Why I’m Writing This

The past few month a lot of customers and lead are continuous asking to rank higher in AI search engines.

So, ofc we put hands in work to research all the techniques to rank high and create our own heavy “GEO checklist”. I’ve been geeking out over how AI answer engines (ChatGPT, Perplexity, Google AI Overviews, etc.) keep stealing the top of the page. But with my cyber mindset always on i found a lot of posible complications in the future when this type of searches arrive to the mainstream. Below I wrote some reflections in the perspective of trust, security and IP.

But wait… What is GEO?

GEO, Generative Engine Optimization = convincing large-language-model search to quote you first, not your competitors.

But here one thing in common is that LLMs love to hallucinate and overshare. A new study from Columbia Journalism Review showed that AI search engines and chatbots, such as OpenAI's ChatGPT Search, Perplexity, Deepseek Search, Microsoft Copilot, Grok and Google's Gemini, are just wrong, way too often.

If you want to learn of how SEO change to GEO and how companies are trying to rank higher in AI Search Engines, you can read this blog!

⚠️ Five Risk Vectors Hiding in AI Search

1. Hallucination Hype → Brand & Safety Damage

When Google’s AI told users to eat a rock a day for minerals (or and the pizza-glue fiasco) it scraped decade-old joke posts from Reddit and spat them back as culinary advice. Imagine if the source if your brand website...

Mitigation: Publish concise, up-to-date FAQ blocks that AI can lift verbatim. Monitor answers weekly with some AI Search Monitoring tools.

2. Prompt-Injection & Data Spill

Security researchers keep jail-breaking Bing and ChatGPT with crafty prompts, exposing hidden system messages and policy text.

Mitigation: Treat AI crawlers like untrusted users, rate-limit unknown referrers, sanitize user-generated content, and log GPTBot traffic for anomalies. Cloudfare have the Trapping misbehaving bots in an AI Labyrinth technique.

3. Malicious Link Poisoning

Cyber-crooks are already gaming answer engines: Malwarebytes found fake “AI video generators” ranking in LLM answers that redirect to info-stealers.

Mitigation:

• Enforce HTTPS and HSTS across all sub-domains.

• Run a real-time threat-intel feed against outbound links you publish.

• Set up Google Safe Browsing & Microsoft SmartScreen API checks before you ever embed a link.

4. Copyright & IP Minefields

The New York Times is suing OpenAI and Microsoft for training models on paywalled articles. Courts haven’t decided whether ingesting your content counts as “fair use” but we will see more like these issues in the future, and as one my friends says, once it is published in internet, you can not control what people is going to do with that…

Mitigation:

• Add llms.txt alongside robots.txt to spell out what parts of your site the bots may crawl.

• Watermark premium PDFs and hide them behind authentication (probably this is the only one that will mitigate and stop OpenAI).

• Pick clear licenses (e.g., CC-BY-NC) for any free resources.

5. Compliance (EU AI Act & Others)

From February 2025 the EU AI Act starts penalizing “high-risk” AI deployments fines up to €35 million or 7 % of global turnover. Even if you only use AI search widgets on-site, you’re a “deployer” with transparency duties.

Mitigation: Keep an AI-asset inventory, record which models touch personal data, and add a short disclosure banner for EU visitors.

Welcome to the fifth edition of the Cyber Threats Newsletter. The goal is to deliver weekly updates with the latest in cyber threats, to help accelerate innovation and collaboratively build a more secure future!

We spent this weekend at HackBCN'24 and built Security Agents for AWS GuardDuty alerts

I've just arrived in Barcelona a week ago, and I've already participated in HackBCN, the city's first AI Hackathon. Nico and team did an excellent job organizing the event!

The challenge

The hackathon's brief was open: "build something cool with AI." With such a broad scope, we decided to focus on a specific pain point in cloud security. Anyone who's used AWS GuardDuty knows the challenge that analyzing numerous alerts can be time consuming and often tedious. We set out to change that.

What did we build in only 30h?

We created AI agents to automate the work typically done by cloud security engineers:

1. Alert Triage: An agent to quickly assess the severity and urgency of incoming alerts.

2. Data Enrichment: We integrated external APIs like AbuseIPDB, SecurityTrails, and ExaAI to gather additional context for each alert.

3. Correlation and Analysis: An agent to connect the dots between different data points and identify patterns.

4. Remediation Suggestions: Using RAG (Retrieval Augmented Generation) with AWS Playbooks for Incident Response, we created an agent to recommend actionable steps.

