Table of contents
Today's threat landscape:
- AI arms both sides of the cyber battlefield
- New attack techniques leverage old vulnerabilities at scale
- Credential theft and Linux systems under fire
Top 3 vulnerabilities:
- Cisco ISE flaws under active exploitation
- Citrix Bleed 2: Critical flaws in NetScaler also exploited
- VMware patches four zero-day vulnerabilities
Industry news:
Today’s threat landscape
AI arms both sides of the cyber battlefield
Artificial intelligence continues to reshape the cyber security landscape, raising the stakes for both attackers and defenders. Google’s Big Sleep AI successfully detected a critical vulnerability in the SQLite database engine before it was exploited. This marks a shift toward AI-driven predictive security, which prevents attacks before they happen.
On the flip side, cybercriminals are leveraging generative AI to scale up social engineering attacks. Phishing websites are now built and customized in seconds using AI coding assistants. Fake emails, now paired with deepfake voice cloning, make cyberattacks more convincing, targeted, and easier for criminals to launch.
New attack techniques leverage old vulnerabilities at scale
It was also impossible to miss the widespread exploitation of Microsoft SharePoint vulnerabilities by China-affiliated groups like Storm-2603 and Violet Typhoon. Over 400 organizations were hit including the U.S. National Nuclear Security Administration. What makes this wave of attacks especially concerning isn’t just the scale but also how stealthy and long-lasting these attacks are. Instead of quick hits, they’re built to persist undetected, silently extracting data or positioning for future disruption. By combining older, often ignored vulnerabilities with new, creative exploitation methods, attackers now gain deep access without setting off alarms.
Read our blog post about the SharePoint flaws here.
Credential theft and Linux systems under fire
Cybercriminals are also expanding their focus. Barracuda reports a sharp rise in info-stealing malware (up 35%) and Linux-targeted attacks (up 56%). While Windows remains a top target, Linux - especially in cloud infrastructure - is now clearly in the line of fire.
Top 3 vulnerabilities
Cisco ISE flaws under active exploitation
Cisco’s Identity Services Engine (ISE), a core component in enterprise network access control, is currently under active attack due to multiple vulnerabilities.
- CVE-2025-20281 and CVE-2025-20337 affect Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration, and could allow unauthenticated remote attackers to execute arbitrary code on the underlying operating system as root.
- CVE-2025-20282 affects only Cisco ISE and ISE-PIC release 3.4 and could allow unauthenticated remote attackers to upload files and then execute them on the underlying operating system as root.
These flaws have been exploited in the wild and added to CISA’s catalogue of Known Exploited Vulnerabilities. The only protection is to patch immediately Cisco ISE or ISE-PIC to release 3.3 patch 7 or release 3.4 patch 2 or later.
Citrix Bleed 2: Critical flaws in NetScaler also exploited
Two critical zero-day vulnerabilities affecting Citrix NetScaler ADC and Gateway, CVE-2025-5777 and CVE-2025-6543, are under active exploitation.
The first flaw, CVE-2025-5777 (CVSS score of 9.3), stems from insufficient input validation leading to a memory overread. When NetScaler is configured as a Gateway or AAA virtual server, attackers can bypass authentication and extract sensitive information, such as session tokens and credentials, without needing to log in. Security researchers compare it to 2023’s “Citrix Bleed” due to its repeated memory leak behavior.
Exploitation began in June, with over 11 million attack attempts recorded, mainly targeting financial services, tech, and government sectors. CVE-2025-6543 (CVSS score of 9.2) is also actively exploited and similarly enables unauthorized access and data exposure on exposed systems.
The flaws affect:
- NetScaler ADC and Gateway 14.1 before build 14.1-43.56
- NetScaler ADC and Gateway13.1 before build 13.1-51.25
Citrix urges all customers to patch immediately and terminate all sessions authenticated through Gateway or AAA after patching to invalidate any stolen tokens.
VMware patches four zero-day vulnerabilities
VMware has released critical security updates addressing four zero-day vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Tools. These flaws allowed attackers to escape guest virtual machines and execute code on the host, a serious breach in virtualized environments.
- CVE-2025-41236 (CVSS 9.3.) stems from an integer overflow in the VMXNET3 virtual network adapter. If exploited, it allows attackers to manipulate memory operations, potentially leading to host compromise.
- CVE-2025-41237 (CVSS 9.3.) involves an integer underflow in the Virtual Machine Communication Interface, resulting in an out-of-bounds write. This allows a malicious user to gain elevated privileges on the host system.
- CVE-2025-41238 (CVSS 9.3.) is a heap overflow in the PVSCSI controller, another component connecting guest and host. Exploiting this flaw allows attackers with local admin rights on the guest OS to execute code on the host via the VMX process.
- CVE-2025-41239 (CVSS 7.1) is an information disclosure flaw in VMware Tools for Windows.
VMware has confirmed that the only mitigation is to install the latest fixed versions of affected products.
Industry news
Dangerous tools, rising stakes: AI security risks signal a fundamental shift
As companies integrate agentic AI systems - tools that can act autonomously and interact across multiple platforms - they’re also exposing themselves to complex new vulnerabilities. Central to this risk is the Model Context Protocol (MCP), which connects AI agents with external tools like databases, APIs, and productivity platforms.
Recent research flagged serious flaws in how MCP trusts third-party tool integrations. Malicious actors can exploit this trust to hijack AI workflows, alter outputs, or exfiltrate data. These attacks don’t rely on traditional hacking, rather they exploit logical trust relationships and invisible behavioral patterns that most cyber security systems miss.
But the threat doesn’t stop with back-end infrastructure. According to a Dark Reading report, attackers are now turning their focus to the browser layer, using compromised browser extensions to manipulate AI systems by injecting malicious prompts. These extensions can covertly modify user input or output in real time, which is especially dangerous when users rely on browser-based AI tools for decision-making, document generation, or data analysis.
Compounding the issue, new research shows that as traditional browser exploits decline, users themselves have become the weak point. An ongoing campaign uncovered by cyber security researchers demonstrates how attackers lure users into installing rogue extensions that mimic productivity tools. Once installed, these extensions can redirect users, harvest data, or quietly influence AI-driven actions without needing root access or admin rights.
Together, these trends highlight a fundamental shift: the AI toolchain is only as secure as its weakest link and today, that link might be the browser tab or plugin your team uses every day.
Policy & regulation: The EU advances despite industry pushback
While companies face evolving technical risks, they must also prepare for stricter oversight. The European Union confirmed that it will move ahead with its landmark AI Act, despite lobbying from major tech firms to delay. Rules for general-purpose AI systems took effect on August 2, 2025, with stricter rules for high-risk models coming in 2026.
To help with the transition, the EU released a voluntary Code of Practice, guiding companies on how to meet transparency, safety, and data provenance obligations. Google and xAI have signed the security chapter and Microsoft is expected to follow, while Meta has opted out. The final code, which will shape compliance expectations, is due by year’s end.
For companies building or using AI tools, the message is clear: defending against AI-specific threats is no longer optional and neither is regulatory preparation.