- Mycomputerspot Security Newsletter
- Posts
- Market & Momentum - 09/08/2025
Market & Momentum - 09/08/2025
AI is now an attack toolkit... prompted malware, zero-click WhatsApp exploits, and token theft via Drift/Salesloft integrations. This week’s threat weather demands that defenders move faster than the machines.
J.W. Croley
September 08, 2025
In partnership with
Your career will thank you.
Over 4 million professionals start their day with Morning Brew—because business news doesn’t have to be boring.
Each daily email breaks down the biggest stories in business, tech, and finance with clarity, wit, and relevance—so you're not just informed, you're actually interested.
Whether you’re leading meetings or just trying to keep up, Morning Brew helps you talk the talk without digging through social media or jargon-packed articles. And odds are, it’s already sitting in your coworker’s inbox—so you’ll have plenty to chat about.
It’s 100% free and takes less than 15 seconds to sign up, so try it today and see how Morning Brew is transforming business media for the better.
Criminals are scripting their playbooks in AI!
Autonomous ransomware (“Ransomware 3.0”) and zero-click spyware are redefining the battleground. Meanwhile, attackers are looting Salesforce tenants at scale through OAuth token hijacks in Drift/Salesloft.
Defenders must now secure communication apps, AI usage policies, and API tokens with equal urgency.
Trend (broad) | Likelihood | Impact | What to watch |
|---|---|---|---|
WhatsApp zero-click spyware attacks | 8 | 9 | CVE-2025-55177 targeting Apple devices via messaging |
Autonomous AI-crafted ransomware | 7 | 9 | LLM-orchestrated malware that evolves at runtime |
Drift/Salesloft token theft in Salesforce | 6 | 9 | OAuth token misuse enabling CRM data theft |
AI-powered monitoring & scanning | 7 | 8 | Automated reconnaissance fueling credential capture |
Regulatory gaps in local government cyber | 5 | 7 | MS-ISAC budget cuts leaving local gov’t exposed |
WhatsApp zero-click exploit (CVE-2025-55177) — Meta confirmed a messaging-linked flaw combined with Apple OS bugs that allowed spyware installation with no user interaction. The Hacker News reported that updates and Lockdown Mode are musts.
Ransomware 3.0 kicks live — NYU’s PromptLocker prototype demonstrated autonomous LLM-driven ransomware capable of planning, adapting, and executing campaigns.
Drift/Salesloft token attacks — Over 700 organizations, including Cloudflare and Palo Alto Networks, were hit via stolen CRM tokens, enabling Salesforce data theft.
AI-driven recon surge — TechRadar flagged automated scans reaching 36,000/sec, feeding credential theft and stealth intrusions.
MS-ISAC budget cuts — Axios reported DHS plans to slash funding for MS-ISAC, potentially leaving local governments without threat intel support.
Go from AI overwhelmed to AI savvy professional
AI will eliminate 300 million jobs in the next 5 years.
Yours doesn't have to be one of them.
Here's how to future-proof your career:
Join the Superhuman AI newsletter - read by 1M+ professionals
Learn AI skills in 3 mins a day
Become the AI expert on your team
Conversations are the new threat surface: Messaging apps like WhatsApp can now be exploited without a click.
Ransomware is self-assembling: AI-driven malware handles the full kill chain, reducing reliance on operators.
APIs are breaking points: CRM token theft proves SaaS trust chains remain fragile.
Scale comes in silence: AI-driven scans operate below detection thresholds; anomaly hunting is essential.
Public cyber resilience is fraying: With MS-ISAC funding cut, small municipalities lose critical intel.
WhatsApp threat: Mandate app + OS updates; enforce Lockdown Mode for high-risk users.
AI ransomware: Deploy runtime behavior monitoring and sandbox detonation for LLM-generated payloads.
Token theft: Audit and rotate Drift/Salesloft tokens; enforce least-privilege OAuth permissions.
Recon defense: Throttle edge scanning; alert on credential stuffing and login anomalies.
MS-ISAC gap: Provide internal intelligence briefs to fill the vacuum for dependent municipalities.
When researchers dropped PromptLocker ransomware as a proof-of-concept, defenders dissected it before criminals could operationalize.
This shows the defensive community still holds the first-mover advantage when it acts fast.
Threats don’t wait for your process… they script around it. Your edge is response speed.
J.W.
(P.S. Forward to your CISO / Add to Board Briefing.)
Most coverage tells you what happened. Fintech Takes is the free newsletter that tells you why it matters. Each week, I break down the trends, deals, and regulatory shifts shaping the industry — minus the spin. Clear analysis, smart context, and a little humor so you actually enjoy reading it.