspend the $75 billion it used last year and Meta is projecting costs of $60 billion to $65 billion.

LEGAL & REGULATORY

Yahoo will give millions to a settlement fund for Chinese dissidents, decades after exposing user data
A lawsuit to hold Yahoo responsible for “willfully turning a blind eye” to the mismanagement of a human rights fund for Chinese dissidents was settled for $5.425 million last week, after an eight-year court battle. At least $3 million will go toward a new fund.
This ends a long fight for accountability stemming from decisions by Yahoo, starting in the early 2000s, to turn over information on Chinese internet users to state security, leading to their imprisonment and torture. After the actions were exposed and the company was publicly chastised, Yahoo created the Yahoo Human Rights Fund (YHRF), endowed with $17.3 million, to support individuals imprisoned for exercising free speech rights online.
But in the years that followed, its chosen nonprofit partner, the Laogai Research Foundation, badly mismanaged the fund, spending less than $650,000—or 4%—on direct support for the dissidents. Most of the money was, instead, spent by the late Harry Wu, the politically connected former Chinese dissident who led Laogai, on his own projects and interests.

Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online
Noyb has asked Austrian data protection authorities to investigate the French game studio, which publishes titles in popular series including Far Cry, Assassin's Creed, Watch Dogs, and others, for violations of article 6(1) of the EU's General Data Protection Regulation (GDPR) for forcing players online when a game doesn't have any online functionality.
Based on Ubisoft's turnover of more than €2 billion, the data protection authority could issue a fine of up to €92 million [$104 million].
Ubisoft might be the poster child in this instance. However, lots of game studios are guilty of similar customer-frustrating behavior. Microsoft requires Halo Infinite to be online even if the player is just going it alone, as does Activision-Blizzard, which did the same with Diablo III, published years before its purchase by Microsoft. Electronic Arts, Sony, and other publishers have also followed suit with past and present titles.