Business

Cybersecurity faces new challenges as AI hijacking and supply chain breaches emerge

Sunday, 30 November 2025 9:11AM UTC

Recent weeks have seen a surge in sophisticated cyber threats, including fake Windows updates and AI-driven attacks, alongside rising supply chain vulnerabilities exposing sensitive data and demanding urgent adaptation from cybersecurity professionals ahead of Black Friday.

A surge in cyber threats has marked recent weeks, highlighting the evolving tactics of attackers and underlining the increasing complexities faced by cybersecurity professionals. Among the noteworthy developments is the rise of a sophisticated new attack vector leveraging fake “Windows Update” screens, which serve as a compelling lure for users to unwittingly download malware. This method, part of the so-called ClickFix attacks, employs multi-stage delivery chains and unconventional techniques to bypass traditional security defences, illustrating a growing trend of more cunning social engineering combined with technical stealth.

In parallel, security researchers have identified vulnerabilities in widely used online code formatting services, such as JSONFormatter and CodeBeautify. These platforms have been found to inadvertently expose sensitive credentials, including API keys, private keys, and configuration files. Such leaks are particularly concerning given the prevalence of these tools among developers, making them a lucrative target for threat actors seeking to access protected systems through compromised secrets.

Another innovative threat uncovered by cybersecurity experts at Cato Networks involves an attack named "HashJack." This technique can hijack AI-powered browsers and assistants through indirect prompt injections, enabling attackers to deliver phishing links or disinformation, exfiltrate sensitive user data, or manipulate users into performing dangerous actions. The emergence of such threats highlights the challenges posed by the integration of artificial intelligence into everyday technologies, where security frameworks must evolve rapidly to counteract sophisticated manipulations.

Further intensifying the cybersecurity landscape is the recent breach affecting Gainsight-published applications, which has ramifications for Salesforce customers. Although the total extent of affected users remains unclear, Salesforce has released indicators of compromise and timelines revealing that malicious reconnaissance and unauthorised access began as early as November 8. This incident underscores the persistent risk posed by third-party software vulnerabilities within enterprise ecosystems. Salesforce’s guidance for investigation and mitigation reflects a broader industry push to enhance supply chain security and transparency following numerous high-profile breaches.

Meanwhile, as Black Friday 2025 approaches, cybersecurity experts caution consumers and organisations to critically assess the plethora of promotional offers flooding inboxes. While much of the marketing creates artificial urgency, there are genuine opportunities to acquire important cybersecurity tools and services at reduced costs. Security professionals recommend focusing on practical, high-value purchases that can bolster protection without succumbing to the noise of superficial deals.

In the context of these developments, it is clear that cybersecurity is increasingly defined by a blend of traditional vigilance and the need to adapt to new threats emerging from technological advances such as AI and cloud services. The combination of technical innovation and social engineering in attacks necessitates a well-rounded approach encompassing advanced detection, user education, and proactive vulnerability management to mitigate risks effectively.

📌 Reference Map:

^[1] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[2] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[3] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[4] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[5] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[6] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6
^[7] (Help Net Security) - Paragraphs 1, 2, 3, 4, 5, 6

Source: Noah Wire Services

More on this

https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - Please view link - unable to able to access data
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.
https://www.helpnetsecurity.com/2025/11/30/week-in-review-fake-windows-update-fuels-malware-salesforce-details-gainsight-breach/ - This article provides a comprehensive overview of recent cybersecurity developments, including the emergence of fake 'Windows Update' screens used in ClickFix attacks, the exposure of sensitive credentials on popular code formatting sites like JSONFormatter and CodeBeautify, and the discovery of the 'HashJack' attack that can hijack AI browsers and assistants. It also discusses the Gainsight breach, detailing the attack window and providing investigation guidance, as well as insights into Black Friday 2025 cybersecurity deals and the importance of distinguishing genuine value from marketing noise.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative presents recent developments, including the emergence of 'ClickFix' attacks using fake Windows Update screens, identified in October 2025. The earliest known publication date of similar content is October 2025. The report includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. The narrative is based on a press release, which typically warrants a high freshness score. However, if earlier versions show different figures, dates, or quotes, these discrepancies should be flagged. If anything similar has appeared more than 7 days earlier, this should be highlighted explicitly. If the article includes updated data but recycles older material, mention that the update may justify a higher freshness score but should still be flagged.

Quotes check

Score: 7

Notes: The narrative includes direct quotes from security researchers at Cato Networks and Salesforce. A search for the earliest known usage of these quotes is recommended. If identical quotes appear in earlier material, this may indicate reused content. If quote wording varies, note the differences. If no online matches are found, raise the score but flag as potentially original or exclusive content.

Source reliability

Score: 9

Notes: The narrative originates from Help Net Security, a reputable organisation known for its coverage of cybersecurity topics. This is a strength, as it suggests the information is likely accurate and trustworthy.

Plausability check

Score: 8

Notes: The claims about the 'ClickFix' attacks using fake Windows Update screens are plausible and align with known cybersecurity threats. The report lacks supporting detail from other reputable outlets, which should be flagged. The narrative includes specific factual anchors, such as dates and events, which support its credibility. The language and tone are consistent with typical cybersecurity reporting.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative presents recent developments in cybersecurity, including the emergence of 'ClickFix' attacks using fake Windows Update screens, identified in October 2025. The information is sourced from Help Net Security, a reputable organisation, and includes direct quotes from security researchers. While the report lacks supporting detail from other reputable outlets, the claims are plausible and align with known cybersecurity threats. The language and tone are consistent with typical cybersecurity reporting.

Cybersecurity
AI security
Supply chain vulnerability