Weekly Cybersecurity Recap - 22 September 2025

Introduction

Last week brought a mix of alarming cyber incidents and emerging threats. A major cyberattack on European airports disrupted flights across the region, underscoring the fragility of critical infrastructure. At the same time, researchers revealed the world’s first AI-powered ransomware variant, capable of adapting its behavior on the fly - a glimpse into how artificial intelligence is reshaping the threat landscape. Microsoft was also in the spotlight after disclosure of a critical Azure Entra ID flaw that could have put countless organizations at risk. From phishing-as-a-service operations targeting hundreds of brands to new malware campaigns against macOS and Ivanti products, the week highlighted how attackers are moving faster, getting smarter, and exploiting every gap in security.

AI and Emerging Threats

'ShadowLeak' ChatGPT Attack Allows Hackers to Invisibly Steal Emails

Researchers at Radware revealed a loophole that lets attackers exfiltrate sensitive Gmail data via ChatGPT without leaving traces on enterprise systems. They discovered the flaw earlier this spring, demonstrating how deeply integrated AI platforms can become a new entry point for data theft.

First AI-powered virus prompts experts' call to boost cybersecurity

The world’s first AI-powered virus, PromptLock, has emerged - encrypting files and demanding ransom while adapting its behavior each time it runs. Built on open-source AI, it can target Windows, macOS, and Linux, prompting urgent calls for enhanced defenses before future iterations become more destructive.

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

SentinelOne researchers presented MalTerminal, the earliest known malware to directly integrate LLM capabilities, at LABScon 2025. The malware demonstrates how generative AI can be embedded into attack tools to create ransomware, establish reverse shells, and evade detection with adaptive tactics.

Cloud and Identity Security

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A severe Microsoft authentication vulnerability tracked as CVE-2025-55241 could have compromised virtually every Entra ID tenant worldwide. While patched before disclosure, researchers noted it had a CVSS rating raised to 10.0, underscoring the risk of catastrophic exploitation if it had been weaponized.

Attacks and Exploits

Cyberattack Disrupts More Flights Across Europe

A cyberattack on Collins Aerospace software disrupted check-in systems at several major European airports, extending into a second day of cancellations and delays. The attack highlighted vulnerabilities in aviation’s interconnected systems, with fears that further disruption could follow.

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency detailed how attackers are actively exploiting two Ivanti EPMM flaws to deploy malware in enterprise environments. The report warns organizations to patch immediately, as the malware families identified indicate advanced, persistent campaigns.

Phishing and Fraud

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

Netcraft researchers linked the Lighthouse and Lucid phishing-as-a-service platforms to over 17,500 domains imitating 316 brands across 74 countries. These PhaaS kits come with ready-to-use templates and subscription models, making phishing campaigns more accessible than ever to criminals.

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

Threat actors are distributing malware via fake GitHub repositories that mimic widely used software. Victims unknowingly download programs laced with the Atomic Infostealer, designed to exfiltrate credentials and sensitive data from macOS systems.

UAE Cybersecurity Council warns of virtual meeting scams

The UAE Cybersecurity Council warned that weakly secured online meeting links are being hijacked by cybercriminals. These intrusions allow attackers to access and steal sensitive files exchanged during video conferences, underscoring the risks of remote collaboration tools.