5. Report Generation: Finally, an agent to compile all findings into a comprehensive, easy-to-understand report.

We used both Mistral and GPT-4o models, but GPT-4o performed much better for our agents, thanks to its speed and larger context window.

Next Steps

Looking ahead, we plan to:

• Expand dynamically our RAG database

• Add more use cases

• Extend support to multiple cloud platforms (Azure and GCP)

The hackathon was an exciting experience, showing the potential of Barcelona and its people.

Here you can see the demo presentation:

And if you like these types of projects, you can take a look at the OpenAI Cybersecurity Grant Program that aims to empower defenders by highlighting innovative research and AI integration in cybersecurity

Week in review

14 Million OpenSSH Servers Potentially Vulnerable to “regreSSHion” Bug

Qualys Threat Research Unit (TRU) has identified a severe remote unauthenticated code execution (RCE) vulnerability in OpenSSH's server (sshd) affecting glibc-based Linux systems, with a potential to compromise over 14 million instances globally.

The vulnerability, now tracked as CVE-2024-6387 and dubbed “regreSSHion,” allows unauthenticated, remote attackers to execute code as root on affected systems, posing a significant security risk.

New Mac Stealer ‘Poseidon’ Spreads via Arc Browser Google Ads

A new Mac stealer named “Poseidon” is being distributed via malicious Google ads targeting people looking to download the popular Arc browser, according to a report by Malwarebytes. The stealer, developed by a cybercriminal known as Rodrigo4, is designed to exfiltrate sensitive information from infected devices and is actively being promoted on underground forums.

Polyfill.io JavaScript supply chain attack impacts over 100K sites

Cybersecurity company Sansec warned that the polyfill.io domain and service was purchased earlier this year by a Chinese company named 'Funnull' and the script has been modified to introduce malicious code on websites in a supply chain attack.

Interesting Interviews, Tools and More

Sandwich Attack: Multi-language Mixture Adaptive Attack on LLMs

"we introduce a new black-box attack vector called the Sandwich Attack: a multi-language mixture attack, which manipulates state-of-theart LLMs into generating harmful and misaligned responses"

Is it safe to let your password manager autofill your password?

Struggling to keep track of all your passwords? You’re not the only one. Password managers(new window) exist because it’s difficult to keep track of hundreds of logins and all their various passwords.

ChatGPT 4 can exploit 87% of one-day vulnerabilities

During the study, the team used 15 one-day vulnerabilities that occurred in real life. One-day vulnerabilities refer to the time between when an issue is discovered and the patch is created, meaning it’s a known vulnerability. Cases included websites with vulnerabilities, container management software and Python packages. Because all the vulnerabilities came from the CVE database, they included the CVE description.

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!

Welcome to the fourth edition of the Cyber Threats Newsletter. The goal is to deliver weekly updates with the latest in cyber threats, to help accelerate innovation and collaboratively build a more secure future!

You can have the best security in place that 3 experts with an extension developed in 30 min can hack your company

Today, I want to take some time to analyze the blog series published about how they released a malicious VSCode extension, then proceeded to analyze the marketplace to find other malicious extensions, and finally published a solution. Additionally, it covers how a company with in-house developers faces a series of specific threats.

What I most like is why they say they did it: Because they love security and love building products.

First, some facts:

• VSCode is one of Microsoft’s successful ventures embracing the open-source world.

• Over 15 million monthly users.

• The VSCode Marketplace hosts around 60,000 extensions from approximately 45,000 different publishers.

• The average developer installs 40 extensions in their IDE.

They decided to take the popular Dracula theme named “Dracula Official” (with over +6,000,000 installs) and create his own copycat “Darcula Official”. Funny right? I declare myself a fan of the Dracula theme.

Only having a domain, they obtain the blue check:

What they did?

Each time a victim opens a document on the editor, they read the code and send it to their server and additionally send a beacon to the sever with information on the host machine, such as the hostname, domain, platform, number of extensions, etc…

After some days, they had hundreds of victims and what is more interesting is that some of this victims are inside multi-billion dollar companies all of which are widely known, inside one of the biggest security companies in the world, and in a certain country’s justice court network.

So, after expending millions in security, these big companies were hacked by a VSCode extension developed in 30 min.

Next step: Expose malicious extension in the marketplace

By installing an extension, this in turn means giving the extension publisher full access to the host environment.

