AWS botnet smacks 28 countries, LLMs help malware authors evade detection, Anthropic pressed over Claude espionage

Subscribe to the CISO Series on YouTube for daily news videos and podcasts

A Mirai-based botnet called ShadowV2 surfaced during October’s major AWS outage, exploiting vulnerabilities in IoT devices from multiple vendors. Fortinet says the botnet infected devices across 28 countries and may have been a test run for future attacks, though it vanished once the outage ended. ShadowV2 spreads via a downloader script and behaves similarly to the LZRD Mirai variant, allowing DDoS attacks through a command-and-control server. (The Register)

Google’s Threat Intelligence Group says attackers are using malware with large language models at runtime to evade detection. Samples include tools that ask models like Gemini or Hugging Face to rewrite code, generate system-specific commands, or help locate secrets. Researchers warn these techniques resemble early polymorphic malware and could make attacks more adaptive, though they remain detectable today due to their reliance on external AI service calls. (Dark Reading)

The US House Homeland Security Committee has summoned Anthropic CEO Dario Amodei to testify on December 17th about a likely Chinese espionage campaign that used Anthropic’s AI, Claude, to target at least 30 organizations. Lawmakers praised Anthropic for disclosing the attack but called it a “significant inflection point” for U.S. cybersecurity. The hearing will focus on how AI, quantum computing, and cloud infrastructure are reshaping state-sponsored cyber threats.(CyberScoop)

A high-severity flaw in the node-forge JavaScript cryptography library let attackers bypass signature verification by crafting malformed ASN.1 data that the library incorrectly treated as valid. Palo Alto Networks reported the issue, which could allow authentication bypass or tampering in apps that rely on node-forge. The library sees roughly 26 million weekly downloads. A fix shipped in version 1.3.2, and developers are urged to update immediately. (BleepingComputer)

The Shai-Hulud v2 supply chain attack has expanded from npm to Maven, compromising more than 830 npm packages and exposing thousands of secrets. Malware embedded in these packages backdoors developer machines, harvests API keys, cloud credentials, and GitHub tokens, and exfiltrates them to randomly named public repositories. By exploiting misconfigurations, the attack affects more than 28,000 repositories. Security firms urge rotating keys, auditing dependencies, removing compromised packages, and hardening development pipelines to prevent further spread. (The Hacker News)

OpenAI’s ChatGPT Atlas browser launched in October. It includes agentic AI capable of autonomous tasks, but this expands the risk of prompt injections. Direct or even indirect injections could expose sensitive data, execute code, or compromise networks of agents. Experts warn the problem grows as agents gain tool access and autonomy, making attacks more dangerous. Mitigations include strict least-privilege access, sandboxing, human oversight, and treating untrusted input as hostile. (Dark Reading)

The Global System for Mobile Communications Association (GSMA) says fragmented, poorly designed regulations for mobile operators are driving up costs without making networks safer. In a new report, the group says overlapping laws and duplicate reporting force operators to spend as much as half their security teams’ time on compliance instead of threat mitigation. The GSMA wants governments to simplify rules, align with international standards like ISO 27001 or NIST, and shift toward coordinated, outcomes-focused frameworks. (The Register)

Comcast will pay a 1.5 million dollar FCC fine after third-party debt collector FBCS was hacked in 2024, exposing data on roughly 274,000 customers. FBCS waited five months to notify Comcast and had repeatedly claimed no Comcast data was affected. Attackers stole names, addresses, Social Security numbers, dates of birth, and account numbers. Under the settlement, Comcast has to tighten vendor oversight, run biannual risk assessments, and report violations for three years. (BleepingComputer)

Spotify, Apple Podcasts, YouTube, RSS link, Amazon Music, add as an Alexa Skill, or search “Cyber Security Headlines” on your favorite podcast app.