As AI-generated content continues to blur the lines between real and synthetic media, cybercriminals are exploiting this trend by creating fake AI video generation platforms to distribute the Noodlophile Stealer malware, luring users into downloading malicious files under the guise of innovative AI tools. Simultaneously, security researchers have uncovered a sophisticated exploitation technique using BOFs to extract Microsoft Entra tokens from compromised systems. Meanwhile, in a major crackdown on cybercrime, German authorities have seized the eXch crypto exchange, which allegedly laundered over $1.9 billion in illicit funds, including proceeds from the Lazarus Group-linked Bybit hack. Continue reading for the cybersecurity updates from the weekend.
01
Cybercriminals are distributing the new Noodlophile Stealer malware by creating fake AI video generation platforms that trick users into downloading malicious files disguised as AI-generated content.
02
A new exploit method has been found that uses Beacon Object Files (BOFs) to extract Microsoft Entra tokens from compromised devices, including non-domain-joined or BYOD devices.
03
The iClicker website was compromised in a ClickFix attack that used a fake CAPTCHA to trick students and instructors into executing malware via PowerShell commands.
04
Attackers are leveraging blob URLs to create locally rendered phishing pages that bypass SEGs and evade detection by traditional security tools.
05
Attackers have been exploiting legacy authentication protocols in Microsoft Entra ID, particularly BAV2ROPC, to bypass modern security measures like MFA and Conditional Access, enabling automated credential attacks across global infrastructures.
06
German police have seized the eXch crypto exchange for laundering $1.9 billion, including funds from the Lazarus-linked Bybit hack, confiscating $36.7 million (~ €34 million) in crypto and 8TB of data.
07
Microsoft has patched four critical vulnerabilities in Azure and Power Apps, including a CVSS 10.0-rated flaw in Azure DevOps pipelines that could have allowed attackers to escalate privileges, spoof services, or access sensitive data.
08
Two vulnerabilities have been discovered in Mitel’s 6800, 6900, and 6900w Series SIP Phones that allow arbitrary command execution (CVE-2025-47188) and unauthenticated file uploads (CVE-2025-47187).
09
A critical double-free vulnerability, CVE-2024-26809, has been identified in the Linux kernel's nftables subsystem, which could allow local attackers to gain root access by executing arbitrary code.
10
Sensiba, an accounting and business advisory firm, has announced its acquisition of AssuranceLab, an Australian cybersecurity company.
