Cybersecurity Headlines Silver Fox targets Indian users, Mustang Panda deploys ToneShell, will prompt injection ever be 'solved'?
Dec 31, 2025
Silver Fox is targeting Indian users with phishing scams disguised as income tax notifications, deploying the Valley Rat RAT. Mustang Panda is causing headaches with ToneShell, leveraging a signed kernel driver and tampering with Defender. OpenAI raises concerns about the persistence of prompt injection vulnerabilities that may never be fully remedied. Additionally, two incident responders are in hot water for their involvement in BlackCat ransomware extortion, while rumors swirl about major cybersecurity mergers on the horizon.
AI Snips
Chapters
Transcript
Episode notes
SilverFox Phishing And SEO Poisoning
- SilverFox used phishing and DLL sideloading to deliver Valley Rat and steal credentials from Indian users.
- Researchers observed SEO poisoning and fake download sites to broaden the campaign's reach.
Kernel Rootkit Used To Deliver ToneShell
- Mustang Panda used a signed kernel-mode rootkit driver to deploy a new ToneShell variant against governments in Asia.
- The campaign tampered with Microsoft Defender and used fake TLS headers to hide communications.
Prompt Injection May Never Be Fully Solved
- OpenAI's internal red team found new prompt injection attacks that can hijack browser-based agents during normal web workflows.
- The company says agents with access to email, documents, and web services are inherently higher-value targets and may never be fully safe.