SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsResearchers at ReversingLabs are warning of a worm that spreads through the npm open-source registry supply chain, compromising developer accounts and hiding itself in legitimate packages which, when downloaded, install the worm and repeat the process. The first npm package affected by the worm appears to have been compromised on September 14 at 17:58 UTC. Once a system is compromised, the malware installs TruffleHog, an open-source secret-detection analysis tool, then exfiltrates primarily GitHub, AWS, GCP, and npm tokens, using them to compromise additional accounts and to publish the secrets to new GitHub repositories or branches with "Shai-Hulud" in the name or description. After exfiltration, the worm propagates, writing itself into up to 20 packages the developer has access to, "automat[ing] the spread by piggybacking on the maintainer’s own publishing rights." While in GitHub, the worm also attempts to create public copies of users' private repositories, likely seeking hardcoded secrets and source code to enable future attacks. Compromised packages identified by ReversingLabs "account for millions of combined weekly downloads, making this a high-impact supply chain compromise," and the researchers emphasize that the affected parties are spread across many industries and professional strata. This attack bears similarities to the August 27, 2025 AI-enabled credential stealer attacks on Nx packages (an attack dubbed "s1ngularity") and researchers at both Wiz and Aikido believe the same threat actor is responsible for the "Shai-Hulud" campaign. Nicholas Weaver, a researcher with the International Computer Science Institute, calls this "a supply chain attack that conducts a supply chain attack," and urges package managers to require phishing-proof 2FA human consent for every publication request. Users should identify and remove compromised packages, reviewing dependency trees; look for and remove GitHub repositories and branches containing "shai-hulud" in the name or description; rotate credentials; check cloud infrastructure for compromise; and implement network monitoring and security controls.
Pass the IoCs to your threat hunters, check for new repositories named Shai-Hulud Migration, or branches named Shai-Hulud; if you don’t have a public repo, watch for new versions of your code published on npm. Look for exposed secrets, and roll them. Watch out for compromised credential access to your repo.
Once again, emphasis on the advice for essential security controls on all software repositories, whether open source, or public: “require phishing-proof 2FA human consent for every publication request. Users should identify and remove compromised packages, reviewing dependency trees; look for and remove GitHub repositories and branches containing "shai-hulud" in the name or description; rotate credentials; check cloud infrastructure for compromise; and implement network monitoring and security controls.”
This was too easy!
There are measures that individual consumers can use to reduce their risk from use of contaminated products. However, the greater problem is that there are so many consumers. Going forward, we can expect attacks against suppliers to become an efficient, not to say favored, means of distributing malware. The suppliers, not the consumers, must be the first line of defense. We should not tolerate the distribution of malware the same way that we have come to tolerate poor quality.
ReversingLabs
Wiz
Aikido
StepSecurity
KrebsOnSecurity
Dark Reading
BleepingComputer
The Hacker News
SecurityWeek
The Register
SonicWall is urging some customers to reset passwords after the company's cloud backup service was breached and firewall configuration data were compromised. In a knowledge base article, SonicWall writes that their "investigation found that threat actors accessed backup firewall preference files stored in the cloud for fewer than 5% of [their] firewall install base. While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall." When SonicWall became aware of the breach, they disabled the cloud backup feature and rotated internal keys. They also made "infrastructure and process changes" to prevent a recurrence of the incident. The SonicWall article provides detailed instructions to help users determine if they are at risk, and guidance for those who are.
If you’re using the cloud backup for your SonicWall firewall and you’re affected, the remediation requires not only updating admin passwords, but also all VPN user credentials, including rebinding TOTP authenticators as well as any other credentials, DDNS, Wi-Fi, etc. Login to your MySonicWall account and check to see if you’re affected, then read their remediation guidance a couple of times before moving forward; you’re going to need to coordinate and plan the required changes.
The user may be to blame somewhat, but on the other hand, it is not clear what brute forcing protection and other controls SonicWall had in place.
We need a better solution for firewall and router security than passwords.
