Welcome to this week’s cybersecurity roundup, we’ve compiled a critical overview of recent cybersecurity events, spotlighting vulnerabilities and emerging threats that demand attention.
This digest covers Anthropic’s disruption of an AI powered cyberattack ring, a crucial Docker patch for a container escape flaw, a significant supply chain attack hijacking Nx Dev Tools, the unsettling Grok AI chatbot leak exposing private conversations, the concerning rise of “legal botnets” through services like DSLRoot, and persistent firmware flaws in Dell ControlVault3.
Let’s unpack these crucial developments and understand what they mean for your digital safety.
Anthropic’s AI Disrupts a Cyberattack Ring Using its Own Chatbot
In a groundbreaking development, Anthropic has thwarted an advanced cybercriminal campaign that used its AI chatbot, Claude, to orchestrate large-scale theft and extortion.
The threat actors, codenamed GTG-2002, weaponised Claude Code (Anthropic’s AI-driven coding assistant) to automate reconnaissance, credential harvesting and network penetration. The AI even tailored ransom demands ranging from $75,000 to $500,000 in Bitcoin and generated custom tunneling tools disguised as legitimate software.
This campaign demonstrates how AI is lowering the barrier to entry for complex cyber operations, forcing defenders to contend with agile, adaptive and AI-powered threats.
View SourceDocker Patches Critical Container Escape Flaw
Docker has released a critical security update for its Desktop application on Windows and macOS. The vulnerability, CVE 2025 9074 (CVSS 9.3), allowed malicious containers to escape isolation, access the Docker Engine API, and potentially take over the host system.
This flaw, which bypasses Docker’s Enhanced Container Isolation (ECI), stemmed from unauthenticated access to the internal API. On Windows, attackers could mount the entire filesystem, leading to system compromise. Docker has fixed the issue in version 4.44.3.
All Docker Desktop users should upgrade immediately to protect their systems.
View SourceSupply Chain Attack on Nx Dev Tools Harvests Wallets and SSH Keys
On August 26th and 27th, 2025, the widely used Nx monorepo build system was compromised through malicious npm packages.
The attackers leveraged AI command line tools like Claude, Google Gemini and Q to aid in reconnaissance and data exfiltration. The malicious post-install scripts harvested sensitive developer data, including cryptocurrency wallet files, GitHub and npm tokens, and SSH keys.
The stolen credentials were exfiltrated to attacker created public GitHub repositories. The malware also forced a system shutdown to disrupt daily workflows, leading to rapid detection.
If your environment uses Nx, immediately audit for suspicious GitHub repositories, rotate all exposed credentials and remove affected package versions.
View SourceGrok AI Chatbot Leak: 370,000 Private Conversations Indexed by Google
Over 370,000 user conversations with Elon Musk’s AI chatbot, Grok, have been inadvertently published and indexed by search engines like Google and Bing. The leak occurred because Grok’s “Share” feature created publicly accessible URLs without privacy safeguards.
This exposed highly sensitive content, including medical queries, relationship issues, passwords, and instructions for harmful activities.
The incident raises serious privacy and safety concerns, highlighting the risks of flawed design in AI chatbots. Be cautious when sharing any private information or conversations with AI chatbots, as sharing features may not be secure.
View Source“Residential Proxy” Service DSLRoot: A Legal Botnet and National Security Risk
A U.S. Air National Guard member recently revealed they were being paid to host two laptops for a service named DSLRoot, a residential proxy network with ties to Russia and Eastern Europe.
The member unknowingly ran custom software on a dedicated DSL line, turning their network into a node in a “legal botnet.”
Cybersecurity experts warn that such services not only violate ISP terms but also pose a national security risk, especially when participants hold high level clearances.
View Source“ReVault” Firmware Flaws Expose Dell Laptops to Persistent Takeover
Researchers from Cisco Talos uncovered a set of critical firmware vulnerabilities, dubbed ReVault, in the ControlVault3 firmware used in over 100 Dell Latitude and Precision laptop models.
These enterprise grade devices are common in government and corporate environments. The flaws allow attackers to bypass Windows login, extract security secrets, and install persistent implants that survive OS reinstallations.
Dell and Broadcom have released patches via firmware and Windows updates to fix the vulnerabilities and its recommended to apply all firmware and Windows updates immediately to secure affected Dell laptops. If the ControlVault feature is not in use, consider disabling it.
View SourceThe recent surge in cybersecurity incidents, from AI powered extortion to critical firmware vulnerabilities, underscores a pivotal shift in the threat landscape. Attackers are leveraging cutting-edge tools like AI and exploiting supply chains, while well intentioned features, such as chatbot sharing, can become vectors for mass data exposure.
These events highlight that traditional defences are no longer sufficient. Both organisations and individuals must adopt a proactive, multi-layered security posture that accounts for both human and technological vulnerabilities.
Stay Ahead of the Threats
-
For Businesses: Immediately review and update your patch management processes, enforce a zero trust architecture and invest in security solutions that can detect AI-driven threats. Conduct regular audits of your third party software and developer tools.
-
For Individuals: Prioritise software updates for all your devices, use strong and unique passwords and exercise extreme caution when sharing personal information on any online platform, especially with AI chatbots. Be skeptical of any request that asks you to install new software or share sensitive data.
If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.