Sunday, Jun 29, 2025 // (IG): BB // GITHUB // SN R&D
Anthropic Study Warns AI Could Automate Key Functions of 80% of U.S. Jobs
Bottom Line Up Front (BLUF): AI research firm Anthropic has released a study warning that generative AI could potentially automate essential tasks across 80% of U.S. jobs, with high-risk sectors including finance, law, marketing, and software development. The study emphasizes the urgency of policy planning and workforce adaptation.
Analyst Comments: Anthropic’s findings reflect growing concerns that generative AI is not just a productivity enhancer but a disruptive force in the labor market. While full job displacement may not be imminent, partial automation of cognitive tasks—once considered AI-resistant—is already underway. The study supports a broader trend toward “task erosion,” where jobs evolve rather than disappear entirely. The results will likely fuel debates around universal basic income, AI governance, and education reform aimed at future-proofing the workforce.
FROM THE MEDIA: The researchers found that in nearly four out of five occupations, at least 25% of core tasks could be performed by current-generation AI. The analysis points to high automation potential in roles involving writing, analysis, coding, and decision-making support. The report stops short of predicting total job losses but warns that large-scale job redesign will be necessary. It calls for proactive policymaking, worker retraining initiatives, and safeguards against unchecked automation driven by economic incentives.
READ THE STORY: The Register
EagleSpy v5 RAT Promoted on Dark Web for Stealthy Android Surveillance and Control
Bottom Line Up Front (BLUF): A new version of the Android-based EagleSpy Remote Access Trojan (RAT), known as v5, is being actively promoted on dark web forums. The malware offers stealthy surveillance capabilities, including screen recording, microphone access, keylogging, and exfiltration of personal data.
Analyst Comments: Its stealth features, such as hiding app icons and bypassing battery optimization alerts, make it particularly dangerous for long-term surveillance. While the current distribution appears tied to social engineering and trojanized apps, it could easily be adopted by cybercriminals or state actors for espionage. Mobile users and enterprises must treat APK sideloading and unauthorized permissions as high-risk behavior and prioritize mobile threat defense solutions.
FROM THE MEDIA: Cybercriminals are marketing EagleSpy v5, an upgraded Android RAT, across underground marketplaces. The latest version offers a full suite of spying features, including call and SMS interception, GPS tracking, file theft, and remote command execution. The malware can disguise itself as a legitimate app and persist on the device while evading detection. Its creators advertise it as a low-detection, “plug-and-play” tool for cybercriminals seeking to target individuals, companies, or political figures. Security researchers warn that EagleSpy v5 is likely to appear in phishing campaigns, fake app stores, and cracked APK distributions in the coming months.
READ THE STORY: GBhackers
FBI Warns U.S. Airlines of Cyber Threat After Hawaiian Airlines Hit by Cyberattack
Bottom Line Up Front (BLUF): The FBI has issued a cybersecurity alert to U.S. airlines following a cyberattack on Hawaiian Airlines, which disrupted operations and delayed flights. The nature of the attack has not been disclosed, but federal authorities are investigating whether it is part of a broader targeting campaign against the aviation sector.
Analyst Comments: Airlines’ reliance on interconnected digital systems for scheduling, booking, and flight operations creates high-value targets for threat actors, whether financially motivated ransomware groups or nation-state actors testing infrastructure vulnerabilities. The FBI’s proactive industry-wide warning suggests concern about further coordinated attacks, making this a moment for urgent review of resilience strategies and cross-sector threat intelligence sharing.
FROM THE MEDIA: Hawaiian Airlines confirmed a cyberattack that disrupted services, delayed flights, and forced IT teams to implement emergency protocols. The FBI has since issued a cyber alert to other U.S. airlines, advising increased vigilance and collaboration with federal cybersecurity teams. Though the specific nature of the attack has not been disclosed publicly, the event has prompted broader concern across the transportation sector. No attribution has been made, but experts warn that criminal groups and state-backed actors have previously targeted airlines due to their operational and personal data assets.
READ THE STORY: The Independent
ESET Warns Cybercriminals Are Targeting NFC Data in New Wave of Contactless Payment Attacks
Bottom Line Up Front (BLUF): Security firm ESET has warned that cybercriminals increasingly target NFC (Near Field Communication) data in mobile payments and contactless cards. The attackers exploit vulnerabilities in poorly secured apps and devices to intercept or manipulate sensitive financial information.
Analyst Comments: As NFC becomes a dominant transaction method, especially in retail and transportation, cybercriminals adapt quickly to exploit its expanding use. This wave of NFC attacks could erode trust in mobile wallets if vendors fail to implement strong encryption, sandboxing, and runtime protections. Businesses and consumers alike should be wary of unofficial apps and ensure all firmware and software updates are applied promptly.
FROM THE MEDIA: These apps may request excessive permissions or exploit known OS-level flaws to capture transaction data or intercept tap-and-pay communications. The report highlights that attackers can clone contactless card data nearby using rogue readers. ESET advises that users restrict app permissions, disable NFC when not in use, and avoid downloading apps from unofficial sources. Businesses deploying NFC-enabled systems should apply secure coding practices and threat modeling.
READ THE STORY: GBhackers
Threat Actors Abuse New "FileFix" Method to Evade Ransomware Detection and Recovery
Bottom Line Up Front (BLUF): Cybersecurity researchers have uncovered a novel evasion technique dubbed “FileFix”, which threat actors use to bypass traditional ransomware defenses. The method manipulates file metadata and timestamps to evade detection, interfere with backup systems, and hinder recovery efforts.
Analyst Comments: The emergence of the FileFix method reflects a growing trend in ransomware operations—disrupting the recovery process, not just encrypting data. By tampering with system metadata and backups, attackers aim to undermine business continuity and force victims into paying ransoms. This technique highlights the increasing technical sophistication of ransomware groups and the urgent need for organizations to validate the integrity of their backups and detection systems beyond file content checks.