SonicWall
The Register
CyberScoop
The Hacker News
BleepingComputer
SecurityWeek
Help Net Security
Jaguar Land Rover (JLR) now says their global operations will be shuttered until at least September 24, bringing the company's downtime to nearly four weeks. JLR took operations offline at the beginning of September in response to a cybersecurity incident; they are currently undergoing a forensic investigation. The ongoing outage has had a significant financial impact, not just on JLR but also on their suppliers. Shares in Autins, a company that provides components for JLR vehicles, fell 40 percent. As "Lucas Kello, the director of the University of Oxford's Academic Centre of Excellence in Cyber Security Research, told Recorded Future News last week: 'This is more than a company outage — it’s an economic security incident.'" Unite, a UK automotive workers union, has called for government support during the outage, much like the furlough schemes that supplemented salaries during the early months of the COVID-19 pandemic.
I have not seen any reliable information on the initial attack vehicle, but odds are high that social engineering/phishing of weak authentication succeeded in obtaining inside access, then exposed other essential security hygiene deficiencies, such as privilege management, network segmentation, log monitoring, etc. The scale of impact and ultimate cost of this makes it a good example to use if you are in manufacturing or anywhere else facing resistance to taking critical steps to raise the security bar.
Something to consider in your DR playbook is economic impacts of an outage. Ask if you need to provide for furloughed workers, and if so, how. You’ll want your union representatives in this conversation if applicable. There is probably less you can do for third party suppliers, but having the conversation with them is still a good move.
Here’s one where I bet the victim (JLR) wishes they could have a do-over on whether to pay the ransom. A month’s downtime as a result of a cybersecurity incident is a material loss for any company. Total losses have to be approaching half a billion dollars. Perhaps JLR will go on the cybersecurity speaking circuit afterwards; lots to learn from this incident.
This is an interesting twist on managing cyber risk in your supply chain. Our focus traditionally is on the risk posed by vendors and suppliers, however this incident demonstrates we need to also consider the cyber risk in relation to major clients and what impact a cyber incident on them will have on our own businesses.
The Record
The Register
The Record
The Register
Google has released an update to address a zero-day vulnerability in Chrome; this is the sixth zero-day Chrome vulnerability Google has addressed this calendar year. The high-severity type-confusion flaw in the V8 JavaScript and WebAssembly engine (CVE-2025-10585) is one of four security issues addressed in the most recent update to Chrome. The others are also high-severity: a use after free issue in Dawn (CVE-2025-10500); a use after free in WebRTC (CVE-2025-10501); and a heap buffer overflow in ANGLE (CVE-2025-10502). The zero-day issue (CVE-2025-10585) was detected and reported by the Google Threat Analysis Group (TAG). Two of the flaws were reported by third-party entities, and the fourth was detected by Google's Big Sleep AI Agent. Users are urged to ensure their systems have been updated to Chrome 140.0.7339.185/.186 for Windows/Mac, and Chrome 140.0.7339.185 for Linux.
Perhaps you were wondering why the update prompt appeared in Chrome browsers Wednesday. CVE-2025-10585, JavaScript type confusion flaw, has a published exploit and is being targeted. Fortunately, a fixed version is published. Given the excitement, you should at least know where the fix is and isn’t deployed today, and better still, get it deployed before the weekend.
Users by now should be in the habit of restarting their browser on a daily basis. And while you’re at it, run the Chrome safety check. I’m not sure it can get much easier.
The Register
Help Net Security
The Hacker News
BleepingComputer
SecurityWeek
GoogleBlog
Researchers from JFrog Security have discovered a group of four vulnerabilities in the Chaos-Mesh Chaos engineering platform. The vulnerabilities, which have been dubbed Chaotic Deputy, "can be easily exploited by in-cluster attackers to run arbitrary code on any pod in the cluster, even in the default configuration of Chaos-Mesh" and take control of Kubernetes clusters. Users are urged to update to Chaos-Mesh version 2.7.3. Frog writes, "Chaos-Mesh is a Cloud Native Computing Foundation incubating project that brings various types of fault simulation to Kubernetes and has an enormous capability to orchestrate fault scenarios. Some managed Kubernetes service platforms support Chaos-Mesh and integrate it as part of their fault injection services, such as Azure’s Chaos Studio for AKS."
