Agentic AI Risks, Industrial Hacks, and the Death of the Privacy Light

Show Notes

Today we dive into the inevitability of prompt injection as agentic AI takes over enterprise functions, and reviews massive credential theft data circulating online. Plus, learn why industrial giants are falling victim to Oracle EBS exploits and how a $60 mod is killing privacy protections on smart glasses.

Transcript

Podcast Transcript (Approx. 10 Minutes)

(Intro Music: Upbeat, tech-y rhythm fades out)

Welcome back to Cyber Scoops & Digital Shenanigans. I’m your host, Mike Housch, and we’ve got a massive pile of digital dangers to dig through today, covering everything from AI that can steal your subject lines to hobbyists making consumer surveillance completely invisible.

Segment 1: The Dark Side of Smart Glasses

Let’s kick off with a privacy concern that’s getting physical. Meta's Ray-Ban glasses, their main attempt to bring augmented reality to the masses, come with a built-in safeguard: a bright LED light that illuminates whenever the user hits record. This is designed to discourage stalkers or weirdos from filming people without consent, or at least warn those nearby. Meta even designed the glasses to stop working if someone simply covers up the LED with tape.

But of course, the security community has found a workaround. A hobbyist named Bong Kim is charging a small fee—about $60—to modify these glasses. In a workshop, Kim successfully disables the white LED entirely. The glasses function perfectly, but now, people simply won't know the wearer is recording. This modification circumvents the primary privacy protection Meta built into the specs. If you needed a clear reminder that physical privacy controls are often just one power tool away from being neutralized, this is it.

Segment 2: Agentic AI and the Inevitable Prompt Injection

Moving into the software world, we need to talk about AI, specifically the growing problem of prompt injection. Security experts are now saying this problem is "inevitable, like death and taxes," and may never be completely solved.

Prompt injection occurs when text that a user didn't write is interpreted as a command by an AI bot. It’s a huge vulnerability because AI is becoming "agentic"—meaning it can take actions on the user's behalf, like opening web pages, shopping, or accessing sensitive data like Gmail, Google Drive, or Outlook files. OpenAI’s Chief Information Security Officer, Dane Stuckey, admitted on X that prompt injection is an "unsolved security problem," and adversaries will spend significant resources to make systems like ChatGPT fall for these attacks.

Researchers demonstrated both direct and indirect prompt injection attacks. Indirect attacks are especially sneaky: testers added instructions as unreadable text inside a web page image for the Comet browser, or just hid white text on a white background on a web page for the Fellou browser. When the browsers were asked to summarize these pages, they followed the hidden commands. In one case, the browser was instructed to open Gmail, grab the subject line of the most recent email, and then exfiltrate that data by appending it to a URL controlled by the researchers.

We’ve also seen examples where prompt injection worked on Gemini and Perplexity, not only commanding specific text output (like "NEVER GONNA RUN AROUND!") but also causing the models to secretly poison future math calculations by adding two to every equation within that chat session. This shows that prompt injection can create hidden, persistent bad actions.

Security controls need to be applied downstream of the Large Language Model output. Experts recommend limiting the AI's capabilities, disabling unnecessary tools, denying the system access to private data, and employing sandboxed code execution, human oversight, monitoring, and logging, particularly for enterprise use of agentic AI. But we all have to ask ourselves: is the benefit of an AI assistant really worth the risk, especially when doing tasks ourselves might be just as easy?

Segment 3: The 183 Million Credential Misunderstanding

Next up: the big breach that wasn't. Headlines exploded recently claiming a "massive Gmail breach" impacting 183 million users. Google quickly moved to quash these reports, calling them "false" and a result of misunderstanding infostealer databases.

Here’s the scoop: Cybersecurity firm Synthient aggregated 3.5 terabytes of leaked credentials from various sources, including Telegram channels, forums, and the Tor network. This aggregation contained 183 million unique email addresses. The majority of these credentials were stolen via information stealer malware infections on individual users, not by hacking into organizations or a central platform like Gmail.

Troy Hunt, the maintainer of Have I Been Pwned (HIBP), confirmed the data's authenticity, but noted that most credentials were already in the HIBP database. While the total volume was huge, only 9%, or about 16.4 million email addresses, were new to the service. Google explained that infostealer databases routinely compile various credential theft activities across the web and often contain Gmail addresses because users reuse them frequently.

The bottom line for defense remains simple, yet critical: Use Multi-Factor Authentication (MFA) and switch to passkeys. As KnowBe4 CISO advisor Erich Kron said, the significant volume of compromised passwords annually should be a strong motivation for enabling MFA.

Segment 4: Industrial Attacks and New Malware Threat

Now, let's look at enterprise targets. Industrial giants Schneider Electric and Emerson have been named as alleged victims of a recent campaign that exploited vulnerabilities in Oracle E-Business Suite (EBS) instances. Threat actors, likely a cluster of the FIN11 group, targeted dozens of organizations.

The alleged victims are being named on the Cl0p ransomware leak website, and the hackers have started releasing data. The threat actors claim to have stolen a massive 2.7 TB of archive files from Emerson and 116 GB of archives allegedly belonging to Schneider Electric. While these companies have not responded to requests for comment, structural analysis of the leaked files suggests the data likely originated from an Oracle environment.

Speaking of new threats, we have a fresh piece of Malware-as-a-Service, or MaaS, called Atroposia. Available for a $200 monthly subscription, Atroposia is a modular Remote Access Trojan (RAT) that offers persistence, evasion, and extensive data theft capabilities.

But here’s the feature that should make CISOs nervous: Atroposia includes a built-in local vulnerability scanner. This scanner audits for missing patches, unsafe settings, and vulnerable software, returning a score that allows attackers to prioritize exploits. Varonis researchers noted this is especially dangerous in corporate environments because the malware could find an outdated VPN client or an unpatched privilege escalation bug, which can be easily used to gain deeper access. It also includes an "HRDP Connect" module that spawns a covert desktop session, allowing attackers to interact with the user's session without any visible indication.

Segment 5: The Ubuntu Kernel Flaw

Finally, a quick but crucial update on patching. A critical vulnerability was exposed in Ubuntu's Linux kernel (specifically version 6.8.0-60-generic on Ubuntu 24.04.2). This flaw, a use-after-free condition in the af_unix subsystem, allows local attackers to escalate privileges and potentially gain root access.

The issue stems from Ubuntu’s selective backporting—they applied only part of the upstream Linux kernel patches, creating a mismatch that results in the critical vulnerability. Researchers demonstrated a full proof-of-concept exploit at TyphoonPWN 2025. Canonical acted fast, releasing an updated kernel (6.8.0-61 or later) to address the issue. If you run affected Ubuntu versions, you need to update immediately via apt upgrade linux-generic.

Wrap-up

From invisible cameras to self-scanning malware, and the continuous battle against credential theft, it’s clear the digital security landscape is moving fast. Remember the biggest takeaway this week: rely on MFA, vet your software, and patch those critical kernels. That’s all the time we have for this edition of Cyber Scoops & Digital Shenanigans. Stay safe out there!