Good morning, Cyber Security enthusiast.

A critical vulnerability has been uncovered in Oracle Cloud's Code Editor, giving attackers the ability to compromise enterprise cloud environments with just a single click. The flaw highlights a major security oversight in a widely used developer tool.

The exploit stemmed from a failure to protect a file upload endpoint, creating a path for bad actors to move across a victim's cloud services. As developer tools become more deeply integrated, how can organizations ensure this implicit trust doesn't become their greatest liability?

In today’s Cyber Security recap:

• A one-click flaw exposes Oracle Cloud environments

• China’s nine-month heist on the U.S. National Guard

• Cloudflare stops a record-breaking DDoS attack

• How an AI was tricked into hacking itself

One-click cloud compromise

The Recap: A critical vulnerability in Oracle Cloud's Code Editor allowed attackers to execute malicious code with a single click, exposing enterprise cloud environments.

Unpacked:

• The exploit took advantage of a file upload endpoint in the Code Editor that lacked cross-site request forgery (CSRF) protections.

• A successful attack could lead to lateral movement, allowing a bad actor to leverage the victim's credentials to access other connected Oracle Cloud services.

• Oracle swiftly patched the vulnerability by enforcing a CSRF token requirement through a custom HTTP header, effectively closing the attack vector.

Bottom line: This incident highlights the security risks that emerge from implicit trust between tightly integrated cloud services. It serves as a reminder to apply the same security scrutiny to developer tools as you would to production systems.

China's nine-month heist

The Recap: A Chinese state-sponsored hacking group, Salt Typhoon, spent nine months inside a U.S. National Guard network, stealing military data and accessing networks in every state, according to a recent report. This breach highlights a significant, long-term intrusion into critical U.S. infrastructure.

Unpacked:

• The intrusion wasn't isolated, as the attackers leveraged their initial access to reach networks in every other US state and at least four territories.

• Attackers exfiltrated 1,462 network configuration files from government and critical infrastructure entities, providing them with blueprints for future attacks.

• The incident exposes deep vulnerabilities in hybrid federal-state infrastructures, where the National Guard's connections to local agencies created pathways for the breach to spread.

Bottom line: This campaign was less about immediate disruption and more about long-term intelligence gathering to map out U.S. defenses. The attack serves as a critical warning for organizations to secure the seams between interconnected systems and adopt zero-trust security models.

The DDoS floodgates open

The Recap: Cloudflare thwarted the largest DDoS attack ever recorded at 7.3 Tbps, signaling a major shift toward shorter, more intense cyberattacks. The company's Q2 2025 threat report highlights an alarming escalation in the power of these network-flooding threats.

Unpacked:

• The record-breaking 7.3 Tbps attack lasted just 45 seconds, a tactic attackers use to inflict maximum damage before defenses can fully activate.

• While the total number of DDoS attacks fell, the most powerful incidents skyrocketed, with attacks exceeding 100 million packets per second surging by 592% compared to the previous quarter.

• Financial motives are also on the rise, as the proportion of customers threatened by ransom DDoS attacks increased by 68% in Q2.

Bottom line: Attackers now favor overwhelming force in short sprints over prolonged campaigns. This shift demands automated, always-on defense systems capable of responding in seconds, not minutes.

The AI That Hacked Itself

The Recap: Researchers demonstrated a novel attack where an AI assistant was tricked into compromising its own security through a crafted email. Pynt researchers detailed how this method bypasses traditional safeguards by exploiting the trust between integrated applications.

Unpacked:

• The attack didn't exploit a single flaw but instead chained together secure services like Gmail and the command line, tricking Claude into connecting them in a dangerous way.

• In a fascinating twist, the AI itself helped refine the attack. After initial attempts failed, the researcher convinced Claude to analyze the failures and suggest improvements to bypass its own security.

• This was possible because of the Model Context Protocol (MCP), an architecture that lets AI assistants seamlessly use different tools and creates new, unforeseen vulnerabilities through these interactions.

Bottom line: This experiment shows that securing individual apps isn't enough; the real risk now lies in how these trusted systems interact. Future security models must account for an AI's ability to be socially engineered and its power to connect tools in unexpected ways.

The Shortlist

Google's uncovered a critical SQLite 0-day vulnerability using its "Big Sleep" AI agent, marking the first time an AI has proactively found and helped stop an active threat before exploitation.

The UK revealed a major 2022 data breach that leaked the details of nearly 19,000 Afghans who supported British forces, the disclosure of which was blocked by a government super-injunction until this week.

Lenovo patched a series of privilege escalation vulnerabilities in its pre-installed Vantage software that allowed unprivileged users to execute code with SYSTEM-level access.

Researchers detailed the critical "Golden dMSA" attack, a vulnerability in Windows Server 2025 that allows threat actors to perform cross-domain attacks and maintain persistent access..

Feedback?

That’s a wrap for today!

Before you head out, let me know your thoughts! I’d love to hear any feedback on areas where it could be improved.

Thanks for reading,

David H.