There are four CVEs here, three with a CVSS score of 9.8. CVE-2025-59358 has a score of 7.5. The attack involves chaining CVE-2025-59359, CVE-2025-59360, CVE-2025-59361, or with CVE-2025-59358 to perform remote code execution. Challenge your staff to see how rapidly they can deploy the update, restrict access to the Chaos-Mesh controller and API server until that’s applied, then look at controlling that access long term to minimize risks.
Microsoft and Cloudflare have worked together to take down the operational infrastructure that supported the RaccoonO365 phishing network. Microsoft's Digital Crimes Unit (DCU) obtained a court order allowing them to seize websites related to the RaccoonO365 subscription-based phishing operation, which is tracked by Microsoft as Storm-2246. According to Cloudflare's write-up, "The campaign's primary attack vector was phishing kits designed to steal Microsoft 365 credentials. The kits used a simple CAPTCHA page and anti-bot techniques to evade analysis and appear legitimate to victims." The phishing kits have been used to steal Microsoft credentials in more than 90 countries.
This service cost about $365/day and could target 9,000 users per day with lures to circumvent two-factor authentication involving email, login and CAPTCHA services. A reminder to keep an eye on the latest attack/phishing techniques as well as keep your MFA implementation optimized, which may require some upgrades.
(Whack that mole.)
The Record
CyberScoop
Dark Reading
The Hacker News
BleepingComputer
Microsoft
Cloudflare
Google recently detected and disabled a fraudulent account created in its Law Enforcement Request System (LERS), which the company maintains for official data requests from police and intelligence agencies including subpoenas, court orders, and emergency disclosure requests. This confirmation follows a threat actor's social media post offering screenshots as proof of access to Google's LERS platform and the FBI National Instant Criminal Background Check (NICS eCheck) system. The FBI has not commented. While Google states "no requests were made with this fraudulent [LERS] account, and no data was accessed," no information has been disclosed on how a threat actor was able to fraudulently access the system.
The account was claimed by the Scattered Lapsus$ Hunters gang, who are claiming to go dark after the announcement, and appear to be linked to the groups exploiting SalesForce this year. This is the latest salvo in what appears to be taunts aimed at law enforcement and Google Threat Intelligence, who have been a thorn in their side. One hopes the post results in process improvements for the FBI and Google to prevent recurrence and detect other imposters.
Hopefully this is a one-time screw-up by Google with a rapid response. But it does point out two things: (1) Some apps require more attention to security than others; and (2) Don’t assume your suppliers consider their connection to you to be in category (1). Only trust what you verify.
If you build it, they will come. Any system like this is a huge target and must be protected accordingly.
One finds it hard to imagine a more sensitive account initialization and management application than this. An individual must be both sponsored and terminated by a legitimate agency.
The US House Appropriations Committee has introduced a bill that would extend two pieces of cybersecurity legislation, pushing their expiration from September 30 to November 21, 2025. The 2015 Cybersecurity Information Sharing Act (CISA 2015, not to be confused with the Cybersecurity and Infrastructure Security Agency), is characterized as "bedrock law," and establishes protections and voluntary procedures for the sharing of cyber threat information between private organizations and the federal government. Under CISA 2015, federal agencies must develop procedures for sharing threat indicators and defensive measures with the private sector; private organizations are authorized to conduct comprehensive network monitoring and are protected from liability doing so, except in enacting defensive measures; and information shared within the act's rules is "protected from the waiver of any evidentiary privilege when information is shared under the Act, limits on the government’s ability to use shared information for regulatory enforcement, and liability limitations." The second measure, the State and Local Cybersecurity Grant Program (SLCGP), was established in 2021 and Congress appropriated $1 billion to be distributed in grants over four years "to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments." The House Homeland Security Committee previously proposed ten-year extensions that have not yet reached the House floor, and the Senate Homeland Security Committee will address its own version including possible revisions.
