Threat Briefing: August 15, 2025

Recent developments in the cybersecurity landscape highlight a troubling escalation in both scale and sophistication of threats. A $577 million Estonian crypto fraud case, critical security flaws uncovered in GPT-5, and an unprecedented collaboration between cybercrime gangs like Scattered Spider, ShinyHunters, and Lapsus$ all point to increasingly organized digital crime.

At the same time, new zero-click exploits such as AgentFlayer show how attackers are abusing AI tools like ChatGPT Connectors to steal sensitive data, while the extradition of Ghanaian nationals behind a $100 million fraud scheme underscores the global scope of cybercriminal networks.

Together, these events serve as a stark reminder that security risks are evolving faster than defenses, demanding greater vigilance from organizations worldwide.

• Estonian Duo Sentenced in $577M Crypto Mining Fraud – Two men behind the HashCoins and HashFlare Ponzi scheme received 16-month prison terms after defrauding hundreds of thousands of investors with fake mining equipment and services. Authorities seized $450 million in assets linked to the $577 million scam. The Record
• GPT-5 Faces Harsh Security Criticism – Despite claims from Microsoft and OpenAI, researchers uncovered major vulnerabilities in GPT-5’s default version. SPLX testing gave it low marks in security, safety, and business alignment, raising concerns about its reliability. CyberScoop
• Three Infamous Cybercrime Gangs Join Forces – Scattered Spider, ShinyHunters, and Lapsus$ briefly united in a Telegram channel to coordinate high-profile breaches targeting retail, tech, and government sectors through social engineering and advanced hacking tactics. The Register
• AgentFlayer Zero-Click Exploit Targets ChatGPT Connectors – The attack embeds hidden prompts in documents to hijack Connectors, enabling data theft from Google Drive and other third-party apps while bypassing existing security controls. Hackread
• $100M Fraud Ringleaders Extradited to U.S. – Four Ghanaian nationals accused of running romance scams and business email compromise schemes between 2016 and 2023 have been extradited to face federal charges. Prosecutors say they laundered millions through intermediaries, and each faces up to 20 years in prison. BleepingComputer