Brief #132: Microsoft Defender Bypass, Chinese AI Autonomous Hacking, Salaries Go Down

Happy Sunday!

In this week's brief:

• The Shai-Hulud 2.0 attack compromised over 25,000 npm repositories using sophisticated typosquatting to harvest developer credentials and secrets across multiple package ecosystems
• Chinese state actors are using Claude AI to autonomously execute 80-90% of their attack operations, from reconnaissance to exfiltration, with minimal human intervention
• Cybersecurity salaries are dropping by approximately $20k across roles as companies capitalize on increased competition from laid-off workers to reduce compensation

A quick note before we dive in.

Industry News

SquareX Claims Comet Browser Vulnerability, Perplexity Disputes Research

• SquareX discovered a potential vulnerability in Perplexity's Comet AI browser that could allow attackers to execute local commands through a Model Context Protocol API and two hidden extensions.

• The attack requires compromising the agentic extension via XSS, MitM attacks, or gaining access to Perplexity systems, and SquareX demonstrated the exploit using an "extension stomping" technique to deploy ransomware.

• Perplexity strongly disputes the findings, calling it "fake security research" and stating the scenario is contrived, though they implemented preventive measures out of caution and claim users must consent to MCP installations.

Shai-Hulud 2.0 Supply Chain Attack Targets Over 25,000 Repositories With Credential Harvesting

• Threat actors have launched a massive supply chain attack called Shai-Hulud 2.0 that compromises over 25,000 npm package repositories to steal developer credentials and secrets.

• The attack involves publishing malicious packages that mimic legitimate libraries, with typosquatting techniques used to trick developers into installing compromised versions that exfiltrate sensitive data.

• The campaign demonstrates sophisticated persistence mechanisms and targets high-value organizations by harvesting authentication tokens, API keys, and other secrets from development environments across multiple package ecosystems.

Microsoft Teams B2B Guest Access Bypass Defeats Defender for Office 365 Protections

• Attackers can create malicious Microsoft 365 tenants without Defender protections and invite victims as guests, completely bypassing Safe Links, ZAP, and malware scanning that exist in the victim's home organization.

• Microsoft's MC1182004 feature "Chat with anyone with an email address" is enabled by default and allows threat actors to trivially deliver guest invitations to any email address, making this attack vector easily exploitable.

• When users accept guest invitations to external tenants, all security policies apply from the hosting tenant rather than their home organization, creating protection-free zones that attackers can exploit for phishing campaigns and malware distribution.