New Hak5 Video Highlights Critical Cybersecurity Issues and Emerging Threats

In this new video from the @hak5 channel, Alli Diamond presents the Threatwire episode from April 14, 2025, covering several crucial cybersecurity topics. The video begins with a discussion about a potential major security flaw involving Oracle Cloud, initially reported on a data leak forum on March 20 by a user named rose87168. This user allegedly exploited old vulnerabilities (CVE) to extract credentials from 6 million users. Oracle initially denied any breach but later admitted that only Oracle Cloud Classic had been compromised, without affecting Oracle Cloud Infrastructure (OCI). However, public discussions revealed that Oracle quietly contacted two major users to discuss the flaw, which was then shared on social media. Oracle maintains that the compromised servers were outdated and that passwords were encrypted or hashed, preventing access to client environments.

The video then delves into emerging trends and terms in the field of artificial intelligence (AI) and cybersecurity. The term "vibe scamming" was introduced by the Guardio Labs research team to describe the use of AI to create phishing sites and other scam tools. They proposed a benchmark to measure how easy it is to create scam pages and their credibility. Initial tests showed that agents like ChatGBT and Cla were able to create phishing pages after some adjustments, while Lovable did so with no difficulty.

Another emerging term is "slop squatting," popularized by PSF developer Seth Larson and Andrew Nesbet. This term describes the practice of registering under non-existent package names generated by language models (LLMs), hoping that users guided by AI assistants will install them without realizing they are fake. Research has shown that nearly 20% of packages recommended by code generation models did not exist, and 58% of these fake packages were recommended more than once, paving the way for supply chain attacks.

Alli Diamond also revisits the Volt Typhoon cyberattacks, attributed to a Chinese group, which targeted critical U.S. infrastructures. According to a Wall Street Journal article, Chinese officials allegedly indirectly admitted their responsibility during a secret meeting in December, linking these intrusions to U.S. support for Taiwan.

Finally, the video reveals crucial information about the CVE (Common Vulnerabilities and Exposures) program managed by MITRE. A government contract essential for the development and modernization of the CVE program will expire on April 16, 2025. This expiration could lead to the deterioration of national vulnerability databases, guidance, security tools, incident response operations, and critical infrastructures. MITRE remains committed to supporting the CVE program, but the impact of this expiration remains uncertain.

This information is critical for cybersecurity professionals, as it highlights current challenges and emerging threats in the field. Understanding these dynamics allows for better preparation and response to future attacks and vulnerabilities.