---
title: Threat Intelligence Center - Capstone Technologies Group
description: Security scanning detects unauthorized AI model deployments including Claude, OpenAI, and HuggingFace instances. Detection methods and remediation for…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=182
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=182.
markdown-tokens: 1321
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=182. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image of cybersecurity scanning for unauthorized AI models, highlighting threat vectors and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/fc319ccc5d.jpg) ](https://captechgroup.com/threat-intelligence-center/scanning-for-ai-models-reveals-unauthorized-claude-1f6e2c "Scanning for AI Models Reveals Unauthorized Claude, OpenAI Deployments in Professional Networks")  Security teams scanning professional service networks are discovering unauthorized AI model deployments, including instances of Claude, OpenAI, HuggingFace, and associated tools like ClawdBot, MoltBot, and OpenClaw. These unmanaged AI implementations create significant compliance and data exposure risks, particularly for medical, legal, and accounting firms handling sensitive client information.



 

 

 

 

  [ ![Conceptual image of cybersecurity showing predictive shielding to stop lateral movement and protect data from threat vectors.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/ea5c235cb8.jpg) ](https://captechgroup.com/threat-intelligence-center/domain-compromise-contained-through-predictive-shi-b00da5 "Domain Compromise Contained Through Predictive Shielding Stops Lateral Movement")  When attackers compromise a domain account, the window to contain the threat is measured in minutes. This case study examines how predictive shielding technology identified anomalous behavior patterns associated with a domain compromise and automatically isolated the threat before lateral movement could propagate across the network.



 

 

 

  [ ![Conceptual cybersecurity image illustrating threat vectors targeting professional services for data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/bf9e0200f8.jpg) ](https://captechgroup.com/threat-intelligence-center/encystphp-webshell-scans-target-professional-servi-672f5b "EncystPHP Webshell Scans Target Professional Service Firms April 13")  On April 13th, security monitoring detected widespread scanning activity for EncystPHP webshell installations targeting professional service firms including medical practices, law offices, and accounting firms. EncystPHP is a persistent web-based backdoor that provides attackers remote command execution and file management capabilities once deployed.



 

 

 

  [ ![Conceptual image of cybersecurity with Gemini AI detecting scam ads, enhancing digital security and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/a51d01b9d0.jpg) ](https://captechgroup.com/threat-intelligence-center/google-removes-602-million-scam-ads-using-gemini-a-6d31cc "Google Removes 602 Million Scam Ads Using Gemini AI Detection")  Google has removed 602 million scam advertisements through AI-powered detection using Gemini, its advanced language model. This enforcement action demonstrates how machine learning systems can identify and eliminate deceptive advertising at scale.



 

 

 

  [ ![Conceptual cybersecurity image illustrating threat vectors and data protection against Microsoft Defender zero-day exploits.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/dd7b7df383.jpg) ](https://captechgroup.com/threat-intelligence-center/microsoft-defender-zero-days-exploited-in-wild-blu-70346e "Microsoft Defender Zero-Days Exploited in Wild, BlueHammer and RedSun Active")  A security researcher has disclosed two additional zero-day vulnerabilities affecting Microsoft Defender, with all three flaws now confirmed exploited in active attacks. The CVE-2026-33825 vulnerability and related bypass techniques are being weaponized by BlueHammer and RedSun malware campaigns.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from obfuscated JavaScript malware via MSBuild and PowerShell.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/48c9ca3c2a.jpg) ](https://captechgroup.com/threat-intelligence-center/obfuscated-javascript-malware-delivers-formbook-th-507e82 "Obfuscated JavaScript Malware Delivers Formbook Through MSBuild and PowerShell")  Security researchers have identified an active campaign leveraging obfuscated JavaScript to deliver Formbook, a credential-stealing infostealer, through MSBuild and PowerShell execution chains. This multi-stage attack exploits legitimate Windows build tools to bypass traditional endpoint detection.



 

 

 

  [ ![Conceptual image of AI voice agents targeting Asterisk VoIP systems, highlighting cybersecurity and digital security threats.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/51daebceba.jpg) ](https://captechgroup.com/threat-intelligence-center/athr-vishing-platform-targets-asterisk-voip-system-abec14 "ATHR Vishing Platform Targets Asterisk VoIP Systems With AI Voice Agents")  Security researchers have identified ATHR, a vishing platform that automates voice phishing attacks through AI-powered voice agents targeting Asterisk VoIP systems. The platform leverages WebRTC technology to conduct large-scale voice-based social engineering campaigns, significantly lowering the operational burden for attackers.