FROM THE MEDIA: FileFix is a newly identified technique used by ransomware operators to delay detection and increase the impact of attacks. The method involves modifying files’ metadata—such as timestamps, extensions, or header information—to make them appear untouched or recently restored. In some cases, attackers also tamper with Volume Shadow Copies and backup logs, complicating forensic analysis and slowing recovery. Researchers warn that current EDR and AV tools may not catch such subtle manipulations unless paired with behavioral monitoring. The tactic is now seen in multiple active ransomware campaigns, raising alarms across the incident response community.
READ THE STORY: THN
Citrix Warns of Active Exploitation of Critical NetScaler Vulnerability (CVE-2024-6235)
Bottom Line Up Front (BLUF): Citrix has issued an urgent security advisory for a critical vulnerability (CVE-2024-6235) in its NetScaler ADC and Gateway products, confirming that the flaw is actively exploited in the wild. The vulnerability allows unauthenticated remote attackers to execute code on unpatched appliances.
Analyst Comments: The active exploitation of CVE-2024-6235 underscores the high-value target that NetScaler appliances represent, especially in enterprise and government environments. As past incidents have shown (e.g., CitrixBleed), threat actors—including nation-state groups—are quick to weaponize flaws in widely deployed access infrastructure. Organizations should treat this as an urgent patching priority and review logs for signs of compromise. Delays in remediation could lead to initial access, lateral movement, or data exfiltration, particularly in environments where NetScaler is exposed to the Internet.
FROM THE MEDIA: The company urged administrators to apply the available firmware updates and implement mitigations immediately. The bug affects appliances configured as a gateway (VPN, ICA proxy, CVPN, or AAA virtual server) and may allow for unauthenticated code execution under certain conditions. Security researchers have warned that exploitation attempts are being observed in the wild, with attackers scanning for vulnerable instances across public IP ranges. Citrix has provided detection guidance and updated firmware to address the issue.
READ THE STORY: The Record
GiftedCrook Malware Evolves into Full-Featured Infostealer in New Cybercrime Campaigns
Bottom Line Up Front (BLUF): The GiftedCrook malware, initially known as a basic credential stealer, has evolved into a sophisticated info stealer capable of harvesting credentials, browser data, system information, and cryptocurrency wallet details. Threat actors are now deploying the enhanced variant in widespread campaigns across the financial, e-commerce, and enterprise sectors.
Analyst Comments: With features rivaling mature malware families like RedLine or Raccoon, its use in phishing and drive-by download campaigns poses a heightened threat to individuals and organizations. The malware's ability to evade detection through obfuscation and modular design indicates ongoing developer investment, possibly supported by cybercriminal groups offering it as malware-as-a-service (MaaS). Organizations must enhance endpoint telemetry and user awareness to defend against increasingly stealthy credential theft tools.
FROM THE MEDIA: Researchers have confirmed that the GiftedCrook malware has undergone significant upgrades, now offering data exfiltration capabilities targeting browsers, system profiles, crypto wallets, and cloud credentials. Delivered via phishing emails, cracked software, or malicious websites, the malware uses advanced anti-analysis techniques and code obfuscation to bypass detection. The updated version includes modular plug-ins, allowing operators to customize functions based on their target’s profile. Analysts report a surge in infections across North America, Europe, and parts of Asia, with a notable increase in targeting of small to mid-sized businesses and freelance developers.
READ THE STORY: GBhackers
Items of interest
Iranian-Backed Hackers Launch Cyber Campaign Following U.S. Military Strikes
Bottom Line Up Front (BLUF): Following recent U.S. military strikes, Iranian-backed hackers have ramped up cyber operations targeting U.S. government networks and critical infrastructure. Officials say the activity is part of a broader retaliatory campaign blending physical and digital warfare.
Analyst Comments: The shift from physical to digital targeting allows plausible deniability while still achieving strategic disruption. Sectors such as energy, transportation, and defense remain top targets, and the potential for supply chain compromise or destructive malware deployment should not be discounted. This reinforces the need for real-time threat intelligence and public-private cyber defense coordination.
FROM THE MEDIA: U.S. intelligence and cybersecurity officials have confirmed a surge in Iranian-linked cyber activity following American airstrikes on Iranian-backed militia targets. The hackers, believed to be affiliated with groups like MuddyWater and APT33, have targeted federal agencies and private contractors. Their tactics include spear-phishing, credential harvesting, and attempts to exploit unpatched systems. The cyber campaign appears to be retaliatory and coordinated, with federal agencies actively monitoring for further intrusions and issuing alerts to critical infrastructure operators. No major breaches have been confirmed publicly, but investigations are ongoing.
READ THE STORY: MSN
MuddyWater: Iran's Silent Cyberwarriors (Video)
FROM THE MEDIA: Dive deep into the shadowy world of MuddyWater, an Iranian Advanced Persistent Threat (APT) group. Known for its sophisticated cyber espionage campaigns, this group targets government, military, and critical infrastructure sectors worldwide. This documentary explores their operations, tactics, and the tools they use to infiltrate and exploit systems, including notable techniques tied to the MITRE ATT&CK framework.
Cyberwar With Iran: How Bad Could It Get? (Video)
FROM THE MEDIA: A full-scale cyberwar with Iran is unlikely. While Iran has some cyber capabilities—primarily wipers and DDoS attacks—it lacks the technical sophistication and time-intensive infrastructure access required for major industrial sabotage like targeting U.S. power grids. The most likely outcomes are limited disruption via data-wiping malware, targeted DDoS attacks, and widespread disinformation, not catastrophic infrastructure attacks.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.