cyberlights - week 31/2025
from 📰wrzlbrmpft's cyberlights💥
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🔍 Hundreds of registered data brokers ignore user requests around personal data privacy – A study reveals that 40% of registered data brokers in California ignore user requests for data access, highlighting a need for stronger enforcement of privacy laws. https://cyberscoop.com/data-brokers-california-ccpa-non-compliance-privacy/
🚫 Vienna Latino Festival 2025: Tickets für offenbar nicht stattfindendes Event im Verkauf warning – Tickets for the Vienna Latino Festival are being sold, but the venue claims no event is scheduled. Consumers are advised not to purchase tickets until confirmed. https://www.watchlist-internet.at/news/vienna-latino-festival-2025-tickets-fuer-offenbar-abgesagtes-event-im-verkauf/
🫖 A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating data breach – A second breach of the Tea app has exposed sensitive user messages about abortions and cheating, risking user privacy despite claims of legacy data issues. https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/
✈️ Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel cybercrime – A cyberattack attributed to pro-Ukrainian hackers disrupted Aeroflot's operations, leading to numerous flight cancellations and significant financial damage, as claimed by the hackers. https://arstechnica.com/security/2025/07/pro-ukrainian-hackers-take-credit-for-attack-that-snarls-russian-flight-travel/
📞 Orange, France’s largest telecoms company, hit by cyberattack data breach – Orange has detected a cyberattack affecting its internal systems, causing service disruptions for customers, though no data extraction has been confirmed at this stage. https://therecord.media/orange-telecom-france-cyberattack
⚠️ 40,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin vulnerability – Over 40,000 WordPress sites using the vulnerable Post SMTP plugin could be hijacked, as low-privileged users can intercept sensitive emails. Many remain unpatched despite a fix being available. https://www.bitdefender.com/en-us/blog/hotforsecurity/40-000-wordpress-websites-at-risk-of-being-hijacked-due-to-vulnerable-post-smtp-plugin
💰 Research shows data breach costs have reached an all-time high cybercrime – The average data breach cost for U.S. companies rose to $10.22 million in 2025, driven by higher regulatory fines, while global costs decreased. Cyberattacks remain the leading cause of breaches. https://cyberscoop.com/ibm-cost-data-breach-2025/
⚠️ PyPI maintainers alert users to email verification phishing attack warning – PyPI warns users of phishing emails from noreply@pypj[.]org impersonating official communications, urging users to verify emails through fake sites to steal credentials. Users are advised to be cautious and change passwords if affected. https://securityaffairs.com/180585/hacking/pypi-maintainers-alert-users-to-email-verification-phishing-attack.html
😈 Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims security news – Avast has released a decryptor for FunkSec ransomware, aiding 113 victims after the gang's brief operation from December 2024 to March 2025, which reportedly utilized AI in its attacks. https://therecord.media/funksec-ransomware-decryptor-avast
🔒 Ready or not, age verification is rolling out across the internet privacy – The UK has begun implementing age verification for sites hosting adult content, raising privacy concerns as platforms collect sensitive user data. Other countries are expected to follow suit with varying methods and risks. https://www.theverge.com/analysis/715767/online-age-verification-not-ready
🎮 Scammers Unleash Flood of Slick Online Gaming Sites – Krebs on Security cybercrime – Fraudsters are promoting over 1,200 scam gaming sites via social media, offering fake bonuses and ultimately stealing cryptocurrency deposits from users. These scams utilize deceptive ads and automated support systems. https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/
📦 Users left scrambling for a plan B as Dropbox drops Dropbox Passwords security news – Dropbox will discontinue its password manager, Dropbox Passwords, by October 28, 2025, transitioning users to a view-only mode and recommending 1Password as an alternative. https://www.theregister.com/2025/07/30/dropbox_drops_dropbox_passwords/
⚠️ Attackers actively exploit critical zero-day in Alone WordPress Theme vulnerability – Hackers are exploiting a critical vulnerability (CVE-2025-5394) in the Alone WordPress theme, allowing unauthenticated users to upload files and execute remote code, leading to site takeovers. https://securityaffairs.com/180630/hacking/attackers-actively-exploit-critical-zero-day-in-alone-wordpress-theme.html
🔊 Microsoft's Azure AI Speech needs just seconds of audio to spit out a convincing deepfake security news – Microsoft's Azure AI Speech has been upgraded to generate voice replicas with just seconds of audio, raising concerns over the potential for malicious uses like audio deepfakes. https://www.theregister.com/2025/07/31/microsoft_updates_azure_ai_speech/
🛫 Spying on People Through Airportr Luggage Delivery Service privacy – CyberX9 researchers discovered vulnerabilities in Airportr’s website that exposed personal information and travel plans of users, including government officials, and allowed potential super-admin access. https://www.schneier.com/blog/archives/2025/08/spying-on-people-through-airportr-luggage-delivery-service.html
⚖️ Flo settles class action lawsuit alleging improper data sharing privacy – Flo settled a lawsuit claiming it improperly shared sensitive menstrual data with Meta, leaving Meta to face potential billions in damages as trial approaches. Plaintiffs allege data sharing violated user trust. https://therecord.media/flo-app-settlement-class-action-suit-data-sharing-meta
🌽 Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data data breach – Lovense fixed security vulnerabilities that exposed user data and is considering legal action over reports about the bugs, despite claiming no evidence of data misuse. A researcher disclosed the flaws earlier this year. https://techcrunch.com/2025/08/01/sex-toy-maker-lovense-threatens-legal-action-after-fixing-security-flaws-that-exposed-users-data/
