Listen to this Post

Introduction
The digital world is no longer a hidden battlefield—it has become an open arena where cities, corporations, and individuals face unprecedented cyber threats. This week’s SecurityAffairs newsletter captures the intensity of that reality, highlighting everything from million-dollar scams to AI-powered exploits. Governments are scrambling to respond, corporations are bracing for losses, and ordinary users remain exposed as cybercriminals evolve faster than defenses. What stands out most is the diversity of attacks: financial fraud, malware campaigns, AI misuse, and geopolitical cyber warfare all converging into one overwhelming storm.
the Original
A Baltimore scam dominated headlines after fraudsters stole \$1.5 million by spoofing a city vendor. Meanwhile, a malvertising campaign on Meta expanded to Android devices, spreading advanced crypto-stealing malware worldwide. Security teams also flagged Scattered Spider’s new tactics targeting help desks, emphasizing overlooked vectors of attack.
The Salesloft breach continues to cause fallout, with hackers issuing an ultimatum to Google after a related data exposure. Cybercriminals also abused X’s Grok AI to bypass ad protections, spreading malware to millions of unsuspecting users.
On the malware front, researchers uncovered MystRodX, a stealthy dual-mode backdoor, while Ethereum smart contracts were found pushing malicious code through npm. Another campaign from Colombia was exposed with AI-driven analysis, and an AMOS stealer variant hit macOS users through cracked apps.
Hacking incidents surged: attackers exploited Salesloft Drift integrations to compromise Salesforce, and Cloudflare blocked a record 11.5 Tbps DDoS attack. Reports also highlighted Hexstrike-AI, an alarming blend of zero-day exploitation and large language models. Critical vulnerabilities like CVE-2025-53149, a heap overflow in Kernel Streaming drivers, added to the concerns.
Geopolitics played its role with Lazarus APT attacks leveraging ClickFix, APT37 targeting South Korea, and suspected Russian GPS interference affecting EU leadership flights. The U.S. offered \$10 million bounties for three Russian hackers tied to energy firms, while APT28 expanded its arsenal with NotDoor malware and Gamaredon ramped up attacks on Ukrainian agencies. Analysts also continued dissecting Russia’s cyber strategy in the ongoing digital cold war.
In broader cybersecurity news, scientists created a social network populated entirely by bots, exposing bizarre online dynamics. Regulatory updates included new cyber requirements in the EU Space Act, while corporations like Jaguar Land Rover and Qantas admitted major operational disruptions due to cyberattacks. Finally, Salesforce faced scrutiny after third-party Drift app incidents created more supply chain headaches.
What Undercode Say:
This week’s roundup paints a picture of cybersecurity chaos—but chaos with patterns worth dissecting.
The Baltimore scam shows the fragility of municipal cybersecurity, where even basic vendor validation is lacking. Local governments, often underfunded, are prime targets for social engineering scams because they manage large public budgets but lack enterprise-grade defense systems. This is not a one-off case; it reflects a systemic weakness across cities worldwide.
The malvertising campaign spreading to Android signals the expansion of attack surfaces through mobile ecosystems. Crypto theft is becoming the cybercriminals’ equivalent of armed robbery—fast, scalable, and anonymous. With billions of Android devices worldwide, this shift will hit emerging markets hardest, where outdated phones and weak regulation create fertile ground for attackers.
The Salesloft breach and ultimatum to Google demonstrate how supply chain vulnerabilities ripple through tech giants. Even companies with advanced defenses are only as strong as their weakest integrated partner. This validates concerns that supply chain attacks are the new front line of cyberwarfare.
The abuse of X’s Grok AI raises alarm over the weaponization of generative AI in real-time attacks. By exploiting AI systems designed for trust and engagement, hackers gain a powerful vector for mass malware distribution. This trend foreshadows a future where AI-driven platforms inadvertently become cybercrime accelerators.
The rise of AI-assisted malware campaigns, such as MystRodX and Hexstrike-AI, points to the fusion of automation and exploitation. Criminals no longer need massive teams—they can weaponize AI to identify vulnerabilities, write malware, and disguise operations faster than defenders can react. Security researchers will need to rely on defensive AI just to keep pace.
On the geopolitical front, Lazarus, APT28, and APT37 remind us that state-backed groups operate on longer timelines. These are not smash-and-grab heists; they are calculated campaigns shaping national security. Russia’s suspected GPS jamming of EU aircraft demonstrates that cyberwarfare is bleeding into physical space, creating risks to civilian safety.
Corporate fallout—Jaguar Land Rover and Qantas—shows how cyberattacks have direct financial and operational costs, beyond reputational damage. Disrupted production lines and grounded flights translate into millions of dollars lost, showing that cybersecurity is no longer just an IT issue but a boardroom crisis.
Lastly, the creation of a bot-only social network serves as a disturbing experiment in how easily digital ecosystems can spiral out of control without human anchors. If attackers flood platforms with AI-driven bots, the concept of trust online may become meaningless.
Overall, these incidents highlight a triple convergence: financial scams targeting cities, AI exploitation shaping cybercrime, and state-backed cyber operations escalating global tensions. The defenders’ challenge is not just technological—it is organizational, geopolitical, and societal.
🔍 Fact Checker Results
✅ Baltimore’s \$1.5M scam has been verified by multiple outlets, including local government disclosures.
✅ Cloudflare did confirm blocking an 11.5 Tbps DDoS attack, one of the largest recorded.
❌ No conclusive evidence yet links Russia officially to Ursula von der Leusd’s GPS disruption incident.
📊 Prediction
Cyberattacks will increasingly merge AI-driven automation with geopolitical objectives, creating threats that spread faster and hit harder than ever before. In the next 12 months, we will likely see nation-state groups deploying AI to amplify disinformation and disruption campaigns, while financially motivated hackers pivot to AI-powered scams targeting municipalities and corporations. The line between cybercrime and cyberwarfare will blur even further.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: securityaffairs.com
Extra Source Hub:
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




