Кибератаки и уязвимости: от шпионства через Wi-Fi до новых угроз в ИИ-браузерах Cyber Attacks and Vulnerabilities: From Wi-Fi Spying to New Threats in AI Browsers

We have compiled the most significant cybersecurity news from the past week.

The BTCFi protocol from Garden Finance has likely suffered a cross-chain hack amounting to over $10.8 million, as reported by on-chain investigator ZachXBT. Previously, the expert indicated that the project might have been involved in laundering funds stolen from the hacks of Bybit and Swissborg.

“It’s ironic that just a few days ago on X, I mentioned that Garden Finance had been ignoring the victims by refusing to return fees, despite more than 25% of their activity being linked to stolen funds,” the analyst noted.

An address associated with the project team sent an on-chain message to the presumed hacker, offering a reward of 10% of the stolen assets.

The Ukrainian Cyber Police, in cooperation with the Vinnytsia police and the SBU, uncovered the organizers of a cryptocurrency fraud scheme. According to law enforcement, two local residents spread information about digital asset exchanges and their «legitimacy verification» through Telegram channels. Using social engineering tactics, they misappropriated victims’ funds.

Among the victims was a German citizen who had 60,000 USDT stolen from him. During searches, authorities seized around $60,000 in cash, 48,000 hryvnias, two vehicles, computer equipment, bank and SIM cards, notes, and other physical evidence. A pre-trial investigation is ongoing.

On October 27, researchers from LayerX identified a critical vulnerability in OpenAI’s new AI browser, Atlas. This flaw allows attackers to inject malicious commands into the memory of ChatGPT and execute arbitrary code.

The vulnerability exploits a Cross-Site Request Forgery (CSRF) mechanism. An attacker can trick the victim’s browser, which is already logged into ChatGPT, into sending a hidden request that alters the bot’s internal memory. The next time the victim interacts with the disabled instructions, it could grant access to their account, browser, or system.

The “prompt injection” is particularly dangerous when using Atlas, as the browser keeps users in a constant authorized session and has minimal built-in anti-phishing protections. Testing showed that Atlas blocks only about 5.8% of phishing attacks, whereas Chrome and Edge block around 50%.

Analysts indicated that the bug affects not only Atlas but also other browsers with access to ChatGPT. The infected memory is associated with the account and can «follow» the user across different devices and software.

Hackers have begun exploiting LinkedIn for phishing attacks targeting executives in financial firms, according to a blog post by Push Security experts. The scammers send personal messages mimicking invitations to join the board of an investment fund to obtain victims’ Microsoft credentials.

When a user clicks on the link, they go through a series of redirects. Upon opening a fake site allegedly containing job descriptions for the fund, the victims are prompted to click a button to «View with Microsoft.» After completing a Cloudflare captcha, a counterfeit login page appears, aimed at stealing usernames and passwords.

A group of German cybersecurity researchers from KASTEL Security Research Labs discovered a new method for identifying individuals through the interception of Wi-Fi traffic called BFId. In an experiment involving 197 participants, the attack demonstrated high accuracy—99.5%.

To scan a person’s gait, unique distortions in Wi-Fi signals are analyzed. The system takes into account factors such as rhythm, speed, and body movement, creating a unique «radio frequency fingerprint.»

According to the experts, the BFId attack successfully identifies people even when their walking style changes, when they wear a backpack, or when they walk faster.

The issue lies in the feedback mechanism used to form the Beamforming Interference (BFI)—a standard Wi-Fi 5 technology intended to enhance network performance. The signal is sent back to the access point in a broadcast, unencrypted format. This problem exists in Wi-Fi 5, Wi-Fi 6 standards, and is likely to persist in the latest Wi-Fi 7.

Experts noted that there is currently no simple and reliable protection method available.

Researchers from Datadog Security Labs reported a new phishing scheme called CoPhish. This scheme leverages legitimate Microsoft Copilot Studio services to steal credentials.

Scammers create fake Copilot agents and send links leading to counterfeit login pages. According to experts, the potential victim enters their information, thereby providing attackers with a session authorization token that allows access to their account. This attack is particularly dangerous for administrators of Microsoft 365 and Entra ID, as they can approve application permissions without validation.

In a comment to Bleeping Computer, Microsoft acknowledged the issue and promised to rectify the vulnerability in future updates. The company emphasized that the attack is based on social engineering, urging users to limit administrator privileges on devices and carefully scrutinize access requests.

Datadog recommended that organizations disable custom app creation, tighten OAuth access policies, and monitor agent creation in Copilot Studio to prevent such attacks.