In their investigation they found a reverse shell inside an extension claiming to be a code beautifier:

And some interesting numbers:

• 87 extensions that attempt to read /etc/passwd file on the host system.

• 8161 extensions that communicate with a hardcoded IP address from JS code.

• 1,452 extensions that run an unknown executable binary or DLL on the host machine.

• 145 extensions’ code and resources were flagged with high confidence by VirusTotal.

• Got a shiny new AI policy in your organization? 783 extensions were found to use third-party AI models as part of their functionality.

They create a tool: Extensiontotal

To help assess the risk of VSCode extensions to provide a way for organizations to mitigate this risk today. Similar to VirusTotal but for the VSCode extensions.

If you want to know what extensions are installed in your organization, they developed a Jamf script that by deploying on each endpoint, lists all extensions installed on VSCode and runs them through ExtensionTotal to find the risk score of all extensions inside the organization.

The challenge in companies with many developers

One of the biggest security design flaws in VSCode extensions is the lack of any permission model. Any extension can perform any API action without restrictions. This means VSCode extensions can spawn child processes, execute system calls, and import any NodeJS package, making them highly risky.

Having many developers in a company exposes you to a different set of threats compared to those without developers. Developers typically need more privileges on their machines, and some tools, like VSCode, often run in root mode.

Additionally, developers possess the knowledge to bypass web proxies and often handle sensitive data, such as API keys (which can be exposed in personal GitHub repositories). It becomes challenging to know what data is being shared and what isn’t.

To complicate matters further, consider the variable of AI. For example, a recent post explained how the GitHub Copilot Chat VSCode extension was vulnerable to data exfiltration via prompt injection when analyzing untrusted source code.

Understanding these risks and implementing proper security measures is crucial for companies with a significant number of developers.

Week in review

Breaking the internet for a while

This way you can "break" the internet for a while. An ASN (AS9498 Bharti Airtel) advertises a very large IP range (96.0.0.0/3, which is 536,879,921 IP addresses) and its providers accept and propagate it. This way, traffic that wants to go up to the IP ranges 96.0.0.0 to 127.255.255.255 reaches that ASN.

Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain

The scammer responsible for the computer attack on 45 companies in the United States. This is a young man of British nationality, 22 years old, leader of an organized group dedicated to the theft of information from companies and cryptocurrencies and managed to gain control of 391 bitcoins worth more than 27 million dollars. The arrest of the suspected Scattered Spider leader was coordinated by Spanish police and the FBI

Threat actors are actively exploiting Solarwinds Serv-U Bug CVE-2024-28995

Threat actors are actively exploiting a recently discovered vulnerability, tracked as CVE-2024-28995, in SolarWinds Serv-U software. The high-severity directory transversal issue allows attackers to read sensitive files on the host machine. Experts at threat intelligence firm GreyNoise reported that threat actors are actively exploiting using the public available proof-of-concept (PoC) exploit code.

US bans Kaspersky antivirus software due to national security risks

The US Department of Commerce has announced an upcoming US-wide ban of cybersecurity and antivirus software by Kaspersky, as its “ability to gather valuable US business information, including intellectual property, and to gather US persons’ sensitive data for malicious use by the Russian Government pose an undue or unacceptable national security risk”.

Interesting Interviews, Tools and More

OpenCTI open source platform to manage cyber threat intelligence

OpenCTI has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.

Hiddenlayer collaborates with Microsoft Azure AI to enhance model security

HiddenLayer announced today Microsoft Azure AI as a new user of its Model Scanner. The Model Scanner will scan third-party and open-source models in the model collection curated by Azure AI, providing verification that they are free from cybersecurity vulnerabilities, malware, and other signs of tampering.

Darknet Diaries Podcast

I want to personally recommend a podcast that I normally listen to and find different and recommendable, with really good guests and stories

More:

• New Release of Nuclei (v3.2.9)

• Attackers deploying new tactics in campaign targeting exposed Docker APIs

• Proton is transitioning towards a non-profit structure

• AWS’s head of security shares 7 reasons why security will always be Amazon’s top priority

• Phishing campaign exploits vulnerability in Windows Search

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!

Welcome to the third edition of the Cyber Threats Newsletter. The goal is to deliver weekly updates with the latest in cyber threats, to help accelerate innovation and collaboratively build a more secure future!

Why it’s time to shift focus from mundane tasks to real threats?

