Malware and exploits are no longer the only sources of cyberthreats This article explores malware exploits. . They are becoming present in the ecosystems, platforms, and tools that businesses use on a daily basis.

Attackers are taking similar routes as businesses integrate AI, cloud apps, developer tools, and communication systems. This week, there has been a definite trend: attackers are misusing trust. trusted apps, trusted marketplaces, trusted updates, and even trusted AI processes. Notepad++ Hosting Infrastructure Vulnerable to Spread Chrysalis Backdoor — From June to October 2025, threat actors covertly and extremely selectively diverted traffic from Notepad++'s updater application, WinGUp, to a server under their control that downloaded malicious executables.

On September 2, 2025, the attacker was unable to gain access to the third-party hosting provider's server after the kernel and firmware were updated as part of routine maintenance.

To continue directing Notepad++ update traffic to their malicious servers until at least December 2, 2025, the attackers used their still-valid credentials. By exploiting the Notepad++ domain's inadequate update verification controls found in previous iterations, the adversary specifically targeted the Notepad++ domain. The results demonstrate that updates cannot be trusted simply because they originate from a trustworthy domain because the blind spot can be exploited as a means of spreading malware.

Giving "bring-your-own-AI" systems privileged access to apps and user conversations poses serious security risks because artificial intelligence (AI) agents already have established access to sensitive data.

Because of the architectural concentration of power, AI agents are made to perform actions and store secrets, both of which are necessary for achieving their goals. However, if they are configured incorrectly, the design that forms their foundation can simultaneously breach several security boundaries. Attackers are actively searching exposed OpenClaw gateways on port 18789, according to a warning from Pillar Security.

According to researchers Ariel Fogel and Eilon Cohen, "the more advanced attackers avoided the AI entirely, but the traffic included prompt injection attempts targeting the AI layer." The activists were being questioned or held by authorities when the extractions took place. Activists who planned demonstrations in favor of Palestinians in Gaza were among the most recent victims.

Citizen Lab said it uncovered iOS and Android indicators of compromise tied to Cellebrite in all four phones it forensically analyzed. It's suspected that authorities have been using Cellebrite since at least 2020. ShadowHS, a Fileless Linux Post‑Exploitation Framework — Threat hunters have discovered a stealthy Linux framework that runs entirely in memory for covert, post-exploitation control.

🎥 Cybersecurity Webinars Cloud Forensics Is Broken — Learn From Experts What Actually Works: Cloud attacks move fast and often leave little usable evidence behind. This webinar explains how modern cloud forensics works—using host-level data and AI to reconstruct attacks faster, understand what really happened, and improve incident response across SOC teams.

How Leaders Protect Data Using Post-Quantum Cryptography Before Quantum Breaks It: With its rapid advancement, quantum computing has the potential to crack current encryption. In order to decrypt the data when quantum power becomes available, attackers are already gathering encrypted data. The meaning of that risk, the operation of post-quantum cryptography, and the steps security leaders can take right now to safeguard sensitive data before quantum threats materialize are all covered in this webinar.