☕ Good Morning Security Gang,
Today’s episode is one of those that hits every nerve in cybersecurity, AI exposure, identity attacks, ransomware evolution, and nation-state activity all in one show.
And here’s the uncomfortable truth driving today’s conversation:
👉 We are deploying technology faster than we are securing it—and attackers are capitalizing on that gap.
Double espresso, well, decaf this time, let’s get into it.
🧭 Executive Summary
Today’s landscape is defined by three major fault lines:
AI infrastructure exposure at scale
Identity and MFA bypass becoming trivial
Ransomware groups evolving into structured enterprises
Attackers are exploiting memory-level flaws in AI systems, leveraging adversary-in-the-middle (AiTM) phishing to bypass MFA, and operating ransomware operations under multiple brands to evade detection and enforcement. Meanwhile, supply chain compromises and targeted nation-state campaigns continue to expand the attack surface beyond traditional enterprise boundaries.
📰 Top Stories & Deep Dive Analysis
🤖 Bleeding Llama – 300,000 AI Servers Exposed to Data Theft
The “Bleeding Llama” vulnerability is one of the most significant AI security issues we’ve seen to date. Affecting Ollama deployments, this flaw allows attackers to exfiltrate sensitive data from memory using just three unauthenticated API calls.
Here’s how it works: an attacker uploads a specially crafted model file that triggers a buffer overflow, allowing them to dump memory contents. That memory can include API keys, authentication tokens, prompts, internal conversations, PII, and even proprietary code.
Researchers identified approximately 300,000 exposed Ollama servers on the public internet, many without authentication or proper access controls.
This is not just a vulnerability, it’s a systemic failure in how AI infrastructure is being deployed. Organizations are spinning up AI environments with zero security controls, effectively creating open data leaks waiting to happen.
📱 North Korea’s BirdCall Android Backdoor – Mobile Espionage Expands
North Korea’s ScarCruft group has escalated its operations by embedding a new Android variant of the BirdCall malware into a compromised gaming platform targeting ethnic Koreans in China.
This backdoor is not basic spyware, it’s a full surveillance toolkit capable of collecting contacts, messages, call logs, media files, and even recording audio. It also captures screenshots, including private keys and sensitive data.
What makes this campaign particularly concerning is its targeted nature, focusing on individuals connected to sensitive geopolitical regions. This reflects a broader shift toward cross-platform espionage, where attackers combine mobile and desktop compromise to build a complete intelligence picture.
🏢 Cushman & Wakefield Breach – Vishing Meets SaaS Compromise
Cushman & Wakefield confirmed a breach caused by a vishing attack, where attackers socially engineered an employee into granting access. ShinyHunters claims to have stolen hundreds of thousands of Salesforce records, with a ransom deadline looming.
This attack is part of a broader campaign targeting Salesforce environments through human manipulation rather than technical exploitation. Once attackers gain access, they can export massive datasets, including customer information and internal records.
The lesson here is clear: identity is the new perimeter, and social engineering is the easiest way through it.
💳 Fiserv Targeted by Everest Ransomware – Financial Sector in Focus
Everest ransomware has claimed Fiserv, a major financial technology provider, as its latest victim. While details remain limited, the potential impact is significant given Fiserv’s role in processing payments and supporting thousands of financial institutions.
This follows a pattern of targeted attacks against the financial sector, where attackers aim to maximize leverage and disruption. Even without confirmed data exposure, organizations relying on Fiserv should be actively monitoring for anomalies.
This is not just a breach, it’s part of a broader campaign against financial infrastructure.
🎯 AiTM Phishing Campaign – 35,000 Users Compromised
Microsoft disclosed a massive adversary-in-the-middle phishing campaign targeting over 35,000 users across 13,000 organizations. The attackers used proxy-based interception to capture credentials and session tokens in real time, bypassing MFA entirely.
Victims were lured through a fake document review process, with the attack chain designed to look legitimate at every step. Once credentials were captured, attackers could access accounts without triggering additional authentication challenges.
This is the new normal: MFA is no longer enough on its own, especially against AiTM attacks that exploit session-based authentication.
⚖️ DOJ Sentencing – Ransomware Gangs Are One Organization
In a major legal development, a ransomware negotiator was sentenced to over eight years in prison, revealing that groups like Conti, Akira, Royal, and others are effectively one coordinated enterprise operating under multiple brands.
This structure allows attackers to:
Avoid attribution
Continue operations after takedowns
Maximize revenue through specialization
This confirms what many suspected: ransomware is no longer a collection of independent groups—it’s a business ecosystem with shared leadership and resources.
🪟 APT Credential Theft – Zero-Click Windows Compromise
APT activity is now enabling attackers to steal Windows credentials without any user interaction, leveraging system-level weaknesses to extract sensitive data.
This represents a significant escalation, as it removes the need for phishing or malware execution. Attackers can operate silently, harvesting credentials and moving laterally without detection.
This is the evolution of identity attacks from tricking users to bypassing them entirely.
🎮 NVIDIA Partner Breach – Supply Chain Risk Continues
NVIDIA confirmed a breach affecting one of its partners, with ShinyHunters again claiming involvement. While details are limited, this highlights the ongoing risk of supply chain compromise, where attackers target vendors to gain indirect access to larger organizations.
This is a recurring pattern: attackers don’t always go after the biggest target—they go after the weakest link in the ecosystem.
🎯 Key Takeaway
👉 AI exposure, identity compromise, and ransomware consolidation are converging into a single, complex threat landscape.
🛠️ Action Items for Security Leaders
🔐 Patch Ollama immediately and restrict public access to AI deployments
🤖 Implement authentication proxies for all AI infrastructure
📱 Enforce MDM policies and restrict sideloaded apps on mobile devices
🧩 Deploy phishing-resistant MFA (FIDO2) and monitor session tokens
🏢 Strengthen identity verification for help desk and admin access
💳 Monitor financial integrations and APIs for anomalous activity
⚖️ Update threat models to account for multi-brand ransomware groups
🪟 Enhance detection for credential theft and lateral movement
🎮 Conduct vendor risk assessments across all supply chain partners
🔍 Continuously audit exposed services and internet-facing assets
🧠 James Azar’s CISOs Take
What stood out to me today is how quickly AI has become a critical attack surface. We’re deploying these systems everywhere—often without authentication, without monitoring, and without understanding the risks. Bleeding Llama is a perfect example of how a single flaw can expose everything in memory. That’s not a vulnerability—that’s a systemic failure in how we approach new technology.
The second takeaway is the convergence of identity and attacker efficiency. AiTM phishing, zero-click credential theft, and ransomware consolidation all point to one thing—attackers are getting faster, smarter, and more organized. If we don’t evolve our defenses to match that speed and sophistication, we’re going to keep playing catch-up. And in this game, being behind is not an option.
🔥 Stay Cyber Safe.
