Security researchers have identified a major campaign targeting VPN login portals from Cisco and Palo Alto Networks.

Attack Methods
Over two days in mid-December, attackers launched automated login attempts at scale, using millions of sessions across more than 10,000 unique IP addresses.

These attacks did not exploit software flaws but instead relied on trying large numbers of username and password combinations.

Targeted Platforms
The campaign focused on Palo Alto Networks GlobalProtect portals first, followed by Cisco SSL VPN endpoints.

Most attack traffic originated from a single German hosting provider and showed a uniform pattern, indicating scripted credential probing rather than random scanning.

Implications for Security
This activity highlights the ongoing risk to VPNs from large-scale brute force attempts, emphasizing the need for strong authentication measures and continuous monitoring.

Recommended Measures
Strong passwords and multi-factor authentication remain critical to protecting corporate VPN access.

Security researchers have uncovered attacks that bypass AI safety systems, even when humans are in the loop.

How the Exploit Works
Attackers manipulate inputs to trick AI models into performing unintended actions. This shows that human oversight alone may not stop clever manipulations.

Targets and Impact
The attacks affect AI models used in content filtering, code generation, and other automated decision-making systems. Risks include generating harmful outputs or exposing sensitive information.

Key Takeaways for Security
Relying solely on human review is not enough. Organizations must strengthen AI monitoring, add layered defenses, and test models against adversarial inputs.

Moving Forward
AI safety measures need continuous updates to keep pace with evolving attacks and reduce potential harm.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠⁠⁠⁠Sherrod DeGrippo⁠ is joined by security researchers Geoff McDonald and JBO to discuss Whisper Leak, new research showing that encrypted AI traffic can still unintentionally reveal what a user is asking about through patterns in packet size and timing.

They explain how LLM token streaming enables this kind of side-channel attack, why even well-encrypted conversations can be classified for sensitive topics, and what this means for privacy, national-level surveillance risks, and secure product design.

The conversation also walks through how the study was conducted, what patterns emerged across different AI models, and the steps developers should take to mitigate these risks.

Microsoft has confirmed that attackers are actively exploiting a critical flaw in React Server Components called React2Shell.

Hundreds of machines across different sectors have already been compromised. Attackers use this flaw to run commands, deploy malware, and sometimes deliver ransomware.

Early Exploits Turn Dangerous

The vulnerability was first reported earlier this month. Threat actors quickly chained it with other weaknesses, targeting exposed servers at scale.

Reports indicate that attackers from China and Iran have been actively probing systems.

Industrial-Scale Impact

Security teams note that exploitation continues at a high pace. About 39 percent of cloud environments using React Server Components are vulnerable.

Many systems remain unpatched, leaving organizations exposed to further attacks.

Mitigation Steps

Microsoft advises organizations to apply patches; audit React deployments and monitor for signs of compromise.

With exploitation surging, timely action is essential to prevent further damage.

React2Shell demonstrates how widely adopted technologies can become critical points of risk if vulnerabilities are left unaddressed.

Energy experts warn that battery energy storage systems are becoming a key target for hackers.

These systems help balance electricity supply and demand, but attackers see them as weak points that could cause power disruptions.

Risks Behind the Technology

Many battery systems are connected to networks and controlled remotely.

This connectivity makes them vulnerable to cyberattacks that could alter operations, shut down storage units, or even cause physical damage.

Critical Infrastructure Concern

Power grids rely increasingly on these storage units, especially as renewable energy use grows.

A successful attack could affect millions of homes and businesses, highlighting the need for stronger protections.

Preventive Measures

Operators are urged to monitor systems closely, apply updates, and separate critical controls from public networks.

Training staff to recognize attacks is also key.

Battery storage security is now a top concern for energy providers, making early action essential to avoid widespread disruption.

Industry experts reflected on the year’s biggest lessons for cybersecurity teams.

Their insights cover both technical defenses and leadership strategies that shaped successful security programs.

Focus on People and Process

Strong cybersecurity isn’t just about technology - Teams that invested in training, clear processes, and cross-department collaboration managed risks more effectively.

Adapting to AI and Automation

AI tools are now common in security operations - Leaders emphasized careful integration and monitoring to avoid blind spots or overreliance on automation.

Managing Risk in a Changing Threat Landscape

Attackers keep evolving - Security leaders highlighted the importance of continuous risk assessments and agile incident response to stay ahead.

Leadership and Culture Matter

Building a security-conscious culture across all levels of an organization proved critical.

Open communication and executive support help teams respond faster and more effectively.

Investing Wisely

Resources matter - Leaders advised focusing investments on areas that reduce the most risk, rather than chasing the latest trends.

Planning for Compliance

Regulations are tightening worldwide - Maintaining compliance while balancing operational needs was a top concern for leaders across industries.

Security teams that shared threat intelligence and worked closely with peers both inside and outside their companies fared better in preventing incidents.

A strong security program blends technology, people, and culture to handle evolving threats and keep organizations resilient.