Mid-Week Edition AI Security Weekly - 6/18/25

When your production servers, industrial control systems, and backups can all be hit in the same attack cycle, there’s no time for long reads. Here’s what matters this week and—more importantly—what to do about it.

The Critical Issue: Linux CVE-2025-6018 & CVE-2025-6019

Researchers have linked two recently disclosed kernel bugs to an older flaw (CVE-2023-0386) that’s already on CISA’s Known Exploited Vulnerabilities list. Proof-of-concept code demonstrates that attackers can escalate from “low-priv” to full root access on most major distributions in minutes. Patches for SUSE/openSUSE are now live; others are being rolled out. Expect weaponized kits to surface on GitHub and Telegram before the end of the week. https://www.securityweek.com/linux-security-new-flaws-allow-root-access-cisa-warns-of-old-bug-exploitation/

What This Means for Your Organization

• Privilege-escalation shortcuts: Endpoint hardening alone won’t stop a local user or foothold malware from gaining control of the system. • Cloud spill-over risk: Shared images & containers inherit the vulnerable kernel—watch multitenant exposures. • Audit trail gaps: Attackers can tamper with logs once they gain root access, making incident scoping more challenging.

Immediate Actions

✓ Patch or hot-fix within 72 hours—prioritise Internet-facing and high-value workloads. ✓ Isolate unpatched systems behind bastion hosts and enforce multi-factor authentication (MFA) on all SSH connections. ✓ Deploy kernel-level telemetry (eUS Sysmon for Linux) to catch abnormal privilege switches.

Strategic Development: Iran-Linked ICS Malware Bounty

The U.S. State Department is offering US$ $10 million for intel on “Mr Soul/Soll,” tied to the CyberAv3ngers campaign hitting water, energy, and healthcare PLCs. It’s the first time an OT-specific actor has received a Rewards-for-Justice bounty. https://industrialcyber.co/industrial-cyber-attacks/us-offers-10-million-for-intel-on-iran-linked-hacker-in-ics-malware-campaign-against-critical-infrastructure/

Industry Impact: OT defenders should brace for copycat activity and “smoke-screen” ransomware while the actor is hunted. Expect insurers and regulators to tighten disclosure demands around PLC risk.

The Bigger Picture

Linux privilege-escalation exploits and cross-platform Qilin ransomware now arrive in the same threat envelope, compromising both your virtualised infrastructure and the industrial floor. Meanwhile, regulators (e.g., California’s forthcoming AI-safety rules) are sharpening oversight of the very AI tools your teams use to defend these environments. Security strategy can no longer treat IT, OT and AI compliance as silos—your adversaries certainly don’t.

Your Take? How are you balancing rapid patch deployment with production uptime, and who “owns” OT security in your org? Drop a comment 👇

About AI Security Weekly: We condense the noise into executive-ready actions every Monday, Wednesday & Friday. Follow for weekly intelligence

 #CyberSecurity #AISecurity #ThreatIntelligence