Cyber Bites by Edwin Kwan
Cyber Bites
Cyber Bites - 18th July 2025
0:00
-10:27

Cyber Bites - 18th July 2025

  • Google Gemini Vulnerability Enables Email Summary Phishing Attacks

  • McDonald's AI Hiring Platform Exposes 64 Million Job Applications Through Weak Password Security

  • Critical eSIM Vulnerability Exposes Over 2 Billion IoT Devices to Malicious Attacks

  • Small Businesses Face Disproportionate Cyber Threats, Should Big Tech Do More?

  • Organisation Increasingly Adopting AI Tools for Cybersecurity


Google Gemini Vulnerability Enables Email Summary Phishing Attacks

https://0din.ai/blog/phishing-for-gemini

Google's Gemini for Workspace contains a critical flaw that allows attackers to hijack email summaries and redirect users to phishing sites without using traditional attachments or direct links. The vulnerability, discovered by a Mozilla researcher, exploits indirect prompt injections hidden within emails that manipulate Gemini's summary generation process. Despite Google implementing safeguards against similar attacks reported since 2024, the technique continues to prove effective against the AI system.

The attack method involves crafting emails with invisible malicious instructions embedded in the message body using HTML and CSS styling that sets font size to zero and colour to white. These hidden directives remain invisible to Gmail users but are parsed and executed by Gemini when generating email summaries. When recipients request a summary, the AI follows the concealed commands and can produce fraudulent security warnings, such as alerts about compromised Gmail passwords accompanied by fake support phone numbers, creating highly convincing phishing attempts.

The vulnerability poses significant risks because users typically trust Gemini's output as legitimate Google Workspace functionality, making them more susceptible to deception. Google has acknowledged the issue and stated they are continuously hardening defenses through red-teaming exercises, though some mitigations are still being implemented. It is recommended that organisations implement post-processing filters to scan Gemini output for urgent messages, URLs, or phone numbers, while users should remain skeptical of security alerts generated through AI summaries rather than official Google communications.


McDonald's AI Hiring Platform Exposes 64 Million Job Applications Through Weak Password Security

https://www.smh.com.au/technology/personal-information-of-mcdonald-s-job-applicants-exposed-online-20250710-p5mdyz.html

McDonald's AI-powered hiring platform McHire exposed the personal information of over 64 million job applicants due to elementary security flaws discovered by researchers in late June 2025. The vulnerability centered on the platform's admin panel, which accepted weak default login credentials using both "123456" as the username and password. After an initial failed attempt using "admin" for both fields, the researchers successfully accessed the entire system using the notorious "123456" password combination.

The breach allowed unauthorized access to sensitive data including names, email addresses, phone numbers, home addresses, and IP addresses of job seekers who applied through the chatbot named Olivia. McHire is used by 90% of McDonald's locations and represents an Insecure Direct Object Reference (IDOR) vulnerability, where applications expose internal object identifiers without verifying user authorization to access the data. The platform was developed by artificial intelligence software firm Paradox.ai and the security flaw highlighted critical weaknesses in enterprise-level hiring systems.

Paradox.ai stated they resolved the issues "within a few hours" after the researchers' report and clarified that "at no point was candidate information leaked online or made publicly available," noting the incident only impacted "one organisation" with no other Paradox clients affected. However, only five candidates had their information actually viewed during the research process. The incident serves as a reminder of the importance of implementing proper security measures in AI-powered recruitment platforms, particularly given the sensitive nature of job application data and the scale of potential exposure.


Critical eSIM Vulnerability Exposes Over 2 Billion IoT Devices to Malicious Attacks

https://security-explorations.com/esim-security.html

Cybersecurity researchers have discovered a critical vulnerability in Kigen's eUICC cards that affects over 2 billion IoT devices worldwide, potentially allowing attackers to install malicious applets and compromise eSIM functionality. The vulnerability, discovered by Security Explorations and rewarded with a $30,000 bounty from Kigen, exploits weaknesses in the GSMA TS.48 Generic Test Profile versions 6.0 and earlier, which is used in eSIM products for radio compliance testing. This flaw allows for the installation of non-verified and potentially malicious applets on embedded SIM cards.

