Senate Investigates Cisco Over Zero-Day Firewall Vulnerabilities
U.S. Senator Bill Cassidy, Chairman of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers from Cisco Systems regarding recent zero-day vulnerabilities in its widely used networking equipment. The October 10, 2025, letter to CEO Chuck Robbins highlights the potential risks to national security and the economy, following a swift emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA).
A small number of samples can poison LLMs of any size
In a joint study with the UK AI Security Institute and the Alan Turing Institute, we found that as few as 250 malicious documents can produce a “backdoor” vulnerability in a large language model—regardless of model size or training data volume. Although a 13B parameter model is trained on over 20 times more training data than a 600M model, both can be backdoored by the same small number of poisoned documents. Our results challenge the common assumption that attackers need to control a percentage of training data; instead, they may just need a small, fixed amount. Our study focuses on a narrow backdoor (producing gibberish text) that is unlikely to pose significant risks in frontier models. Nevertheless, we’re sharing these findings to show that data-poisoning attacks might be more practical than believed, and to encourage further research on data poisoning and potential defenses against it.
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin
The U.S. government has seized more than $14 billion in bitcoin and charged the founder of a Cambodian conglomerate in a massive cryptocurrency scam, accusing him and unnamed co-conspirators of exploiting forced labor to dupe would-be investors and using the proceeds to purchase yachts, jets and a Picasso painting. In an indictment unsealed Tuesday, Brooklyn federal prosecutors charged Prince Holding Group chairman Chen Zhi with wire fraud conspiracy and money laundering conspiracy. At the same time, U.S. and British authorities imposed sanctions on Chen’s company, which is involved in real estate development and financial services, and the Treasury Department declared it a transnational criminal organization.
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active since July 2022, it was observed targeting organizations in the education, healthcare, IT, and manufacturing sectors. The group employed various ransomware payloads in its attacks, including BlackCat, Quantum Locker, Zeppelin, and Rhysida. The threat actor uses Remote Desktop Protocol (RDP) for lateral movement and deploys the INC ransomware payload through the Windows Management Instrumentation Provider Host. “In early October 2025, Microsoft disrupted a Vanilla Tempest campaign by revoking over 200 certificates that the threat actor had fraudulently signed and used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware.” states Microsoft. “We identified this Vanilla Tempest campaign in late September 2025, following several months of the threat actor using fraudulently signed binaries in attacks.”
Prosper Data Breach Impacts 17.6 Million Accounts
More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns. Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based company, the attackers queried its database containing customer information and applicant data to exfiltrate the information, but did not access user accounts. “There is no evidence of unauthorized access to customer accounts and funds, and our customer-facing operations continue uninterrupted,” Prosper said.
