Zoom CISO Defends AI Role, Microsoft Faces Researcher Backlash, and China-Linked Group Targets Czech Republic and Taiwan

Zoom Chief Information Security Officer Sandra McLeod stated this week that artificial intelligence will act as a security enabler, not a role replacer, as the company defends against a rising tide of threats. Meanwhile, Microsoft faces backlash for threatening legal action against a researcher who published zero-day exploits. These developments come as a China-aligned group ramps up attacks on the Czech Republic and Taiwan, and as supply chain attacks hit the developer community.

In an interview with Dark Reading, McLeod highlighted that Zoom handles over 3 billion daily meeting minutes globally and sees AI as critical to triaging alerts and automating incident response workflows, not as a job killer for security analysts. She described AI as a way to "close the talent gap" rather than eliminate positions.

Zero-Day Legal Threats Generate Backlash

Microsoft has drawn sharp criticism after a security researcher posted several zero-day exploits online, prompting the company to indicate criminal charges might be filed. The researcher reportedly published the exploits due to frustration with Microsoft's patch process. Security professionals have warned that legal threats could deter responsible disclosure and push researchers to sell vulnerabilities on the black market.

• Microsoft's legal warning came after the researcher disclosed flaws in Windows and other products over a two-week period.
• The company had previously faced similar controversies, including a 2023 incident when it threatened a researcher who revealed a vulnerability in Azure.
• Industry groups like the Internet Bug Bounty program have publicly criticized Microsoft's approach, urging clearer disclosure policies.

China-Aligned Group Targets Czech Republic and Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting government, research, academic, technology, and financial services sectors in the Czech Republic and Taiwan. According to Seqrite Labs, the attackers use spear-phishing emails containing ZIP attachments to deliver an AdaptixC2 agent. The campaign appears to be the work of a China-aligned threat actor.

The activity represents an escalation in targeting by Chinese-affiliated groups, which have historically focused on Asia-Pacific regions but are now expanding into Central Europe. The Czech government confirmed it is investigating the attacks.

OpenAI Codex Supply Chain Attack and WP Maps Pro Plugin Exploit

Cybersecurity researchers have discovered a malicious npm package named codexui-android, which masquerades as a remote web UI for OpenAI Codex but actually steals authentication tokens. The package attracted over 29,000 weekly downloads on GitHub and npm before being reported. It is still available for download as of this writing, prompting warnings to developers to review their dependencies.

Separately, threat actors are actively exploiting a critical flaw in WP Maps Pro, a WordPress plugin with over 15,000 sales on Envato Market. The vulnerability allows attackers to create malicious administrator accounts on affected sites. Site owners have been urged to update the plugin immediately.

These incidents underscore the widening attack surface in both open-source supply chains and popular CMS plugins. Organizations are advised to conduct code reviews and apply patches promptly. Zoom's McLeod recommends that security teams invest in AI-driven tools to prioritize patches, but warns that automation cannot replace human judgment in threat hunting.