The attack requires specific conditions including physical access to the target eUICC and the use of publicly known keys, but successful exploitation can have severe consequences. Attackers could extract the Kigen eUICC identity certificate, download arbitrary profiles from mobile network operators in cleartext, access MNO secrets, and tamper with profiles without detection. The vulnerability also enables the deployment of persistent backdoors that could intercept all communications, with operators potentially losing control over profiles and receiving false views of profile states.

Kigen has addressed the issue through the release of GSMA TS.48 version 7.0, which restricts the use of the test profile, while all earlier versions have been deprecated. While the attacks require sophisticated capabilities typically associated with nation-state groups, the vulnerability represents a significant weakness in eSIM architecture that could compromise the security of billions of connected devices across various industries.


Small Businesses Face Disproportionate Cyber Threats, Should Big Tech Do More?

https://www.npr.org/2025/07/10/1255443737/facebook-scams-small-business-cyber-crime

Small businesses are bearing the brunt of cybercrime at alarming rates, with new data revealing they fall victim to attacks four times more frequently than large enterprises. The vulnerability of mom-and-pop operations was highlighted in the case of Hillary Hanning, owner of The Little House bar in New Orleans, who lost her business's Facebook and Instagram accounts to scammers last November. The attack began with a fraudulent Facebook message claiming account irregularities, leading to a sophisticated social engineering scheme that ultimately cost Hanning $10,000 when she fell victim to a secondary scammer impersonating Meta customer service.

According to recent analysis by Verizon, small businesses with fewer than 1,000 employees represent the majority of cyber attack victims, while a Mastercard survey found that nearly half of small and medium-sized businesses experienced cyber attacks, with 20% subsequently filing for bankruptcy or closing permanently. Cybersecurity experts argue that the current system unfairly burdens small business owners, who often juggle multiple roles and lack the resources to become cybersecurity experts. Michael Daniel of the Cyber Threat Alliance emphasizes that expecting business owners to handle their own cybersecurity is unrealistic, stating that the responsibility should shift to tech companies rather than pushing the burden to individual users.

The incident exposes broader concerns about Meta's security infrastructure and response capabilities. While 41 state attorneys general demanded stronger action from Meta last year, the company maintains that combating scams requires collective effort from governments, banks, and other stakeholders. Despite Meta's claims of investing in anti-fraud technology, Hanning's case demonstrates critical gaps in the platform's security measures and customer support systems. Her accounts were only restored after media intervention, highlighting the inadequate resources available to small businesses facing similar threats in an increasingly hostile digital landscape.


Organisation Increasingly Adopting AI Tools for Cybersecurity

https://www.isc2.org/Insights/2025/07/2025-isc2-ai-pulse-survey

The cybersecurity industry is experiencing a measured but significant shift toward artificial intelligence adoption, with new research from ISC2 revealing that 30% of cybersecurity professionals have already integrated AI security tools into their operations. The 2025 AI Adoption Pulse Survey, based on insights from 436 global cybersecurity professionals across organizations of all sizes, defines these tools as AI-enabled security solutions, generative AI, and agentic AI for automatic action. Additionally, the majority (42%) are currently exploring or planning AI implementation, indicating a cautious but growing acceptance of artificial intelligence in cybersecurity operations.

The survey findings suggest that cybersecurity teams are taking a deliberate approach to AI integration, balancing the technology's potential benefits with inherent security concerns. The research assesses the impact of AI adoption on team effectiveness, entry-level jobs and cybersecurity hiring, providing critical insights into how artificial intelligence is reshaping the cybersecurity workforce. While specific performance metrics from the survey were not detailed in available reports, the substantial percentage of early adopters indicates that AI tools are already demonstrating practical value in security operations.

This measured adoption comes at a critical time for the cybersecurity industry, which continues to face significant workforce shortages and increasingly sophisticated threats. The ISC2 findings reflect a broader trend where cybersecurity professionals are recognising AI's potential to enhance their capabilities while remaining cautious about implementation risks. As the technology matures and more organisations develop comprehensive AI strategies, the survey data suggests that AI adoption in cybersecurity will likely accelerate, fundamentally changing how security teams operate and potentially addressing some of the industry's persistent staffing challenges.

Discussion about this episode

User's avatar