- HX Weekly by Hexagon Center
- Archive
- Page -7
Archive
To believe or not to believe?
We want to talk about Liar’s Dividend. This week's biggest news is a simple but important reminder: keep your software updated! 📲 A number of popular programs, including the Google Chrome web browser that billions of people use every day, needed urgent patches to fix security holes. Also in the news, law enforcement successfully shut down a major online platform used by criminals to "wash" stolen Bitcoin, which is good news for fighting cybercrime!
For the 100th time!
HX Weekly is your timely, weekly reminder and resource guide from the Hexagon Center to help you maintain that crucial level of preparedness. We draw from a wealth of resources to equip you with the knowledge you need to keep attackers at bay and protect your domain—whether from lurking threats or those already attempting entry. We are here to help you stay ahead.
Your cybersecurity help may be only at your fingertips
This week, AI-driven cyber warfare was a dominant theme, with reports detailing sophisticated, automated attacks and critical vulnerabilities. A significant concern is the rise of "agentic" AI threats, where state-sponsored actors are allegedly using Large Language Models (LLMs) to fully automate espionage campaigns, performing reconnaissance, generating exploits, and exfiltrating data with minimal human intervention.
AI Tools Used In Phishing Attacks Globally
But what’s new? Recently, we have extensively discussed how attackers are increasingly employing agentic AI and generative AI to conduct attacks against us. This week's cybersecurity news is dominated by active exploitation of major vulnerabilities. U.S. temporarily revived two major cybersecurity laws, and the U.K. proposed a new resilience bill, while Microsoft is rolling out anti-screenshot features for Teams Premium.
Malvertising targets everyone. Yes, including you.
With malvertising playing a key role in the initial breach, malicious search engine ads are impersonating software installers—similar to the Microsoft Teams attack mentioned in today’s edition—to drop a backdoor into corporate machines. This underscores the trend of threat actors using trusted applications and platforms to gain an early foothold. In a significant parallel development, Google warned about a dramatic evolution in malware, identifying new strains that use Generative AI models to dynamically rewrite and mutate their code hourly to evade detection. These dual threats—using deceptive advertising for initial access and then deploying AI-enhanced malware—signal a rapidly adapting environment where both human vigilance and advanced defensive tools are increasingly necessary.
LastPass Last Phish?
If you believe that phishing scams had diminished or subsided, this week’s cybersecurity landscape was characterized by the active exploitation of critical vulnerabilities and, notably, phishing scams. A sophisticated phishing scam targeted LastPass users by sending them fraudulent “death claims” emails, with the intention of obtaining Master Passwords. This financially motivated campaign was associated with the CryptoChameleon group, underscoring the persistent threat posed by social engineering alongside nation-state activities that exploit flaws in Windows and target critical infrastructure.
They are everywhere. Don’t just think cybersecurity ...
We’re still keeping a close eye on those widespread vulnerabilities and how cybercrime is constantly changing, especially with AI playing a bigger role. It’s getting more and more common for AI to be used in social engineering attacks which shows how cybercriminals are getting smarter and more creative.
Are you looking for a job? We’re hiring
This week in cybersecurity, ransomware continues to be a dominant threat with new variants and social engineering tactics targeting industries like healthcare, while concerns persist over supply chain vulnerabilities and the dual use of AI by both defenders and attackers; meanwhile, governments are prioritizing critical infrastructure security, but job seekers must remain vigilant against rising employment scams that often feature unsolicited offers, poor communication, premature requests for financial data, demands to purchase equipment, and interview processes solely through chat, necessitating thorough verification of companies and recruiters to avoid falling victim.
Who is this person that knows me so well?
Several reports revealed that malicious actors are increasingly using AI-driven tools to automate phishing campaigns, generate convincing deepfake audio and video, and identify vulnerabilities in systems faster than ever before. Another alarming trend covered in the news involves AI-powered malware. AI is even being employed to scan networks for exploitable weaknesses more efficiently than human hackers or traditional automated tools. The consensus in this week’s coverage is clear: as attackers get smarter with AI, our defenses must evolve just as quickly, if not faster.
Spread the word about password
A nationwide retailer confirmed a cyberattack exposing customer data, while ransomware attacks disrupted healthcare services. CISA warned of phishing campaigns targeting enterprise credentials. Multi-factor authentication adds an extra layer of defense beyond just a password —such as a code from an authenticator app, biometric verification, or a hardware token—making unauthorized access far less likely. MFA is currently the most effective way to prevent account compromise in the face of modern cyberattacks.