Threat Briefing: December 5, 2025

Cyber threats are escalating rapidly, exposing how inventive and dangerous modern attackers have become. The FBI reports account-takeover scams have already cost victims $262 million, driven by AI-powered phishing. Researchers also found that simple poetic prompts can jailbreak AI systems, raising new concerns about model security.

Meanwhile, insider attacks, risky collaboration tools like Microsoft Teams guest access, and a record-breaking 30 Tbps DDoS attack stopped by Cloudflare highlight a growing truth: cyber risk is expanding in scale and sophistication. Proactive defense is no longer optional, it’s essential.

• FBI Sounds Alarm on $262M Account Takeover Scam Losses – The FBI is warning of a spike in account takeover (ATO) scams that have already caused $262 million in losses, driven by criminals impersonating financial institutions and using AI-powered phishing. With the holiday season approaching, the risk is rising, prompting renewed calls for individuals and organizations to strengthen cybersecurity defenses. The Hacker News
• Researchers Show Rhyming Prompts Can Jailbreak AI – Researchers have found that using rhyming, poetic prompts can jailbreak leading AI models, dramatically increasing the likelihood of unsafe responses. In tests across 1,200 prompts, attack success rates jumped from 8% to 43% on systems from major AI providers, highlighting how creative language can expose weaknesses in AI safety controls. Dark Reading
• Twins Charged in Major Federal Data Breach- Muneeb and Sohaib Akhter were arrested for allegedly stealing and deleting sensitive government data from multiple federal agencies, including DHS and the IRS. In a week-long February attack, they wiped 96 databases and accessed personal information of at least 450 people. Both have prior cybercrime convictions from 2015. Cyberscoop
• MS Teams Guest Access Creates Security Vulnerabilities – Researchers warn that Microsoft Teams’ guest access can bypass Defender protections, exposing users to attacks from external tenants. A new feature allowing chats via email increases risk, as attackers can create “protection-free zones” to deliver malicious invitations. Organizations should limit guest access to trusted domains and enforce strong security controls. The Hacker News
• AISURU Botnet Behind Record-Breaking DDoS Attack – Cloudflare mitigated the largest DDoS attack ever recorded—29.7 Tbps over 69 minutes—linked to the AISURU botnet, which has infected up to 4 million devices. The attack underscores the growing scale and sophistication of cyber threats targeting online infrastructure. The Hacker News