Market & Momentum - 09/08/2025

AI is now an attack toolkit... prompted malware, zero-click WhatsApp exploits, and token theft via Drift/Salesloft integrations. This week’s threat weather demands that defenders move faster than the machines.

In partnership with

Your career will thank you.

Over 4 million professionals start their day with Morning Brew—because business news doesn’t have to be boring.

Each daily email breaks down the biggest stories in business, tech, and finance with clarity, wit, and relevance—so you're not just informed, you're actually interested.

Whether you’re leading meetings or just trying to keep up, Morning Brew helps you talk the talk without digging through social media or jargon-packed articles. And odds are, it’s already sitting in your coworker’s inbox—so you’ll have plenty to chat about.

It’s 100% free and takes less than 15 seconds to sign up, so try it today and see how Morning Brew is transforming business media for the better.

Criminals are scripting their playbooks in AI!

Autonomous ransomware (“Ransomware 3.0”) and zero-click spyware are redefining the battleground. Meanwhile, attackers are looting Salesforce tenants at scale through OAuth token hijacks in Drift/Salesloft.

Defenders must now secure communication apps, AI usage policies, and API tokens with equal urgency.

📈 Risk Forecast – The Week Ahead 📉

Trend (broad)

Likelihood

Impact

What to watch

WhatsApp zero-click spyware attacks

8

9

CVE-2025-55177 targeting Apple devices via messaging

Autonomous AI-crafted ransomware

7

9

LLM-orchestrated malware that evolves at runtime

Drift/Salesloft token theft in Salesforce

6

9

OAuth token misuse enabling CRM data theft

AI-powered monitoring & scanning

7

8

Automated reconnaissance fueling credential capture

Regulatory gaps in local government cyber

5

7

MS-ISAC budget cuts leaving local gov’t exposed

🔎 Key Watchlist Items 🔍
  1. WhatsApp zero-click exploit (CVE-2025-55177)Meta confirmed a messaging-linked flaw combined with Apple OS bugs that allowed spyware installation with no user interaction. The Hacker News reported that updates and Lockdown Mode are musts.

  2. Ransomware 3.0 kicks liveNYU’s PromptLocker prototype demonstrated autonomous LLM-driven ransomware capable of planning, adapting, and executing campaigns.

  3. Drift/Salesloft token attacksOver 700 organizations, including Cloudflare and Palo Alto Networks, were hit via stolen CRM tokens, enabling Salesforce data theft.

  4. AI-driven recon surgeTechRadar flagged automated scans reaching 36,000/sec, feeding credential theft and stealth intrusions.

  5. MS-ISAC budget cutsAxios reported DHS plans to slash funding for MS-ISAC, potentially leaving local governments without threat intel support.

Go from AI overwhelmed to AI savvy professional

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

  • Join the Superhuman AI newsletter - read by 1M+ professionals

  • Learn AI skills in 3 mins a day

  • Become the AI expert on your team

📊 Emerging Patterns 📊

Conversations are the new threat surface: Messaging apps like WhatsApp can now be exploited without a click.

Ransomware is self-assembling: AI-driven malware handles the full kill chain, reducing reliance on operators.

APIs are breaking points: CRM token theft proves SaaS trust chains remain fragile.

Scale comes in silence: AI-driven scans operate below detection thresholds; anomaly hunting is essential.

Public cyber resilience is fraying: With MS-ISAC funding cut, small municipalities lose critical intel.

⏰ Call to Action ⏰

WhatsApp threat: Mandate app + OS updates; enforce Lockdown Mode for high-risk users.

AI ransomware: Deploy runtime behavior monitoring and sandbox detonation for LLM-generated payloads.

Token theft: Audit and rotate Drift/Salesloft tokens; enforce least-privilege OAuth permissions.

Recon defense: Throttle edge scanning; alert on credential stuffing and login anomalies.

MS-ISAC gap: Provide internal intelligence briefs to fill the vacuum for dependent municipalities.

⚡ Monday Motivation ⚡

When researchers dropped PromptLocker ransomware as a proof-of-concept, defenders dissected it before criminals could operationalize.

This shows the defensive community still holds the first-mover advantage when it acts fast.

Threats don’t wait for your process… they script around it. Your edge is response speed.

J.W.

(P.S. Forward to your CISO / Add to Board Briefing.)

The Free Newsletter Fintech Execs Actually Read

Most coverage tells you what happened. Fintech Takes is the free newsletter that tells you why it matters. Each week, I break down the trends, deals, and regulatory shifts shaping the industry — minus the spin. Clear analysis, smart context, and a little humor so you actually enjoy reading it.