Welcome to your daily cybersecurity briefing.
The UK’s NCSC has released critical guidance regarding Generative AI security, warning that treating Prompt Injection like SQL Injection is a dangerous misconception. Unlike traditional databases, LLMs lack a rigid boundary between instructions and data, creating an “Inherently Confusable Deputy” problem. The agency advises that the only effective mitigation is architectural: strictly restricting the privileges of tools accessible by the AI, rather than relying on input filters.
A critical authentication bypass vulnerability has been discovered in the Ruby SAML library. Tracked as CVE-2025-25293, the flaw allows attackers to exploit XML parsing differences to forge valid signatures via XML Signature Wrapping. Organizations relying on this library for Single Sign-On must upgrade to version 1.18.0 immediately to prevent unauthorized access.
Polish police have arrested three Ukrainian nationals in Warsaw found in possession of sophisticated hardware hacking equipment, including Flipper Zero devices, radio antennas, and counter-surveillance tools. The seizure points to potential “Close Access” operations targeting critical defense infrastructure and telecommunications networks physically.
Threat actor Storm-0249 is escalating its tactics, shifting from simple access brokerage to advanced ransomware preparation. The group is now employing “ClickFix” social engineering and DLL side-loading techniques—specifically targeting SentinelOne agents—to steal system identifiers (MachineGuid) and maintain persistence.
Swiss hosting provider Infomaniak has launched “Euria,” a sovereign AI alternative to US-based models. Hosted in Switzerland and powered by renewable energy, the platform guarantees that user data is never used for model training, offering a compliant solution for handling sensitive enterprise data without Cloud Act exposure.
The Australian Signals Directorate (ASD) is warning of a global surge in Infostealer malware activity. These threats are evolving beyond credential theft to mass-exfiltrate session cookies, effectively bypassing Multi-Factor Authentication (MFA) and serving as a primary entry vector for corporate network breaches.
Finally, a reminder that today is the last Patch Tuesday of the year. Expect critical updates from Microsoft and Adobe later today.
Don’t Think – Patch Now!
Sources:
- NCSC UK: https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection
- CyberPress: https://cyberpress.org/critical-ruby-saml-flaw/
- Warsaw Police: https://srodmiescie.policja.gov.pl/rs/aktualnosci/145521,Podrozowali-po-Europie-z-detektorem-urzadzen-szpiegowskich-i-sprzetem-hakerskim.html
- Security Affairs: https://securityaffairs.com/185480/cyber-crime/polish-police-arrest-3-ukrainians-for-possessing-advanced-hacking-tools.html
- The Hacker News: https://thehackernews.com/2025/12/storm-0249-escalates-ransomware-attacks.html
- GoodTech: https://goodtech.info/euria-ia-gratuite-suisse-alternative-chatgpt-chauffage/
- Cyber.gov.au (ASD): https://www.cyber.gov.au/about-us/view-all-content/news/information-stealers-are-on-the-rise-are-you-at-risk
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com