Security news weekly round-up - 19th September 2025

#security

Throughout history, attackers have shown that they are ready to compromise users using malware, vulnerabilities, or exploiting poor security practices. Whichever method they chose, it's known that determined attackers always seem to find a way into a target network or system.

ChatGPT Targeted in Server-Side Data Theft Attack

Don't even think that you're going to try and exploit the flaw. Why? At the time of writing, OpenAI has fixed the bug. Nonetheless, you can ask: What's the bug about? The excerpt below will surely answer your question.

The attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks.

Unlike client-side attacks, ShadowLeak exfiltrates data through the parameters of a request to an attacker-controlled URL. A harmless-looking URL such as ‘hr-service.net/{parameters}’, where the parameter value is the exfiltrated information.

How weak passwords and other failings led to catastrophic breach of Ascension

We all know that organizations can suffer breaches and ransomware attacks. Meanwhile, it gets interesting when a company like Microsoft is pulled into the mix for alleged negligence that played a role in the breach at Ascension.

The following is a quick lesson from the article:

All the boring, unsexy but effective security stuff was missing—network segmentation, principle of least privilege, need to know and even the kind of asset tiering recommended by Microsoft.

It's obviously not great that obsolete ciphers are still in use and they do help with this attack, but excessive privileges are much more dangerous.

SystemBC malware turns infected VPS systems into proxy highway

SystemBC is not new (it's been observed since around 2019), and it serves multiple threat actors. Its infected servers act as stable, high-capacity proxies for activities such as scraping the web, brute-forcing WordPress credentials, and hiding command-and-control operations.

From the article:

Based on the researchers’ findings, neither customers nor operators of SystemBC care about keeping a low profile, since the bots’ IP addresses are not protected in any way (e.g. through obfuscation or rotation).

One malicious service called REM Proxy relies on around 80% of SystemBC’s bots, providing tiered services to its customers, depending on the required proxy quality.

Threat Actor Infests Hotels With New RAT

Reading this article reminds me of Kaspersky's 2014 report titled DarkHotel: A Story of Unusual Hospitality. There is no real connection between these incidents. But it shows that threat actors are still targeting hotels in 2025 and Kaspersky is still exposing them to the world.

According to Kaspersky, here is how this attack unfolds:

The attacks started with phishing emails with invoicing lures targeting hotel reservations, urging the recipient to take care of overdue payments. More recently, the attackers started using fake job applications, sending résumés to the targeted hotels.

The victims were redirected to websites hosting malicious scripts containing code generated by AI. These scripts were designed to load additional scripts that would trigger malware infection.