Toggle light / dark theme

Experimental PromptLock ransomware uses AI to encrypt, steal data

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.

The malware uses OpenAI’s gpt-oss:20b model through the Ollama API to dynamically generate the malicious Lua scripts from hard-coded prompts.

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms.

According to the joint advisories [NSA, NCSC], Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruijie Network Technology Co. Ltd. have provided cyber products and services to China’s Ministry of State Security and the People’s Liberation Army, enabling cyber espionage operations tracked as Salt Typhoon.

Since at least 2021, the Chinese threat actors have breached government, telecommunications, transportation, lodging, and military networks worldwide, stealing data that can be used to track targets’ communications and movements worldwide.

Google to verify all Android devs to block malware on Google Play

Google is introducing a new defense for Android called ‘Developer Verification’ to block malware installations from sideloaded apps sourced from outside the official Google Play app store.

For apps on Google Play, there was already a requirement for publishers to provide a D-U-N-S (Data Universal Numbering System) number, introduced on August 31, 2023.

Google says this has had a notable effect in reducing malware on the platform. However, the system didn’t apply to the vast developer ecosystem outside the app store.

Silk Typhoon hackers hijack network captive portals in diplomat attacks

State-sponsored hackers linked to the Silk Typhoon activity cluster targeted diplomats by hijacking web traffic to redirect to a malware-serving website.

The hackers used an advanced adversary-in-the-middle (AitM) technique to hijack the captive portal of the network and send the target to the first-stage malware.

Google Threat Intelligence Group (GTIG) tracks the threat actor as UNC6384 and, based on tooling, targeting, and infrastructure, believes it is associated with the Chinese threat actor TEMP.Hex, also known as Mustang Panda and Silk Typhoon.

Nevada closes state offices as cyberattack disrupts IT systems

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday.

The impact of the attack was first felt on Sunday morning, with the Governor’s Technology Office stating that a ‘network issue’ began around 1:52 AM PT, affecting the state’s IT systems.

The Governor’s Technology Office warned that websites, online services, and phone lines could be slow or unavailable as teams worked to restore service.

Nissan confirms design studio data breach claimed by Qilin ransomware

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI).

This came in response to the Qilin ransomware group’s claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial documents, VR design workflows, and photos.

“On August 16, 2025, suspicious access was detected on the data server of Creative Box Inc. (CBI), a company contracted by Nissan for design work,” stated a Nissan spokesperson to BleepingComputer.

/* */