If passed, the legislation extends CISA 2015 ten years. SLCGP had $91 million in grants available for state and tribal governments to implement cyber improvements for FY25. If you need funding for a state or tribal initiative, seize the opportunity.
Let’s hope the Continuing Resolution passes quickly that enables the House and Senate time to settle differences on CISA 2015. What’s disappointing is that Congress knew both were up for renewal months ago and, well, politics came into play.
US House Appropriations
CISA
Nextgov/FCW
The Record
WilmerHale
On Wednesday, September 17, 2025, after a year of debate, Italy's parliament approved the first law by an EU member state to comprehensively regulate AI, maintaining consistency with the EU Artificial Intelligence Act. The law's stated aim is human-centric, to protect citizens' rights and safety from possible harm from misuse of AI, regulating use in healthcare, justice, and education, and mandating transparency about AI use in the workplace. The law also lays out prison sentences of one to five years for generating and distributing certain malicious content, such as deepfakes, and specifies harsher penalties for use of AI in fraud, theft, and money laundering. Children under 14 must get parental consent before accessing AI. "On copyright, works created with AI assistance are protected if they result from intellectual effort, while AI-driven text and data mining is allowed only for non-copyrighted content or scientific research by authorised institutions." Oversight and enforcement will be spread across several government agencies and authorities, who must develop a national AI strategy, and €1 billion (US$1.18 billion) has been approved for investment in AI, cybersecurity, and telecommunications companies. The following day, a panel of four experts testified before the US House Judiciary Subcommittee on Courts, Intellectual Property, Artificial Intelligence, and the Internet, on the subject of US federal regulation of AI. The experts, David A. Bray, Kevin Frazier, Neil Richards, and Adam Thierer, representing universities and think tanks with expertise in technology, politics, law, and AI, gave "differing perspectives" but agreed at large that some kind of federal framework for regulating AI is necessary, and that innovation must be balanced with responsible development and oversight.
“Regulating AI” is a term guaranteed to meet resistance in many countries. “AI safety requirements” is probably a better marketing term to make progress. No one objects to laser beam safety requirements to enable that technology to be used in medical applications, for example. Unprotected use and misuse of AI poses risks to both financial and physical health.
This law also addresses copyright and aims to restrict AI from infringing on otherwise copyrighted works, which is tricky even for humans, and needed. Keep an eye out for other nations to pass similar legislation. With the impact of AI, don’t expect a lot of time to see how this works for others before enacting similar legislation.
Attempting to regulate AI is fraught with peril as it seems to be everywhere these days. Perhaps a better approach is establishing simple rules for its safe use. Granted, defining what is ’safe use’ will tie up government and think tanks for years.
Well done to Italy, and indeed the EU, for introducing regulations to protect people from AI companies abusing their data and their copyright material, and regulating against the use of AI for scams and fraud. Too often in the past we have let technology lead the way while regulators try and catch up. However, in most cases by the time regulations and laws are in place the damage has already been done. People are more important than profits for tech companies and its good to see governments realise this.
The Cyberspace Administration of China (CAC) has announced new National Cybersecurity Incident Reporting Management Measures that will require some incidents to be reported within an hour. The new rules, which apply to network operators, include an incident classification guide with threshold indicators for disruption, cost, and potential threats to national security or "social stability." The operators will be required to provide specifics about the incident: type of incident, attack timeline, which systems were affected, damage assessment, causes, and steps taken to manage it. They will also be required to submit an evaluation within 30 days of the incident, describing the causes of the incident and lessons learned. Operators who fail to report an incident, or withhold or falsify information in their reports will face severe penalties. The new rules take effect on November 1, 2025.
The scope and applicability is tricky. The one hour notice is for state information service providers’ portals and national news sites experiencing “Particularly Serious” events, the most serious of the four defined event categories, which result in interruptions over 24 hours, except for critical information infrastructure where the threshold is 6 hours. It’s not clear if service providers will know within an hour how long the service interruption will be. Given the threat of penalties incurred for not reporting, this will likely result in incomplete or inaccurate/false reports which will need correction later, or even worse, hiding of incidents which aren’t ready to report in this timeline.
