Proactive Defense Strategies for Attack Surface Reduction

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03, mandating federal agencies to identify and mitigate zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) exploited by an advanced threat actor. The directive requires agencies to account for all affected devices, collect forensic data, and upgrade or disconnect end-of-support devices by September 26, 2025. The vulnerabilities allow threat actors to maintain persistence and gain network access. Cisco identified multiple zero-day vulnerabilities (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363, and CVE-2025-20352) in Cisco ASA, Firewall Threat Defense (FTD) software, and Cisco IOS software. These vulnerabilities enable unauthenticated remote code execution, unauthorized access, and denial of service (DoS) attacks. GreyNoise detected large-scale campaigns targeting ASA login portals and Cisco IOS Telnet/SSH services, indicating potential exploitation of these vulnerabilities. The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. CISA and Cisco linked these ongoing attacks to the ArcaneDoor campaign, which exploited two other ASA and FTD zero-days (CVE-2024-20353 and CVE-2024-20359) to breach government networks worldwide since November 2023. CISA ordered agencies to identify all Cisco ASA and Firepower appliances on their networks, disconnect all compromised devices from the network, and patch those that show no signs of malicious activity by 12 PM EDT on September 26. CISA also ordered that agencies must permanently disconnect ASA devices that are reaching the end of support by September 30 from their networks. The U.K. National Cyber Security Centre (NCSC) confirmed that threat actors exploited the recently disclosed security flaws in Cisco firewalls to deliver previously undocumented malware families like RayInitiator and LINE VIPER. Cisco began investigating attacks on multiple government agencies in May 2025, linked to the state-sponsored ArcaneDoor campaign. The attacks targeted Cisco ASA 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data. The threat actor modified ROMMON to facilitate persistence across reboots and software upgrades. The compromised devices include ASA 5500-X Series models running specific software releases with VPN web services enabled. The Canadian Centre for Cyber Security urged organizations to update to a fixed version of Cisco ASA and FTD products to counter the threat.

GitHub is implementing enhanced security measures to protect the npm ecosystem, including mandatory two-factor authentication (2FA) and short-lived tokens. These changes aim to mitigate supply chain attacks, such as the recent "s1ngularity", "GhostAction", and "Shai-Hulud" attacks, which involved a self-replicating worm and compromised thousands of accounts and private repositories. The measures include granular tokens with a seven-day expiration, trusted publishing using OpenID Connect (OIDC), and automatic generation of provenance attestations for packages. Additionally, GitHub is deprecating legacy tokens and TOTP 2FA, expanding trusted publishing options, and gradually rolling out these changes to minimize disruption. GitHub removed over 500 compromised packages and blocked new packages containing the Shai-Hulud malware's indicators of compromise. The company encourages NPM maintainers to use NPM-trusted publishing and strengthen publishing settings to require 2FA. Ruby Central is also tightening governance of the RubyGems package manager to improve supply-chain protections.

Chinese state-sponsored Advanced Persistent Threat (APT) actors, specifically the Salt Typhoon group and a newly identified group named RedNovember, have been conducting sustained campaigns to compromise critical infrastructure networks worldwide. The campaigns aim to gain long-term access to telecommunications, government, transportation, lodging, and military networks. This activity has been detailed in a joint advisory by CISA, NSA, FBI, and international partners, including Canada, Australia, New Zealand, the UK, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain. The advisory provides intelligence on tactics used by these actors and recommends mitigations to strengthen defenses. The Czech Republic's National Cyber and Information Security Agency (NUKIB) has issued a warning instructing critical infrastructure organizations to avoid using Chinese technology or transferring user data to servers located in China. The agency has re-evaluated its risk estimate of significant disruptions caused by China, now assessing it at a 'High' level. The NUKIB has confirmed malicious activities of Chinese cyber-actors targeting the Czech Republic, including a recent APT31 campaign targeting the Czech Ministry of Foreign Affairs. The advisory highlights concerns over the transfer of system and user data to China, potentially misused by state, military, or political interests. The Czech government previously accused China of targeting its critical infrastructure through APT 31, an allegation denied by the PRC but condemned by the US, EU, and NATO. The advisory suggests that individuals and organizations consider restricting or prohibiting the use of products and services that transfer data to China. The campaign has targeted at least 600 organizations across 80 countries, including 200 in the U.S. The threat actors have exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks devices to gain initial access and have modified routers to maintain persistent access and pivot into other networks. The advisory also notes that the APT actors may target other devices such as Fortinet firewalls, Juniper firewalls, Microsoft Exchange, Nokia routers and switches, Sierra Wireless devices, Sonicwall firewalls, etc. RedNovember has targeted perimeter appliances of high-profile organizations globally, including defense and aerospace organizations, space organizations, and law firms. The group has breached at least two U.S. defense contractors, a European engine manufacturer, and a trade-focused intergovernmental cooperation body in Southeast Asia. RedNovember has used the Go-based backdoor Pantegana and Cobalt Strike as part of its intrusions, along with the Spark RAT and LESLIELOADER. The group has also used VPN services like ExpressVPN and Warp VPN to administer and connect to servers used for exploitation and communication.

