17.11.25 Threat Report

This week, several important developments have emerged that UK  organisations should be aware of to strengthen their defenses.

Serious AI Bugs Found in Meta, Nvidia, and Microsoft Frameworks

Security researchers discovered critical vulnerabilities in popular AI frameworks used by major companies like Meta, Nvidia, and Microsoft. These bugs can allow attackers to execute malicious code or disrupt AI-based services.

Healthcare is increasingly adopting AI for diagnostics, patient management, and research. Vulnerabilities in AI tools can lead to wrong medical decisions, data manipulation, or system downtime. Ensuring AI systems are secure is now part of protecting patient safety and data integrity.

Recommendations

• Stay up to date on vendor patches and security advisories for AI software.
• Test AI systems regularly for vulnerabilities and unexpected behaviors.
• Limit AI system access to trusted personnel only.
• Integrate AI security into overall cybersecurity governance frameworks.

North Korean Hackers Using JSON Services to Deliver Malware

North Korean hacker groups have started hiding malware inside JSON services—a common way apps share data—to secretly infect computers. By disguising malicious code as normal data, they bypass traditional security checks, making it harder to detect infections.

Healthcare systems rely heavily on data exchange and APIs that use JSON. If attackers exploit these channels, they can silently install malware to steal patient data, disrupt medical devices, or spy on internal communications. This threatens patient privacy and safety.

Recommendations

• Implement strict validation and filtering of all incoming JSON data.
• Use advanced malware detection tools that inspect data payloads, not just files.
• Isolate critical systems from less secure networks to limit malware spread.
• Educate staff about phishing and suspicious links that may trigger malware downloads.

RondoDox Botnet Exploits Unpatched XWiki Servers

RondoDox is a dangerous botnet—a network of infected computers controlled by hackers. Recently, it has been spreading by attacking XWiki servers that haven't been updated (or "patched") with the latest security fixes. These unpatched servers become easy entry points, allowing the botnet to add more devices under its control.

Many healthcare organizations use web applications similar to XWiki for collaboration and documentation. If these systems are left vulnerable, attackers can hijack servers, slow down operations, or launch bigger attacks from within. This can lead to data breaches, interrupted services, and harm to patient care.

Recommendations

• Regularly update all software and web applications, especially platforms like XWiki.
• Conduct security audits to identify and patch vulnerabilities promptly.
• Monitor network traffic for unusual activity indicating botnet infections.
• Train IT teams on timely patch management and incident response.

To learn how threat intelligence can help your organisation stay ahead of these evolving cyber risks, or to discuss how Periculo’s experts can support your security strategy, get in touch with us today.