Canary Trap’s Bi-Weekly Cyber Roundup
Welcome to Canary Trap’s Bi-Weekly Cyber Roundup. Our mission is to keep you informed with the most pressing developments in the world of cybersecurity. This digest serves as your gateway to critical updates and emerging threats across the industry.
This week in cybersecurity, a wave of incidents highlights the growing complexity of digital threats, from AI sidebar spoofing attacks targeting popular browsers like ChatGPT Atlas and Perplexity Comet, to critical software flaws in Motex LANSCOPE and Adobe Commerce now under active exploitation. Meanwhile, a massive Prosper data breach exposed over 17 million accounts, and hackers infiltrated airport systems across North America to spread politically charged messages. Each case underscores the urgent need for stronger security measures, vendor scrutiny, and rapid vulnerability response in an increasingly connected world.
- AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk
Cybersecurity firm SquareX has revealed a new phishing technique called AI Sidebar Spoofing, showing how malicious browser extensions can mimic trusted AI chat interfaces.
The attack was successfully demonstrated against ChatGPT Atlas and Perplexity’s Comet, but SquareX warns the issue extends to mainstream browsers like Edge, Brave, and Firefox, all of which feature AI-powered sidebars or assistants such as Copilot and Gemini.
AI sidebars are built to help users interact with on-page content using AI prompts. However, SquareX researchers found that attackers can exploit this feature by distributing malicious extensions that replicate the legitimate sidebar interface. Once installed, the extension injects a fake sidebar using JavaScript, visually identical to the original.
When users unknowingly interact with the spoofed sidebar, the attacker-controlled extension can intercept prompts and manipulate responses, for example, by inserting malicious commands, redirecting users to phishing sites, or even executing reverse shells for remote access.
Although these extensions need common permissions like host and storage access, such requests are typical for legitimate tools, making detection harder. SquareX also noted that spoofed sidebars can be embedded directly into websites, but malicious extensions pose a greater risk since they can operate on any page.
SquareX has shared its findings with Perplexity and OpenAI. While OpenAI has implemented safeguards in Atlas to limit browser and file system access, the firm cautions that social engineering remains an effective attack vector, users can still be tricked into installing harmful extensions or following unsafe chatbot instructions.
Attacks leveraging fake AI interfaces have previously targeted other large language models, including ChatGPT, Gemini, Copilot, Claude, and DeepSeek, underscoring the growing threat of browser-based AI impersonation.
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) Adds Motex LANSCOPE Flaw to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Motex LANSCOPE Endpoint Manager vulnerability, tracked as CVE-2025-61932 (CVSS v4 score: 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw stems from improper verification of communication sources, which could allow attackers to execute arbitrary code remotely by sending specially crafted network packets. The issue affects the on-premises client and detection agent components of LANSCOPE Endpoint Manager.
According to Motex, the vulnerability impacts versions 9.4.7.1 and earlier, with fixes available in versions 9.3.2.7 through 9.4.7.3.
Under Binding Operational Directive (BOD) 22-01, federal agencies must patch this vulnerability by November 12, 2025, to mitigate exploitation risks. CISA also urges private organizations to review and remediate affected systems promptly to prevent potential compromise.
- Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk
Cybersecurity firm Sansec has confirmed that attackers are now actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms.
The flaw, tracked as CVE-2025-54236 with a CVSS score of 9.1, stems from improper input validation that allows attackers to bypass key security features. Adobe released hotfixes on September 9th for versions 2.4.4 through 2.4.7, urging users to patch immediately.
According to Sansec, exploitation activity surged this week, with roughly 250 attacks observed in a single day, involving PHP webshells and phpinfo probes. The vulnerability, nicknamed “SessionReaper,” became a high-priority target after Adobe’s patch details leaked prior to the official fix.
Compounding the risk, Searchlight Cyber recently released a technical breakdown of SessionReaper, which is expected to accelerate automated attacks. Sansec warns that mass exploitation could occur within 48 hours, noting that only 38% of affected stores have applied the hotfix.
Adobe has since updated its advisory, confirming in-the-wild exploitation of the bug. The vulnerability poses a serious threat, potentially allowing customer account takeovers through the Commerce REST API.
Businesses running Magento or Adobe Commerce are strongly advised to apply the latest patches immediately to prevent compromise.
- Prosper Data Breach Impacts 17.6 Million Accounts
Peer-to-peer lending platform Prosper has reportedly suffered a massive data breach impacting more than 17 million individuals, according to breach notification service Have I Been Pwned.
Prosper confirmed the incident last month, stating that attackers gained unauthorized access to its systems and stole confidential, proprietary, and personal data. While the company emphasized that no customer accounts or funds were compromised, it acknowledged that the attackers queried and exfiltrated data from a customer information database.
The company claims to have contained the breach and reported the incident to law enforcement, noting that no further unauthorized activity has been observed since September 2nd.
Although Prosper initially mentioned only that Social Security numbers were exposed, Have I Been Pwned’s database now lists additional details associated with 17.6 million accounts, including names, addresses, IPs, email addresses, dates of birth, government IDs, employment and income information, credit status, and browser details.
Prosper says it continues to investigate the scope of the breach and will notify affected individuals as the analysis progresses. The company also plans to offer free credit monitoring and maintains that it has robust security measures in place to protect customer funds.
- Hackers Breach Four North American Airports, Broadcast Political Messages
A coordinated cyberattack on Tuesday disrupted public address and flight information systems across four North American airports, displaying pro-Hamas messages and insults directed at U.S. President Donald Trump and Israeli Prime Minister Benjamin Netanyahu.
The attackers, claiming to be a Turkish group known as SiberIslam, infiltrated systems at Harrisburg International Airport (Pennsylvania), Kelowna International Airport, Victoria International Airport, and Windsor International Airport (Canada). No physical threats or safety issues were identified, but the breaches raised major concerns about vulnerabilities in aviation technology.
The incidents followed a series of similar cyber disruptions targeting global aviation networks. Earlier this year, attacks on check-in and boarding systems across Europe and multiple U.S. and Canadian airlines underscored the growing frequency of such events.
At Harrisburg, loudspeakers broadcasted politically charged messages, while in Kelowna, flight information screens briefly displayed slogans and insults toward political leaders. Local officials confirmed that the intrusion stemmed from a compromised cloud-based third-party provider, and system segregation prevented further escalation.
Both Transport Canada and the Canadian Centre for Cybersecurity have launched investigations, alongside U.S. federal agencies. Officials emphasized the importance of robust network segmentation and vendor risk management to mitigate similar attacks in the future.
Cybersecurity experts have called for urgent reviews of digital infrastructure safeguards, warning that such incidents highlight the persistent risk posed by politically motivated cyber actors targeting critical infrastructure.
References:
https://www.securityweek.com/prosper-data-breach-impacts-17-6-million-accounts/
