ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Realistic illustration hooded figure dimly lit room computer ghostly faces deepfakes code flaws
#
CASB
#
IAM
#
Risk & Compliance

Cyberattacks exploit AI tools, deepfakes & critical software flaws

Wed, 8th Oct 2025
Author image
By Sean Mitchell, Publisher

Recent disclosures of software vulnerabilities and surge in cyberattacks continue to put organisations on alert as attackers exploit weaknesses across a range of enterprise tools including Chrome extensions, AI platforms, identity authentication systems and enterprise resource planning suites.

Malicious browser extensions

Cybersecurity researchers have identified a new campaign that distributes fake Chrome extensions, masquerading as artificial intelligence tools. These extensions hijack user prompts entered into the Chrome search bar and redirect them to attacker-controlled domains. The approach not only enables tracking of user search activity but also demonstrates how browser add-ons can serve as vectors for harvesting sensitive information outside the purview of standard IT security controls.

Davit Asatryan, Vice President of Research at Spin.AI, commented on this development, stating that the use of AI-themed extensions by malicious actors underscores how quickly adversaries can leverage emerging trends to circumvent defences and erode trust.

"Malicious AI-themed extensions show how attackers are quick to exploit hype to bypass user trust and enterprise defenses. What many don't realize is that browser extensions can act like shadow IT, silently harvesting sensitive data. Organisations should treat extensions as part of their attack surface and implement continuous risk monitoring to prevent these threats before they spread."

Privilege escalation in AI platforms

A severe privilege escalation vulnerability (CVE-2025-10725, CVSS 9.9) has been disclosed in Red Hat's OpenShift AI service, an environment for managing predictive and generative AI models across hybrid clouds. The flaw enables a low-privileged authenticated user to gain cluster-wide administrative rights, which may lead to data exfiltration and disruption of critical services. While classified as "Important" by Red Hat due to the requirement for authenticated access, the company acknowledged that the issue impacts the confidentiality, integrity, and availability of the entire cluster.

Gunter Ollmann, Chief Technology Officer at Cobalt, emphasised the risks created by the aggregation of data and compute in AI platforms.

"AI platforms are rapidly becoming high-value targets because they combine sensitive data, critical infrastructure, and powerful compute in one place. This vulnerability shows how even a low-privileged role can become a launchpad for full control of an AI environment if privilege boundaries aren't enforced. While authenticated access may sound like a barrier, in real-world environments credentials are often shared, phished, or exposed through weak operational practices."

Wade Ellery, Chief Evangelist and IAM Strategy Officer at Radiant Logic, observed that the failure to enforce robust privilege restrictions continues to expose organisations. "Account compromise is table stakes," Ellery noted, urging that monitoring, alerting, and remediation are essential given that user accounts may already be at risk.

Deepfake injection and biometric security

Reports have drawn attention to a proof-of-concept deepfake injection tool for iPhones, with concerns raised about potential identity theft through synthetic media. The tool operates on jailbroken iOS devices, bypassing camera sensors by injecting frames directly into the capture process-a technique distinct from traditional presentation attacks that attempt to fool the device using external imagery.

Ralph Rodriguez, President and Chief Product Officer at Daon, explained, "A presentation attack tries to fool the camera lens with a printed photo, a mask, or a replay on a screen. Injection attacks, on the other hand, bypass the lens entirely by inserting synthetic frames directly into the capture pipeline." Rodriguez also pointed out that biometric identity systems must employ layered security checks, including device attestation and session binding, to mitigate risks posed by rooted or jailbroken devices across mobile and desktop environments.

Extortion campaigns targeting enterprise systems

An extortion campaign has emerged in which attackers claim to have accessed sensitive data from Oracle's E-Business Suite and are threatening executives with the release of personal and financial details. The targeting of C-suite leaders reflects a broader trend where threat actors pursue those perceived as the most vulnerable pressure points within an organisation.

Dr Chris Pierson, Chief Executive of BlackCloak and former cybersecurity official, commented, "Extortion attempts like this highlight the reality that executives are increasingly being singled out as the soft underbelly of the corporation for cybercriminals." He further noted the continued targeting of third-party vendor systems, and the imperative to include digital executive protection within any comprehensive security strategy.

Data management and ransomware defence

During Cybersecurity Awareness Month, attention has turned to the importance of data visibility and the role of well-governed backups in defending against ransomware. Carl D'Halluin, Chief Technology Officer at Datadobi, described the need for what he calls a "golden copy"-an immutable, secure backup. However, D'Halluin stressed that true resilience requires a holistic approach involving discovery, classification, and management of data distributed across an organisation's environment. "You can't protect what you don't know exists," D'Halluin said, encouraging investment in intelligent data management systems to reduce risk.

Critical Redis vulnerability exposed

A newly disclosed vulnerability in Redis, known as RediShell (CVE-2025-49844), has left up to 60,000 unauthenticated Redis servers exposed to remote code execution. The flaw, present in code for over a decade, is rooted in a use-after-free issue within the Redis Lua interpreter. The severity of risk is heightened for systems that are misconfigured or lack sufficient segmentation, potentially enabling attackers to compromise identity and access infrastructure.

Anders Askasen, Vice President of Product Marketing at Radiant Logic, noted, "Thirteen years of latent risk surfaced because default settings and weak segmentation went unobserved. When foundational services like Redis run unauthenticated or exposed, they create invisible attack paths that can pivot directly into identity and access systems." Askasen underscored the necessity of "real-time visibility, control validation, and remediation" for detecting and managing such vulnerabilities efficiently.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Deloitte & Databricks partner to boost NZ organisations with AI
Fusion5 buys Kordia’s managed IT business
Westcon-Comstor expands Nutanix distribution in New Zealand
CrowdStrike & CoreWeave unite to secure advanced AI cloud workloads
CrowdStrike expands Falcon with mission-ready agents for AI security

Top stories

Why culture and collaboration matter more than ever in IT partnerships
Check Point scores 99.59% in top firewall security report by NSS
Securing the modern meeting room from hidden cyber risks
Geraldton Fishermen's taps Microlise for AI-driven supply chain
DE-CIX predicts AI revolution in finance, healthcare & industry by 2026