Recruitment Red Flags: Can You Spot a Spy Posing as a Job Seeker?
Back in July 2024, cybersecurity vendor KnowBe4 began to observe suspicious activity linked to a new hire. The individual began manipulating and transferring potentially harmful files and tried to execute unauthorized software. He was subsequently found to be a North Korean worker who had tricked the firm’s HR team into gaining remote employment. The incident underscores that no organization is immune from the risk of inadvertently hiring a saboteur. Identity-based threats aren’t limited to stolen passwords or account takeovers, but extend to the very people joining your workforce. As AI gets better at faking reality, it’s time to improve your hiring processes.
Source: WeLiveSecurity

When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Researchers discovered a new attack technique, named agent session smuggling, allowing a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. The attack abuses the Agent2Agent (A2A) protocol’s stateful behavior to inject hidden commands within normal communications. Unlike one-time data poisoning, this attack leverages ongoing interaction to build trust and manipulate victim agents over multiple exchanges, representing a growing threat in AI ecosystems.
Source: Unit42

Cloud Abuse at Scale
Identity compromise remains one of the most pressing threats to cloud infrastructure today. When attackers gain access to valid credentials, they can bypass security controls and abuse cloud services such as AWS Simple Email Service (SES) for large-scale spam or phishing operations. Fortinet researchers observed a campaign leveraging stolen AWS keys to conduct email operations using an infrastructure dubbed TruffleNet, built around the TruffleHog tool to systematically test and exploit compromised credentials.
Source: Fortinet

Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector
Cyble researchers identified a malware campaign distributing weaponized ZIP archives disguised as Belarusian military documents targeting drone operation units. The multi-stage infection uses anti-sandboxing and obfuscated PowerShell execution to deploy a backdoor combining OpenSSH for Windows with a Tor hidden service. The backdoor leverages obfs4 obfuscation and advanced evasion to maintain stealth and persistence within defense networks.
Source: Cyble

Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report
Hacktivist activity targeting critical infrastructure increased significantly in Q3 2025, accounting for 25% of all hacktivist incidents by September. While DDoS and website defacements remain common, groups are increasingly targeting industrial control systems (ICS), data breaches, and ransomware operations. Notable threat actors include Z-Pentest, Dark Engine, Golden Falcon Team, and Sector 16, indicating a broad ideological and geopolitical expansion of hacktivist campaigns.
Source: Cyble