---
title: Threat Intelligence Center - Capstone Technologies Group
description: Mandiant VP warns AI adoption is reintroducing outdated security practices. Financial services firms face heightened risk from legacy vulnerabilities.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=168
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=168.
markdown-tokens: 1237
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=168. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image illustrating AI's impact on cybersecurity gaps and evolving threat vectors in digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/343745e97c.jpg) ](https://captechgroup.com/threat-intelligence-center/ai-deployment-revives-legacy-cybersecurity-gaps-ma-c57f8e "AI Deployment Revives Legacy Cybersecurity Gaps, Mandiant VP Warns")  As financial services firms accelerate artificial intelligence adoption, security leaders are inadvertently reintroducing vulnerabilities that the industry thought it had resolved.



 

 

 

 

  [ ![Cybersecurity image illustrating threat vectors via Trojanized SumatraPDF and GitHub for enhanced data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/cee8d95adb.jpg) ](https://captechgroup.com/threat-intelligence-center/tropic-trooper-deploys-adaptixc2-via-trojanized-su-e3cf5e "Tropic Trooper Deploys AdaptixC2 via Trojanized SumatraPDF and GitHub")  Tropic Trooper, a Chinese state-sponsored APT group also tracked as APT23, Earth Centaur, KeyBoy, and Pirate Panda, has been observed deploying AdaptixC2 command-and-control infrastructure through a supply chain attack involving trojanized SumatraPDF binaries and GitHub repositories.



 

 

 

  [ ![Conceptual image of automated red-teaming in cybersecurity, highlighting threat vectors and data protection for AI applications.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/2f298ba6ae.jpg) ](https://captechgroup.com/threat-intelligence-center/open-source-framework-enables-automated-red-teamin-183baa "Open-Source Framework Enables Automated Red-Teaming Against AI Applications")  Open-source frameworks now enable automated red-teaming of AI applications, allowing security teams to systematically identify vulnerabilities in machine learning models and AI-driven systems.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from malicious pgserve and automagik tools in npm registry.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c7483f755a.jpg) ](https://captechgroup.com/threat-intelligence-center/malicious-pgserve-and-automagik-developer-tools-fo-12a986 "Malicious pgserve and automagik Developer Tools Found in npm Registry")  Researchers have identified malicious packages pgserve and automagik/genie in the npm registry, linked to the CanisterSprawl and CanisterWorm campaigns. These compromised developer tools represent a significant supply chain attack vector targeting software development environments.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from malicious KICS Docker images and VS Code extensions in supply chains.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/889abf915a.jpg) ](https://captechgroup.com/threat-intelligence-center/malicious-kics-docker-images-and-vs-code-extension-3d84c4 "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain")  Security researchers have identified a supply chain compromise affecting KICS, the open-source infrastructure-as-code scanning tool maintained by Checkmarx. Malicious Docker images and Visual Studio Code extensions have been injected into the distribution pipeline, potentially exposing developers and organizations to code execution risks.



 

 

 

  [ ![Conceptual image illustrating WhatsApp's metadata leaks, highlighting cybersecurity threats and data protection challenges.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/35027bfb52.jpg) ](https://captechgroup.com/threat-intelligence-center/whatsapp-leaks-user-metadata-to-attackers-through-ad78d3 "WhatsApp Leaks User Metadata to Attackers Through Call Feature")  Security researchers have identified a metadata leakage vulnerability in WhatsApp's call feature that exposes user information to attackers. This exposure is particularly concerning for professional service firms in regulated industries—medical practices, law firms, and accounting firms—that rely on WhatsApp for client communications.



 

 

 

  [ ![Cybersecurity image depicting a ransomware negotiator's guilty plea in the BlackCat ALPHV scheme, highlighting digital security threats.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/746450d8aa.jpg) ](https://captechgroup.com/threat-intelligence-center/ransomware-negotiator-pleads-guilty-to-blackcat-al-f49907 "Ransomware Negotiator Pleads Guilty to BlackCat ALPHV Scheme")  Federal prosecutors have secured a guilty plea from a ransomware negotiator involved in the BlackCat ALPHV extortion operation, which has targeted hospitals, universities, and other critical infrastructure. This case demonstrates how ransomware gangs rely on specialized facilitators to extract payments from victims.