Obviously an aggressive goal, and only one step away from requiring real time government surveillance. But, critical network services and platforms that have economic impact should have tighter requirements for time to detect and time to report than individual systems have.
Reporting within an hour makes no sense. Depending on the penalties associated with this, this may likely lead to overreporting of unconfirmed incidents.
This is an impossibly tight window within which to report an incident with any sort of accuracy. When incident response teams need to worry about reporting deadlines rather than dealing with the incident the only people who gain are the attackers.
Ok, that’s a new low for cyber incident reporting and makes the de facto 72 hour metric seem simply leisurely. What’s more impressive, or not, is that there is no easing into the new rules, which are effective in 45 days. This is certainly one approach to raising cyber security awareness and perhaps enabling government surveillance.
Interesting approach; all reportable incidents are not the same. However, the shorter the time limit for reporting, the more false positives one must expect. This system will likely require some tuning.
SANS Internet Storm Center StormCast Friday, September 19, 2025
Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day
https://isc.sans.edu/podcastdetail/9620
Exploring Uploads in a Dshield Honeypot Environment
This guest diary by one of our SANS.edu undergraduate interns shows how to analyze files uploaded to Cowrie
https://isc.sans.edu/diary/Exploring+Uploads+in+a+Dshield+Honeypot+Environment+Guest+Diary/32296
SonicWall Breach
SonicWall “MySonicWall” accounts were breached via credential brute forcing
DeepSeek Bias
Cloudflare found significant biases in code created by the Chinese AI engine DeepSeek. Code for organizations not aligned with China’s politics contained significantly more bugs
https://www.washingtonpost.com/technology/2025/09/16/deepseek-ai-security/
Google Chrome 0-day
Google fixed an already-exploited vulnerability in Google Chrome
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
SANS Internet Storm Center StormCast Thursday, September 18, 2025
DLL Hooking; Entra ID Actor Tokens; WatchGuard and NVidia Patches
https://isc.sans.edu/podcastdetail/9618
CTRL-Z DLL Hooking
Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries.
https://isc.sans.edu/diary/CTRLZ+DLL+Hooking/32294
Global Admin in every Entra ID tenant via Actor tokens
As part of September’s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema, has published a blog post showing how this vulnerability could have been exploited.
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242
WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
NVidia Triton Inference Server
NVIDIA patched critical vulnerabilities in its Triton Inference Server.
https://nvidia.custhelp.com/app/answers/detail/a_id/5691
SANS Internet Storm Center StormCast Wednesday, September 17, 2025
Phishing Resistance; More npm Attacks; ChatGPT MCP abuse
https://isc.sans.edu/podcastdetail/9616
Why You Need Phishing-Resistant Authentication NOW.
The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a “simple” phishing email can be.
https://isc.sans.edu/diary/Why+You+Need+Phishing+Resistant+Authentication+NOW/32290
S1ngularity/nx Attackers Strike Again
A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories.
https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again
ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
ChatGPT’s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP.
Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.
Browse ArchiveWebcast | 2025 Attack Surface & Vulnerability Management Survey: Hackers Don’t Wait—Why Should We? | Wednesday, October 22, 2025 at 10:30 AM ET See what your peers are prioritizing in 2025 and benchmark your defenses against industry realities.
Webcast | SANS CloudSecNext Summit Solutions Track 2025 | Friday, October 3, 2025 at 10:00AM MT Get practical, tested approaches from practitioners who've solved today's toughest cloud security challenges.
eBook: Securing The Cloud: Persistent Challenges, Emerging Threats, and The Rise of AI Defense Explore real-world strategies and insights from AWS, Google Cloud, Microsoft, and SANS leading experts to tackle today's toughest cloud security challenges.
2025 Fall Cyber Solutions Fest | Tuesday-Thursday, November 4-6, 2025 Walk away with actionable strategies from world-leading experts to strengthen defenses in every domain of cyber.