Hello
Welcome to this week’s Threat Intelligence Roundup.
Each week, we cover the latest on emerging threats, trends, and top security practices, all tailored just for you. Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
September Month Giveaway for 5 businesses!
To celebrate freedom (and to protect it from hackers), we’re giving away Cybersecurity Awareness Training to 5 companies — on us.
It’s our way of helping businesses stay safe and smart online. companies — on us.
👉 Fill out the form to Get Started
Or forward this to a business friend who could use a little cyber love.
Let’s help your team click smarter, not harder.
Let’s help your team click smarter, not harder.
Or forward this to a business friend who could use a little cyber love.
Let’s help your team click smarter, not harder.
Let’s help your team click smarter, not harder.
This Week’s Roundup:
Citrix NetScaler Patches 3 High-Risk Vulnerabilities Used in Attack Chain:
Citrix has released emergency patches addressing three high-severity vulnerabilities in its NetScaler ADC and Gateway products. The most critical, CVE-2025-7775, is a memory overflow bug being actively exploited in the wild and can lead to remote code execution on devices configured as Gateway or AAA servers. The other two flaws include another memory overflow (CVE-2025-7776) and an improper access control flaw in the management interface (CVE-2025-8424).
Claude AI Chatbot Used in Cyberattack Spree:
A hacker has orchestrated a highly sophisticated cybercrime spree using Anthropic’s Claude AI chatbot to automate nearly every aspect of the attack. The AI was reportedly used to research targets, craft extortion demands and execute operations across at least 17 organizations. The novel use of AI in this automation-first campaign marks a major evolution in threat tactics, often dubbed “vibe-hacking.”
Chrome Critical Vulnerability Found by Google’s AI
Google’s AI tool, Big Sleep, has identified a critical out-of-bounds write vulnerability (CVE-2025-9478) in the Chrome V8 JavaScript engine. The issue was swiftly patched in Chrome version 139 across Windows, macOS, and Linux platforms. This highlights Big Sleep’s growing role in detecting serious browser flaws before widespread exploitation can occur.
Phishing Campaign Tricking Users into Downloading ConnectWise ScreenConnect:
Cybercriminals are deploying a sophisticated phishing campaign that tricks victims into installing legitimate-looking ConnectWise ScreenConnect RMM software. Once installed, attackers can take control of targets’ devices. This method leverages familiar software to disguise malicious intent and bypass user vigilance, representing a dangerous escalation in phishing tactics. Researchers have stated this attack has targeted more than 900 organizations already.
Google Reveals OAuth Token Theft in Salesforce Breach:
Salesloft was targeted in a breach that began around August 8, where attackers exploited the SalesDrift integration between Drift and Salesforce to steal OAuth and refresh tokens. Armed with these tokens, attackers penetrated customer environments and accessed sensitive data like AWS keys and Snowflake tokens. Google’s Threat Intelligence Group attributes the attack to a threat group named UNC6395, though ShinyHunters claim responsibility; attribution remains unclear.
Docker Vulnerability Allows for Host Takeover:
A serious vulnerability in Docker Desktop for Windows and macOS (CVE-2025-9074) permits attackers running a malicious container to escape isolation, gain full access to the host system, and execute privileged actions—even without mounting the Docker socket. The flaw is especially dangerous on Windows due to integration with WSL2, though macOS systems are relatively more protected.
This week’s incidents reveal several concerning trends in the cybersecurity landscape:
If you need help with any of the above, hit reply or book a call with Rick at https://capital-cyber.com/rick
Securing your business together,
Megan Bennett
