Security news weekly round-up - 29th August 2025

#security

Malware and vulnerabilities. Threat actors can exploit the latter to deploy the former, potentially wreaking havoc in the process by deleting or exfiltrating sensitive data. History has proven this to be true and defenders need to constantly stay updated to stay one step ahead of emerging threats.

Welcome to this week's review. Let's get started.

Organizations Warned of Exploited Git Vulnerability

Take heed and protect your systems. If not, you might have yourself to blame.

The following is a brief explanation of the vulnerability:

An attacker can craft a malicious .gitmodules file with submodule paths ending in a carriage return. Due to Git’s config parser behavior, this character may be stripped on read but preserved on write, allowing malicious redirection of submodule contents. When combined with symlinks or certain repository layouts, this can lead to arbitrary writes across the filesystem.

AI Systems Vulnerable to Prompt Injection via Image Scaling Attack

This attack is about abusing what the naked eye cannot see in an image but can be visible to the AI processing the image. This opens up an attack avenue that attackers can use for malicious purposes.

Here is how it works:

The attacker’s prompt is invisible in the high-resolution image, but it becomes visible when the image is downscaled by preprocessing algorithms. The low-resolution image with the visible malicious prompt is passed on to the AI model, which may interpret the message as a legitimate instruction.

Docker Desktop Vulnerability Leads to Host Compromise

It's a container escape issue affecting Windows and macOS. Tracked as CVE-2025-9074, it has a CVSS score of 9.3.

The following is the researcher's explanation of the vulnerability:

The vulnerability, security researcher Felix Boulet explains, exists because, in the vulnerable application versions, any container can access Docker’s internal HTTP API without authentication.

This, Boulet says, allows an attacker to connect to the API using the internal IP address, create and start a privileged container, and then mount the host’s file system, gaining full access to the host.

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

At the time of writing, it appears to be a proof of concept (PoC). Nonetheless, it shows what's possible when attackers use AI in their workflows.

From the article:

The emergence of PromptLock is another sign that AI has made it easier for cybercriminals, even those who lack technical expertise, to quickly set up new campaigns, develop malware, and create compelling phishing content and malicious sites.

Malware devs abuse Anthropic’s Claude AI to build ransomware

To be candid, I was not surprised by everything detailed in the article. Not at all. I have said it before and I'll say it again: Humans tend to abuse legitimate services for their malicious agendas. History has shown us that attackers can abuse Google search results to distribute malware and if they're abusing LLM chatbots like Anthropic Claude, I am not surprised.

A quick lesson from the article:

Anthropic says that the threat actor relied almost entirely on Claude to implement the most knowledge-demanding bits of the RaaS platform, noting that, without AI assistance, they would have most likely failed to produce a working ransomware.

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

When I see articles like this, I always advise people to get a PDF editor from a reputable source or company. Moreover, a PDF editor named AppSuite PDF Editor, to me, is a red flag to stay away. Now, what are the capabilities of this TamperedChef malware that make it worthy of our attention? Read the excerpt below.

Once initialised, the stealer gathers a list of installed security products and attempts to terminate web browsers so as to access sensitive data, such as credentials and cookies. Further analysis of the malware-laced application by G DATA has revealed that it acts as a backdoor.