Brief #110: Microsoft 365 Exploit, 8M Developers At Risk, 47% Fear Cyber

Happy Sunday!

Cybersecurity officially claim the top spot as the biggest business challenge for 2025 - something we've all felt building over the past few years. What strikes me most is that despite this recognition, nearly half of organizations still don't feel prepared. There's clearly a gap between awareness and action that we need to bridge.

In this week's brief:

• A sneaky Microsoft 365 Direct Send vulnerability that's letting attackers send spoofed internal emails without compromising any accounts
• Survey data showing cybersecurity has become the #1 business concern globally, yet most organizations feel unprepared
• The ongoing debate about whether professionals should pay out-of-pocket for certification renewals when employers cut funding

Industry News

Threat Actors Exploit Microsoft 365 Direct Send Feature to Deliver Phishing Emails

• Varonis researchers discovered a phishing campaign targeting over 70 organizations by exploiting Microsoft 365's Direct Send feature, allowing attackers to send spoofed internal emails without needing to compromise accounts.

• The attack requires no authentication and bypasses typical email security controls by using PowerShell to send emails through the predictable smart host format (company-name.mail.protection.outlook.com) with forged sender addresses.

• Organizations can protect themselves by enabling "Reject Direct Send" in Exchange Admin Center, implementing strict DMARC policies, and flagging unauthenticated internal emails for review.

Critical Vulnerability in Open VSX Marketplace Exposed 8 Million Developers to Supply-Chain Attack

• Researchers discovered a vulnerability in Open VSX extensions marketplace that would allow attackers to steal a privileged access token, giving them ability to publish malicious updates to every extension used by popular VSCode forks like Cursor, Windsurf, and VSCodium.

• The flaw existed in the auto-publishing mechanism where NPM install commands ran with access to a privileged token, exposing over 8 million developers to potential compromise through silent extension updates functioning as malware.

• The affected marketplace serves as the primary extension source for dozens of development environments including Google Cloud Shell Editor, GitLab Web IDE, and Arduino IDE 2.x, creating an unprecedented supply-chain risk across the development ecosystem.

Anthropic's Slack MCP Server Vulnerable to Data Exfiltration via Link Unfurling

• A deprecated Anthropic Slack MCP Server is vulnerable to data exfiltration when posting messages, allowing attackers to leak data via hyperlink unfurling by exploiting prompt injection attacks.

• The vulnerability creates a "lethal trifecta" when AI agents use the Slack MCP server, have access to private data, and process untrusted content, enabling attackers to exfiltrate sensitive information including API keys and internal communications.

• A simple patch is available by adding two lines of code to disable link unfurling, but the server is no longer maintained by Anthropic despite its wide usage (14k+ weekly downloads), leaving thousands of installations potentially vulnerable.

Leadership Insights

Cybersecurity Threats Rank as Top Business Challenge in 2025 Global Survey

• Nearly half (47%) of global business leaders identify cybersecurity threats as their leading challenge in 2025, with 74% reporting increased concerns over the past year primarily due to malware (44%), data extortion (37%), and website breaches (37%).

• Despite growing threats, only 45% of organizations feel "very prepared" to address cybersecurity and data privacy issues, with just 12% ranking themselves as "extremely prepared" for global data privacy compliance across jurisdictions.

• AI-powered attacks are emerging as a significant concern (28%), yet organizations show critical governance gaps - 63% lack AI transparency practices, 59% have no AI policies, and 67% haven't engaged their boards on AI risks.

Transportation & Logistics Sector Faces Mounting Network Security Challenges

• Survey reveals that staying ahead of cybersecurity threats (81%) is the top operational challenge for transportation and logistics companies, with ransomware attacks (77%) being the primary security concern, followed by consistent policy enforcement (66%).

• Only 28% of organizations have implemented solutions to address GenAI-related network security issues, while 49% see value in converging networking and security functions for more robust operations.

• Despite the increasing importance of edge security for distributed operations, only 40% of respondents consider it mission-critical, and just 19% have implemented SASE solutions, highlighting significant gaps in modern security adoption.

Security and Network Visibility Top Priorities for Enterprise IT Leaders

• A recent study of 120 US-based IT leaders reveals that security concerns and complexity of network management are their primary challenges, with nearly half planning cybersecurity investments within the next 12 months due to rapid innovation in security technologies.

• Improving visibility into network traffic and diagnostics has emerged as a key focus area, as IT departments aim to better understand network activity, proactively mitigate security threats, and optimize network performance and costs.

• While many enterprises completed major LAN and WAN infrastructure upgrades during the pandemic, evolving from software-defined WAN (SD-WAN) to SASE (Secure Access Service Edge) is now a priority focus area, especially for securing remote workforces.

Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS

Career Development

Experienced Cybersecurity Analyst Struggles With SOC Role Transitions Despite 7 Years Of Experience

• A cybersecurity professional with 7 years of experience (2 years as InfoSec analyst, 5 years as Threat/Malware analyst) and a Masters degree reports consistent rejection when attempting to return to SOC roles.

• Despite progressing through multiple interview rounds (3-8 rounds) with various companies over the past year, the candidate faces vague rejection reasons, impacting their confidence despite addressing feedback from previous interviews.