Some More, For the Curious
🧺 How I hacked my washing machine ¶ hacking write-up – A cybersecurity student shares their experience of reverse engineering a smart washing machine's app, creating notifications for wash cycles, and exploring IoT vulnerabilities. https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine/
🏭 ICS Security with Labshock: Virtual Oil Plant Hacking Tutorial cyber defense – This guide details setting up a virtual oil plant with Labshock and simulating a cyberattack on its PLC and SCADA systems to enhance ICS security skills. https://blog.nviso.eu/2025/07/29/refinery-raid/
🔐 Google Workspace is rolling out a security update to stop token stealing attacks security news – Google Workspace is implementing a security update aimed at preventing token stealing attacks, enhancing protection for user accounts against unauthorized access. https://www.theverge.com/news/715117/google-workspace-dbsc-cookie-stealing-attack
🔍 Google Project Zero to publicly announce bugs within a week of reporting them security news – Google Project Zero will now announce discovered vulnerabilities within a week of reporting them to vendors, aiming to improve communication and reduce the risk during patch delays. https://therecord.media/google-project-zero-publicly-announce-vulnerabilities-week-after-reporting
🛜 Hunt for Weak Spots in Your Wireless Network with Airodump hacking write-up – This guide introduces using airodump-ng for wireless penetration testing, focusing on identifying and exploiting access points, while covering essential tools and techniques. https://www.blackhillsinfosec.com/hunt-for-weak-spots-in-your-wireless-network-with-airodump-ng/
💰 In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network cybercrime – Hackers used a Raspberry Pi with a 4G modem to infiltrate a bank's network, employing advanced techniques to hide malware and aiming to manipulate the ATM system for theft. https://arstechnica.com/security/2025/07/in-search-of-riches-hackers-plant-4g-enabled-raspberry-pi-in-bank-network/
🐻❄️ The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware security news – The Russian hacker group Turla is using control over ISPs to plant spyware on targets' computers, exploiting internet traffic manipulation to disable encryption and enable espionage, raising concerns about surveillance. https://www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
🔓 Have I Been Pwned: Pi-hole data breach – A vulnerability in the GiveWP WordPress plugin exposed names and emails of around 30,000 donors to the Pi-hole project, which was reported to Have I Been Pwned. https://haveibeenpwned.com/Breach/ThePi-Hole
🇪🇺 Kommentar zur »EU Data Boundary«: Die Illusion europäischer Souveränität bei der EU-Kommission privacy – The EU's decision to allow Microsoft 365 usage raises concerns over data privacy, as the 'EU Data Boundary' lacks technical verification and does not protect against US access to data, undermining claims of European sovereignty. https://www.kuketz-blog.de/kommentar-zur-eu-data-boundary-die-illusion-europaeischer-souveraenitaet-bei-der-eu-kommission/
☝️ China accuses US of exploiting Microsoft zero-day in cyberattack security news – China alleges U.S. intelligence exploited a Microsoft zero-day vulnerability to conduct cyberattacks on Chinese military enterprises, claiming data theft over an extended period, amid rising tensions over hacking accusations. https://cyberscoop.com/china-accuses-us-of-exploiting-microsoft-zero-day-in-cyberattack/
🐺 Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN I Arctic Wolf cybercrime – Arctic Wolf reports increased ransomware attacks exploiting SonicWall SSL VPNs, possibly due to a zero-day vulnerability, urging organizations to disable the service and implement security best practices. https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/
👁️ Microsoft Recall can still nab credit cards, passwords, info privacy – Microsoft's Recall app, designed to screenshot user activity, fails to adequately filter sensitive information like credit card numbers and passwords, raising privacy concerns and potential risks for users. https://go.theregister.com/feed/www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/
🦣 Extending AD CS attack surface to the cloud with Intune certificates cyber defense – This article discusses how vulnerabilities in Intune's certificate management can be exploited to gain unauthorized access to Active Directory, allowing attackers to impersonate Domain Admins using certificates issued with arbitrary subjects. https://dirkjanm.io/extending-ad-cs-attack-surface-intune-certs/
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has identified three new vulnerabilities in products by Cisco and PaperCut and added them to its KEV Catalog, urging federal agencies to address these risks due to active exploitation by cybercriminals. https://www.cisa.gov/news-events/alerts/2025/07/28/cisa-adds-three-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has issued five advisories regarding vulnerabilities in Industrial Control Systems by Johnson, Fuji, NI, Samsung and Delta, urging users to review the details for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/07/29/cisa-releases-five-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA has issued two advisories regarding vulnerabilities in Güralp seismic monitoring devices and Rockwell Automation services, urging users to review for security details and mitigations. https://www.cisa.gov/news-events/alerts/2025/07/31/cisa-releases-two-industrial-control-systems-advisories
🛠️ Eviction Strategies Tool Released security news – CISA launched the Eviction Strategies Tool to aid cyber defenders in incident response, featuring a playbook and a countermeasures database for effective containment and eviction of adversaries. https://www.cisa.gov/news-events/alerts/2025/07/30/eviction-strategies-tool-released
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
Young Indonesians are stuck at the lowest level of Bloom’s taxonomy: