The Call Is Coming from Inside the House

This week on Dragon News Bytes, Eli Woodward and Will Baxter break down the operational fires you need to fight now and the emerging AI threats targeting your internal guardrails. We cover the critical FortiSIEM zero-day RCE, the rise of AI prompt injection attacks across Microsoft Copilot and Salesforce, and the massive 58% year-over-year surge in ransomware victims. Plus, we discuss the strategic impact of the Red VDS infrastructure takedown and our upcoming global event schedule.

Topics & References:

Part 1: Emerging Threats

• FortiSIEM Zero-Day RCE (CVE-2025-64155): Critical remote code execution via the pH monitor service. If you use FortiSIEM, restrict TCP port 7900 immediately.

• Read more: https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/
  

• Red VDS Infrastructure Takedown: Microsoft’s disruption of a major "bulletproof" virtual desktop service used for fraud and financially motivated phishing.

• Ransomware Surge 2026: A 58% increase in publicly posted victims compared to 2024, with 124 active groups now tracked globally.

Part 2: Emerging AI Threats

• AI Honeypot Findings: Discovery of automated scanning for Open LLM endpoints (Claude, ChatGPT, Ollama) originating from a single German source. 

• AI Prompt Injection Attacks: New research into malicious prompts embedded in links that can hijack AI agents in Microsoft Copilot, Salesforce, and ServiceNow to steal user tokens and secrets.

• Read more: 

• https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/

• https://www.varonis.com/blog/reprompt
  

• The Three Pillars of AI Security: A strategic framework for defending from AI attacks, defending the AI your organization uses, and defending using AI tools.

• Read more: https://www.pillar.security/blog/the-agent-security-paradox-when-trusted-commands-in-cursor-become-attack-vectors

Events & Community:

• SANS CTI Summit Happy Hour (Arlington, VA): Join Team Cymru and OpenCTI on January 26th.
  

• RISE USA (San Francisco): February 17–19 at Stripe HQ.🔗 to register: https://go.team-cymru.com/rise-usa-2026
  

• Brews and Briefings (Minneapolis): Late February session focused on DPRK threat activity.🔗 to register: https://go.team-cymru.com/brews-briefings-minneapolis
  

• FS-ISAC Spring Summit (Orlando): March presentations on the latest fintech threats.🔗 to register: https://www.fsisac.com/events/2026-americas-spring
  

• RISE Ireland (Dublin): April 14–15 at Stripe Dublin.🔗 to register: https://go.team-cymru.com/rise-ireland

Connect with Us:

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru

• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb

Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.