InfoSec Dot - Issue #76. 📸 Deepfake Dangers Exposed👁️‍🗨️🔥| AWS Under Siege by Misconfigs 🛡️💻 | Gateway Gaps in the Cloud 🌩️🔐

In partnership with

Hi Cybersecurity Enthusiasts,

In this edition, we uncover escalating cloud security risks, as AWS misconfigurations and vulnerable API gateways create major gaps attackers can exploit. Developers are also being targeted through malicious Python packages on PyPI, contributing to an increasingly dangerous software supply chain ecosystem.

Meanwhile, AI-driven threats are on the rise—from zero-knowledge threat actors leveraging advanced techniques to disturbing abuse cases like underage deepfakes on image generation platforms. These developments signal an urgent need for stronger governance, monitoring, and ethical AI safeguards.

Stay informed with these critical updates to understand and counteract the evolving cybersecurity threats of 2025.

Stay up-to-date with AI

The Rundown is the most trusted AI newsletter in the world, with 1,000,000+ readers and exclusive interviews with AI leaders like Mark Zuckerberg, Demis Hassibis, Mustafa Suleyman, and more.

Their expert research team spends all day learning what’s new in AI and talking with industry experts, then distills the most important developments into one free email every morning.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

Sign up to start learning.

🗓️ What’s New

CrushFTP Vulnerability Under Active Exploitation 

A critical flaw in CrushFTP (CVE-2025-2825) is being actively exploited in the wild. The vulnerability allows attackers to bypass authentication and access sensitive files. Admins are urged to patch immediately as targeted attacks continue. Read More (4 Mins)

Oracle Quietly Confirms Data Breach Amid Legal Firestorm 

Oracle has officially acknowledged a data breach following a lawsuit alleging a cover-up. The breach reportedly affected customer information, though the full scope remains unclear. Legal pressure and public scrutiny are mounting. Read More (5 Mins)

Cryptojackers Target PostgreSQL Servers in Stealth Campaign 

A stealthy cryptomining operation has been discovered exploiting vulnerable PostgreSQL servers to deploy malicious containers. Attackers used compromised credentials and misconfigurations to hijack compute power for mining Monero. Experts urge immediate patching and cloud config audits. Read More (6 Mins)

Malicious Python Packages Found on PyPI Again

Security researchers have uncovered a fresh wave of malicious Python packages on PyPI, designed to steal credentials and environment variables. The attackers used obfuscated code and typosquatting to trick developers into installing the backdoored libraries. Developers are urged to verify package sources and use virtual environments. Read More (3 Mins)

Fast-Flux Tactics Alarm U.S. and Allies

U.S. and allied cybersecurity agencies have issued a joint alert warning about nation-state and criminal threat actors leveraging fast-flux DNS techniques to obscure malicious infrastructure. This tactic rapidly changes IP addresses linked to domains, making takedowns and tracking difficult. Organizations are urged to monitor DNS activity and implement robust detection mechanisms. Read More (3 Mins)

Blacklock Ransomware Gang Breached by Hackers

In a surprising twist, the Blacklock ransomware group has been hacked, exposing internal communications and operational data. The breach could weaken the gang’s future campaigns and offer law enforcement valuable intelligence. Read More (2 Mins)

🔍 In-Depth Insights

Misconfigured AWS API Gateways Expose External Attack Paths

Security researchers revealed how misconfigured API gateways in AWS can be exploited from external accounts, allowing attackers to invoke internal services and potentially exfiltrate data. Cloud users are urged to audit gateway permissions. Read More (14 Mins)

Code Injection Detection with MemprocFS Plugin

Part 3 of CyberEngage’s series dives deep into detecting code injection attacks using memory forensics with the MemprocFS "findevil" plugin. Learn how in-memory analysis can help uncover hidden threats in real time. Read More (7 Mins)

🤖 AI in Cybersecurity

AI Enables “Zero-Knowledge” Threat Actors

A new breed of attackers is emerging—Zero-Knowledge Threat Actors, who rely on generative AI to execute sophisticated cyberattacks without deep technical skills. This shift blurs the line between amateurs and pros, raising the stakes for defenders. Read More (4 Mins)

AI Deepfake Scandal Exposes Privacy Risks

A disturbing leak from AI image site Gennomis has revealed the creation and sharing of deepfakes involving underage individuals. The breach underscores the dark potential of generative AI misuse and raises urgent ethical and legal concerns. Read More (3 Mins)

💡 Actionable Insights

Simple Tactic, Big Breach

Cyber attackers are now leveraging a three-step ClickFix method—a simple yet highly effective technique—to deploy malware and gain unauthorized access. By exploiting basic user behaviors and trust, this tactic is fueling a rise in infections across organizations. Read More (3 Mins)

AWS Security Misconfigurations Exposed

Security experts are shedding light on common AWS missteps that expose critical infrastructure to risks. From overly permissive IAM roles to public S3 buckets, the report urges teams to adopt a "least privilege" approach and continuous audits to lock down cloud assets. Read More (12 Mins)

🔗 Miscellaneous Links

• 10 best practices for vulnerability management according to CISOs

• Fortune 500 employee-linked account exposure

• SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

• Oracle Confirms Cloud Hack

Also, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

Regards,

Dot