Good afternoon, Cyber Security enthusiast!

Cisco is partnering with Hugging Face to tackle a major vulnerability in the open-source world. The joint effort will scan every public file on the massive AI model hub, aiming to secure the AI supply chain from hidden threats.

By enhancing the open-source ClamAV engine and releasing the new detection capabilities for free, this initiative makes powerful security tools broadly accessible. How might this widespread, proactive scanning shift the landscape of trust and risk for developers relying on open-source AI?

In today’s Cyber Security recap:

• Cisco to scan every AI model on Hugging Face

• A widespread campaign targeting Microsoft SharePoint

• California's new rules for AI and automated systems

• CrowdStrike expands its AI security services

Securing the AI Supply Chain

The Recap: Cisco and Hugging Face are launching a new strategic relationship to scan every public file on the massive AI model hub, aiming to secure the open-source AI supply chain from malware.

Unpacked:

• The partnership enhances the open-source ClamAV engine, enabling it to detect malicious code hidden in common AI model formats like .pkl and .pt.

• With nearly 1.9 million models on Hugging Face, the updated ClamAV is now the only antivirus engine on VirusTotal specifically focused on AI model risks.

• Cisco is democratizing this security by releasing the enhanced ClamAV detection capabilities for free to everyone, extending protection beyond its own customers.

Bottom line: This collaboration marks a crucial industry shift toward proactively securing the AI supply chain, rather than just reacting to threats. For developers and organizations, this provides a vital layer of trust and reduces the risk of deploying compromised open-source AI models.

CrowdStrike's AI Push

The Recap: CrowdStrike is expanding its AI Security Services to help organizations secure their internal AI systems and integrate AI into their security operations.

Unpacked:

• The move addresses accelerating threats from AI-savvy adversaries, like the SCATTERED SPIDER group, which now deploys ransomware in just 24 hours post-takeover.

• A new AI Systems Security Assessment helps companies find risks across their environments, including shadow AI, sensitive data exposure, and model vulnerabilities.

• The AI for SecOps Readiness service provides teams a clear roadmap to adopt AI in their workflows, including use case prioritization and "build vs. buy" recommendations.

Bottom line: This signals a critical shift in cybersecurity, moving beyond defending against AI attacks to securing the AI tools businesses are rapidly adopting. It equips security teams to manage AI risk proactively rather than simply reacting to new threats.

California's New AI Rules

The Recap: The California Privacy Protection Agency (CPPA) adopted major updates to its privacy law, creating strict new rules for companies using AI and automated systems. Businesses will soon need to provide consumers with opt-out rights and conduct detailed risk assessments.

Unpacked:

• The new rules apply broadly to any Automated Decision-Making Technology (ADMT), including spreadsheets and databases used for critical decisions in areas like hiring or lending.

• Companies must now offer clear ways for consumers to opt-out of automated decision-making and provide an appeals process that includes human oversight.

• Compliance for ADMT requirements begins on January 1, 2027, giving businesses a runway to prepare for the changes.

Bottom line: These regulations set a new standard for AI governance in the United States, likely influencing future federal and state laws. Building responsible AI frameworks now will give developers and companies a significant competitive edge.

ReVault!

The Recap: A widespread campaign is actively exploiting a critical vulnerability in on-premises Microsoft SharePoint servers. Attackers can gain full remote access without credentials, stealing cryptographic keys to ensure persistent, stealthy access.

Unpacked:

• The exploit, dubbed "ToolShell," grants unauthenticated remote access by chaining two vulnerabilities, including CVE-2025-53770, which requires just a single HTTP request to compromise a server.

• Attackers focus on stealing cryptographic keys from the server, which allows them to forge trusted access tokens and maintain control even after official patches are applied.

• The attack's scale is global and accelerating, with over 9,300 servers already publicly identified as exposed and vulnerable online.

Bottom line: This campaign creates a persistent backdoor that survives simple patching, requiring deeper investigation to ensure full remediation. It underscores a critical shift where attackers increasingly target logic flaws within trusted applications to bypass standard perimeter and endpoint security.

The Shortlist

IBM X-Force detailed a new Malware-as-a-Service (MaaS) operation named CastleBot, which uses trojanized software installers to deliver payloads ranging from infostealers to backdoors like NetSupport and WarmCookie.

CISA issued an emergency directive for a high-severity vulnerability (CVE-2025-53786) in on-premises Microsoft Exchange servers, allowing authenticated attackers to escalate privileges into connected Microsoft 365 environments.

Netskope released BEAM, an open-source tool that analyzes network traffic behavior to detect supply chain attacks by identifying when applications communicate with unusual hosts.

CyberArk uncovered details on 'Plague,' a new Linux backdoor that operates as a malicious Pluggable Authentication Module (PAM) to bypass system authentication and establish persistent SSH access.