The Biggest Cybersecurity News Headlines This Week

Every week, I hand‑pick a few cybersecurity headlines not to overwhelm you, but to help you build signals. Signals turn news into talking points, interview examples and problem‑solving ideas.

This week’s stories span AI attack surfaces, targeted malware in hospitality and a high‑priority browser patch. Here’s what happened and how to use it.

1. ChatGPT’s Deep Research Hit by Server‑Side Data Theft Attack

What happened:

Radware researchers uncovered a zero‑click data‑exfiltration technique dubbed ShadowLeak that targeted ChatGPT’s Deep Research agent. 

An attacker could send a specially crafted email; when the agent processed the message, it silently collected data and exfiltrated it to an attacker‑controlled URL. 

Unlike typical prompt‑injection exploits, this attack operated entirely on the server side - no malicious prompts needed in the client. 

OpenAI patched the flaw in early August, but researchers warn that a significant attack surface remains.

Why it matters:

AI assistants are being woven into email, CRM and workflow tools. A server‑side attack that exfiltrates data without user interaction demonstrates how AI agents can become high‑value targets. 

It’s also a reminder that traditional client‑side security (e.g., input filtering) isn’t enough; we need governance and monitoring of agents’ behaviour.

How to turn it into an advantage:

In interviews or team meetings, talk about agent alignment and monitoring, verifying that an AI agent’s actions remain consistent with the user’s goals and flagging deviations. 

Mention that you’d implement controls to track agent requests, restrict network permissions and validate outputs, showing you think beyond simple prompt filtering.

Read more on SecurityWeek

2. TA558’s AI‑Generated Scripts Deploy Venom RAT in Hotels

What happened:

Kaspersky observed a new campaign by the hotel‑focused threat group RevengeHotels (TA558). 

Attackers send phishing emails invoice or reservation lures to hotel staff in Portuguese and Spanish. 

These emails deliver JavaScript and PowerShell loaders whose code is generated by large language model agents. 

The chain ultimately drops Venom RAT, a commercial remote‑access Trojan that can harvest data, act as a reverse proxy and even spread via USB drives. 

The malware uses anti‑kill features to tamper with the Windows registry, persist across reboots and terminate processes used by security analysts.

Why it matters:

This campaign shows how attackers are adopting AI to refine phishing lures and generate custom loaders. 

By targeting hotels and travel firms, they aim to steal travellers’ credit‑card details and expand into Spanish‑speaking markets. 

Anti‑kill capabilities make the malware resilient and harder to analyse.

How to turn it into an advantage:

Use this story to discuss AI‑enhanced malware in your next interview. 

Explain how you’d build controls to detect LLM‑generated phishing (e.g., by scanning for unusual script patterns), restrict execution of unsigned scripts and monitor for RAT behaviours like hidden desktop sessions. 

Highlight the need for targeted awareness training in hospitality and tourism.

Read more on Hackernews

3. Chrome 140 Fixes the Sixth Zero‑Day of 2025

What happened:

Google rushed out a Chrome update to address CVE‑2025‑10585, a type‑confusion flaw in the V8 JavaScript/WebAssembly engine. 

The bug, reported by Google’s Threat Analysis Group, was already being exploited in the wild, likely by a spyware vendor. 

Chrome 140 also patches two use‑after‑free issues (CVE‑2025‑10500 and –10501) and a heap buffer overflow in ANGLE discovered by an AI agent. 

Updates are rolling out for Windows, macOS and Linux.

Why it matters:

Browser zero‑days are prime targets because they allow drive‑by compromise via malicious webpages. 

This is the sixth Chrome zero‑day this year and highlights how quickly attackers weaponize memory‑safety issues. 

The fact that an AI tool discovered one of the patched bugs also shows how AI is reshaping both offense and defense.

How to turn it into an advantage:

Talk about patch management and memory‑safe programming. 

In conversations, explain the risks of type‑confusion bugs and why promptly applying browser updates matters. 

For roles focused on vulnerability management, mention strategies like using browser isolation, enabling automatic updates and advocating for languages or tools that prevent entire classes of memory errors.

Read more on SecurityWeek

Reading these updates keeps you informed, but if you’re still trying to break into cybersecurity especially without a degree or prior IT experience there’s a quicker route.

I recommend CourseCareers’ IT program. 

It’s designed for newcomers and covers core IT fundamentals, hands‑on labs and role‑specific prep, so you’re not just learning concepts, you’re moving toward a job in helpdesk, networking or cybersecurity. 

If you’re ready to stop watching from the sidelines, this is a great starting point. Check it out here.

Keep learning. Keep turning headlines into insight. That’s how you go from watching the field to working in it.

– Sandra