The daily day of cybersecurity teams often contrasts with the exciting image of finding advanced adversaries. Many times, their days are consumed with tasks that add little value and lead to burn-out and waste resources from real threat detection and response.

The reality is that, although teams need to prepare for high-profile incidents and APTs, most of their work is not directly related to these or gets lost among many tools with little focus.

To improve this situation, it's crucial to develop tools and strategies that automate routine tasks, optimize workflows and are driven by data, freeing up teams to focus on what really matters: proactive detection and rapid response to threats.

For example, starting with ensuring that the entire team understands the top threats their company (or clients) faces. From there, they can explore how these can be exploited, for example, using the MITRE ATT&CK framework. KPIs should measure not only Mean Time to Response (MTTR) but also the coverage level over the defined top threats.

Solutions, whether in-house or commercial, should be easy to use and maintain, and should seamlessly integrate with the daily operations of security teams and data systems (like date warehouses), ultimately empowering security analysts to focus on what's important.

Because one important thing to understand is that attackers only need to find one weak point to exploit!

Years ago, while I was in the SOC of a national cybersecurity agency, we detected a Monero miner exploiting a Java remote code execution vulnerability. Many years later, I read this article where machines running Kubernetes are now being used to mine DERO (the initial access vector is an externally accessible Kubernetes API server with anonymous authentication enabled [T1190]), and I think, if after so many years we continue with the same types of attacks without being able to react in time, it's clear that we must seek continuous processes that proactively search for cyberattacks and respond to them in real time, moving away from traditional security solutions that react only once known threats have been identified.

Now you might be asking… how? The reality is that it’s not easy, but I suggest starting by rethinking Level 1 with a threat-driven mindset!

Week in review

New York Times source code stolen using exposed GitHub token

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer.

As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data.

A Critical Auth Bypass In Veeam Backup Enterprise Manager (CVE-2024-29849)

The exploit targets Veeam’s API by sending a specially crafted VMware single-sign-on (SSO) token to a vulnerable service. Then a server under the control of the attack responds positively to the validation, granting the attacker administrator access.

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise.

AWS unveils new and improved security features

At its annual re:Inforce conference, Amazon Web Services (AWS) has announced new and enhanced security features and tools. Like simplify AWS CloudTrail log analysis with natural language query generation in CloudTrail Lake.

Interesting Interviews, Tools and More

Apple Private Cloud Compute: A new frontier for AI privacy in the cloud

Apple created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. For the first time ever, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple.

YetiHunter: Open-source threat hunting tool for Snowflake environments

A threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise.

Emulate APTs lab

Solve emulated APT-level incidents in a lab environment from reconnaissance to exfiltration. These technical labs are designed to test your incident response abilities against APT-level threats.

MalSearch: Malware Source Code Search Engine

A dedicated place to Search, Bookmark, Copy and Download all Malware source code and projects available on the internet. By https://twitter.com/_Ghast1y

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!

Welcome to the second edition of the Threat Intelligence Newsletter. The goal is to deliver weekly updates with the latest in threat intelligence and cybersecurity related, to help accelerate innovation and collaboratively build a more secure future!

Week in review

Russian Threat Actors Pose High Risk to 2024 Paris Olympics

According to Google Cloud’s Mandiant cybersecurity team, the 2024 Paris Olympics is facing cyber threats ranging from espionage, disruption, destruction, hacktivism, influence, and financially motivated activities.

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

An unknown threat actor with equally unknown motives forces ISP to replace routers. According to Black Lotus Labs, the routers—conservatively estimated at a minimum of 600,000—were taken out by an unknown threat actor with equally unknown motivations. The attacker used Chalubo and perhaps used custom Lua scripts to replace/wipe the router firmware:

Malicious VSCode extensions with millions of installs discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

Ideas Corner

Productivity, Security and Microsoft Recall

Tools like Perplexity or chatGPT are integrated into my daily workflow, and I cannot imagine my life without them.

With the announcement of Copilot+PC, Microsoft also introduced Recall:

“Retrace your steps with Recall. Search across time to find the content you need, then re-engage with it. With Recall, you have an explorable timeline of your PC’s past. Just describe how you remember it, and Recall will retrieve the moment you saw it. Any photo, link, or message can be a fresh starting point.”

This sounds really interesting in terms of productivity but could be a nightmare in terms of information security because it is essentially a keylogger. The feature has been heavily criticized by the security community since its announcement.