The threat actor, tracked as UNC6395 by Google and GRUB1 by Cloudflare, exploited OAuth tokens associated with the Drift AI chat agent to breach Salesloft and steal data from Salesforce customer instances. The campaign, active from August 8 to at least August 18, 2025, targeted over 700 organizations, including Workiva and Stellantis, and impacted all integrations connected to the Drift platform, not just Salesforce. The attackers exported large volumes of data, including credentials for AWS, passwords, and Snowflake access tokens. Zscaler, Palo Alto Networks, Cloudflare, and Workiva reported data breaches after threat actors accessed their Salesforce instances via compromised Salesloft Drift credentials, exposing customer information. The breach began with the compromise of Salesloft's GitHub account, accessed by UNC6395 from March to June 2025. The threat actor accessed multiple repositories, added a guest user, and established workflows. Reconnaissance activities occurred in the Salesloft and Drift application environments between March and June 2025. The attackers accessed Drift's AWS environment and obtained OAuth tokens for Drift customers' technology integrations. Salesloft isolated the Drift infrastructure, application, and code, and took the application offline on September 5, 2025. Salesloft rotated credentials in the Salesloft environment and hardened it with improved segmentation controls. Salesloft recommends that all third-party applications integrated with Drift via API key revoke the existing key. Salesforce restored the integration with the Salesloft platform on September 7, 2025, except for the Drift app, which remains disabled. Salesloft and Salesforce have taken steps to mitigate the breach, including revoking tokens and removing the Drift application from AppExchange. The breach highlights the risks associated with third-party integrations and the potential for supply chain attacks. UNC6395 demonstrated operational discipline, querying and exporting data methodically, and attempting to cover their tracks by deleting query jobs. The targeted organizations included security and technology companies, suggesting a broader strategy to infiltrate vendors and service providers. The campaign is limited to Salesloft customers who integrate their own solutions with the Salesforce service. There is no evidence that the breaches directly impacted Google Cloud customers, though any of them that use Salesloft Drift should review their Salesforce objects for any Google Cloud Platform service account keys. The threat group ShinyHunters and Scattered Spider claimed responsibility for many of those attacks, and vishing attacks have been cited as the means of compromise. Google disclosed that UNC6040 breached one of its Salesforce instances using these tactics. The UNC6395 Salesloft Drift activity is separate from the vishing attacks attributed to UNC6040. Okta successfully defended against a potential breach by enforcing inbound IP restrictions, securing tokens with DPoP, and using the IPSIE framework. Okta recommends that organizations demand IPSIE integration from application vendors and implement an identity security fabric. Palo Alto Networks' Unit 42 advised organizations to conduct immediate log reviews for signs of compromise and rotate exposed credentials. Okta suggests reducing the blast radius of a single entity breach by constraining token use by IP and client and ensuring granular permissions for M2M integrations. The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. UNC6040 is a threat actor that specializes in voice phishing or vishing and recently was observed using social engineering to pose as IT support staff to get into Salesforce environments. UNC6395 is best known for using stolen OAuth tokens from Salesloft's Drift application, which has a Salesforce integration, to steal sensitive data from hundreds of Salesforce environments earlier this year. The FBI's latest advisory provides additional context into the technical aspects of the threat campaigns, particularly UNC6040's activity, which began last fall. The advisory also includes indicators of compromise, including IP addresses and URLs associated with the two campaigns.

AI systems remain vulnerable to data-theft via hidden prompts in downscaled images. Researchers from Trail of Bits have demonstrated a novel attack vector that exploits AI systems by embedding hidden prompts in images. These prompts become visible when images are downscaled, enabling data theft or unauthorized actions. The attack leverages image resampling algorithms to reveal hidden instructions, which are then executed by the AI model. The vulnerability affects multiple AI systems, including Google Gemini CLI, Vertex AI Studio, Google Assistant on Android, and Genspark. The attack works by crafting images with specific patterns that emerge during downscaling. These patterns contain instructions that the AI model interprets as part of the user's input, leading to potential data leakage or other malicious activities. The researchers have developed an open-source tool, Anamorpher, to create images for testing and demonstrating the attack. To mitigate the risk, Trail of Bits recommends implementing dimension restrictions on image uploads, providing users with previews of downscaled images, and seeking explicit user confirmation for sensitive tool calls.