Cybersecurity Today Living off the Land Attacks and Emerging Cyber Threats
Dec 3, 2025
Explore the growing threat of 'living off the land' attacks, where hackers exploit legitimate Windows tools to conceal their activities. Discover the alarming trend of phishing campaigns using spoofed Calendly invites targeting Google and Meta credentials. Learn about a significant data breach at the University of Pennsylvania linked to unpatched Oracle vulnerabilities. Finally, delve into the intriguing world of AI jailbreaks, where research reveals that syntactic patterns can enable exploits in large language models.
AI Snips
Chapters
Transcript
Episode notes
Trusted Utilities Can Be The Threat
- Living off the land attacks hide by using trusted Microsoft utilities instead of malicious binaries.
- Detection requires behavioral logging and baselines, not just signature-based EDR alerts.
Log Behavior And Limit Privileges
- Log and analyze what built-in utilities do to spot deviations from normal behavior.
- Apply zero trust and least-privilege controls to limit misuse of system tools.
Branded Calendly Phishing For Ad Accounts
- Attackers sent fake Calendly invites branded like real companies to phish Google and Meta ad credentials.
- The campaign targeted ad managers to quickly run fraudulent ad spends billed to victims.