But it can get worse… Researchers have successfully developed a tool capable of locating, extracting, and displaying all data stored by Recall on any device. The tool, “TotalRecall,” available on Github, extracts and displays data from the Recall feature, providing an easy way to access snapshots of PC activity.

Therefore, Microsoft is making some changes to its controversial Recall feature to address security concerns. This means it won't take screenshots of everything you do after all, unless you opt in.

One of the main concerns with Microsoft’s Recall function, and indeed with all AI apps and functions, is the lack of “Security by Default”. Even though Microsoft has a Secure Future Initiative in place, it's challenging to be certain of its efficacy.

The challenges these tools bring cannot be overlooked. We urgently need a viable proposal to address the security concerns inherent in data protection for tools like Microsoft's Recall.

Interesting Interviews, Tools and More

One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials

Because we talked about routers, a little more deepdive to it. This researchers discovered that these routers, whether intended or not, configured via ASUS's DDNS, are susceptible to a man-in-the-middle (MITM) attack, which we identified, enabling the theft of admin credentials....

LLM Agents can Autonomously Hack Websites

This paper shows that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand.

Prompt Fuzzer is an open-source tool that evaluates the security of GenAI application’s system prompt against dynamic LLM-based threats.

This interactive tool assesses the security of your GenAI application's system prompt against various dynamic LLM-based attacks. It provides a security evaluation based on the outcome of these attack simulations, enabling you to strengthen your system prompt as needed.

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!

Welcome to the first edition of the Threat Intelligence Newsletter. The goal is to deliver weekly updates with the latest in threat intelligence and cybersecurity related, to help accelerate innovation and collaboratively build a more secure future!

Week in review

Snowflake breach is behind Ticketmaster and Santander

It appears the cause of these breaches are client accounts with weak or compromised passwords match with a lack of Multi-Factor Authentication enabled. Santander released a statement noting that they “recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.” CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Breach: Dell API abused to steal 49 million records

A threat actor known as Menelik abused a partner portal API to scrape the information of approximately 49 million Dell customer records. The stolen data included customer names, order numbers, service tags, installed locations, and more.

PoC for Check Point Vulnerability Released

Active exploitation of this vulnerability has been observed in the wild by multiple threat actors. A PoC was publicly released on May 30, 2024. The vuln is tracked as CVE-2024-24919 and could allow an unauthenticated remote attacker to read local files from the affected Security Gateway, including any exposed sensitive files such as password data, SSH keys, or other credentials.

A fast search in Fofa returns more than 45k unique IPs:

Fofa Dork: 
app="Check_Point-SSL-Network-Extender"

Shodan Dork: 
"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"

Ideas Corner

Leveraging LLMs for Threat Intelligence

Integrating AI into everything has become incredibly popular these days, but the question I always have in mind is how can we use the power of GenAI to enhance Threat Intelligence or SOC efficiency, reduce response times, and focus on what's important?

This example “Time Series Analysis by Leveraging GPT-4o Vision for Threat Intel” or this other “Our TRAM Large Language Model Automates TTP Identification in CTI Reports“ can be an answer.

One significant challenge is alert triage, burdened by alert overload and the rapid increase in cyberattacks. Why not reduce manual tasks with an efficient workflow?

Of course GenAI is not magic. Monitoring responses, refining prompts, and improving data are crucial steps in leveraging this technology effectively.

Interesting Interviews, Tools and More

The Gentlemen Hackers interview: The Grugq

Many years ago that I listen the talk OPSEC: Because Jail is for wuftpd from The Grugq, and now in this intersting interview they discuss the evolution of hacking, the human aspect of hacking operations, and some skepticism towards the discovery of a potential security breach involving a half-second delay in SSH communications.

Geospy.ai: Photo location prediction using AI

Talking about OPSEC… I came across this tool Geospy.ai in twitter, and is really good. GeoSpy is a cutting-edge AI platform specialized in geo-estimation and location prediction, leveraging pixel data to accurately infer geographical locations

Sherlockeye.io OSINT tool

Sherlockeye is a tool designed to elevate your research and analysis (on emails). By the combined power of leading search engines like Google and DuckDuckGo, alongside cutting-edge AI language models, Sherlockeye delivers unmatched insights and understanding from your data.

API Security Best Practices

This post explains how APIs are the backbone of modern applications. They expose a very large surface area for attacks, increasing the risk of security vulnerabilities. Common threats include SQL injection, cross-site scripting, and distributed denial of service (DDoS) attacks.

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!