• The professional currently works in a niche cybersecurity position with limited compensation and is considering pursuing CISSP certification to improve job prospects after their Security+ certification expired in December 2024.

Cybersecurity Professionals Debate Value of Maintaining Certifications When Employers Cut Renewal Funding

• A cybersecurity professional with 10 years of experience faces difficult decisions about maintaining certifications as their company implements cost-cutting measures and stops covering renewal fees that can cost several hundred dollars.

• The professional distinguishes between entry-level certifications like GIAC GSEC that may have diminishing returns with experience, and advanced certifications like CISSP that justify personal investment due to their demanding qualification process.

• The discussion highlights the emotional investment attached to certifications that represent months of studying and preparation, with many professionals reluctant to let credentials expire despite unclear ROI when paying out-of-pocket.

Ex-Bug Bounty Engineer Developing Challenge-Based Cybersecurity Hiring Tool

• A former HackerOne/Bugcrowd engineer is creating a tool to assess skills through hands-on, challenge-based tasks rather than relying on resumes and traditional interviews.

• The developer is seeking input from security hiring managers, consultancy operators, and professionals frustrated with current methods of evaluating technical ability.

• The initiative focuses on practical assessment techniques for security roles including analysts and penetration testers, with sample challenges available upon request.

AI & Security

OWASP Launches Comprehensive AI Testing Guide To Address Unique Security Challenges

• The guide aims to become the definitive reference for identifying security, privacy, ethical, and compliance vulnerabilities inherent in AI applications, with a technology-agnostic approach applicable across various implementation scenarios.

• Unlike traditional software, AI systems require specialized testing methodologies to address unique challenges including non-deterministic behavior, data dependencies, and vulnerability to adversarial attacks that can compromise system integrity.

• Development roadmap shows the guide will be completed in phases through September 2025, with contributions welcomed from the OWASP and AI communities to establish a structured framework for bias, robustness, and security validation.

Model Context Protocol Details Key Security Risks and Mitigations

• The specification identifies confused deputy vulnerabilities in MCP proxy servers, where attackers can exploit authorization servers using static client IDs to bypass user consent and gain unauthorized API access.

• Token passthrough is explicitly forbidden as it enables security control circumvention, compromises audit trails, creates trust boundary issues, and introduces risks of unauthorized access across connected services.

• To prevent session hijacking attacks, MCP servers must verify all inbound requests, avoid using sessions for authentication, implement secure non-deterministic session IDs, and bind sessions to user-specific information.

MCP, A2A, and AG-UI Technologies Could Create True Single Pane of Glass for SecOps

• Three emerging technologies – Model Context Protocol (MCP), Agent-to-Agent communication (A2A), and Agentic User Interface (AG-UI) – together offer a promising solution to the integration challenges that have historically prevented a unified security operations view.

• MCP standardizes how AI agents interact with security tools, A2A enables specialized AI agents to collaborate on complex tasks, and AG-UI provides an interactive human-AI interface that presents contextualized findings rather than just raw data.

• This approach could move SecOps beyond rigid, rule-based playbooks toward more adaptive, context-aware automation while maintaining human oversight for critical judgment and reducing alert fatigue.

Market Updates

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

• British startup RevEng.ai secured $4.15M in seed funding for its AI platform that automatically detects malicious code and vulnerabilities in software without requiring source code access.

• The company's proprietary BinNet AI model verifies software supply chain integrity through deep analysis of capabilities, security assessments, and automatic YARA rule creation for Linux, Windows, and Android platforms.

• Investment was led by Sands Capital with support from Episode, In-Q-Tel Capital, and IQ Capital, with funds earmarked to accelerate growth, improve AI models, hire talent, and expand US presence.

DataBahn Secures $17M to Deploy AI Agents for Data Pipeline Management

• DataBahn has raised $17M in Series A funding led by Forgepoint Capital to develop its autonomous AI agent-based platform for data pipeline management and telemetry.

• The company's "Phantom" AI agents collect telemetry without deploying legacy software, parsing and enriching data while suppressing noise - reducing telemetry costs by over 50% for Fortune 50 clients.

• The platform combines federated search capabilities with security-focused features, enabling faster threat detection while providing deeper context and control without traditional agent overheads.

Nexus IT Secures $60 Million For Cybersecurity Services Expansion

• Nexus IT, a Managed Services and Cybersecurity provider, received a $60 million capital commitment from Metropolitan Partners Group to accelerate nationwide growth through strategic MSP acquisitions.

• The company will focus on acquiring MSPs that serve highly regulated industries including healthcare, finance, and legal, with several acquisition deals already in the pipeline for U.S. expansion over the next three years.

• Rather than pursuing scale at all costs, Nexus IT is implementing a founder-led approach focused on long-term value creation, cultural fit, and client-centric innovation in IT services.

Tools

Trellix Insights

A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.

Zscaler Internet Access

Zscaler Internet Access is a cloud-based zero trust security platform that secures internet traffic by providing threat protection, data loss prevention, and secure web gateway capabilities without traditional VPN infrastructure.

Ping Identity Platform

The Ping Identity Platform is an enterprise identity and access management solution that provides authentication, authorization, and identity governance capabilities with flexible deployment options for securing customer, workforce, and partner identities.

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz