cyberlights - week 24/2025
from ๐ฐwrzlbrmpft's cyberlights๐ฅ
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
๐ญ Over 20 Malicious Crypto Wallet Apps Found on Google Play, CRIL Warns security research โ More than 20 malicious apps on Google Play impersonate popular crypto wallets, tricking users into revealing their mnemonic phrases and risking their digital assets. https://thecyberexpress.com/new-crypto-phishing-campaign/
๐พ US air traffic control still runs on Windows 95 and floppy disks security news โ The FAA plans to replace outdated air traffic control systems still using Windows 95 and floppy disks, citing critical infrastructure needs despite skepticism about timely modernization. https://arstechnica.com/information-technology/2025/06/faa-to-retire-floppy-disks-and-windows-95-amid-air-traffic-control-overhaul/
โ๏ธ A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account vulnerability โ A researcher exploited a vulnerability to uncover any Google account's linked phone number, raising privacy concerns for users at risk of SIM swapping. Google has since fixed the issue. https://www.wired.com/story/a-researcher-figured-out-how-to-reveal-any-phone-number-linked-to-a-google-account/
โ๏ธ Airlines Don't Want You to Know They Sold Your Flight Data to DHS privacy โ Major airlines sold U.S. travelers' flight data, including personal and financial details, to Customs and Border Protection, raising privacy concerns over surveillance and data transparency. https://www.404media.co/airlines-dont-want-you-to-know-they-sold-your-flight-data-to-dhs/
๐น 40,000 cameras expose feeds to datacenters, health clinics privacy โ Security researchers accessed 40,000 exposed cameras globally, including those in sensitive locations, raising privacy and espionage concerns as vulnerabilities could be exploited by both criminals and state actors. https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/
๐ Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders cybercrime โ UNFI is grappling with a cyberattack that disrupts operations and customer orders, leading to limited shipping and potential shortages in grocery stores. The company is working to restore systems. https://techcrunch.com/2025/06/10/ongoing-cyberattack-at-us-grocery-distributor-giant-unfi-affecting-customer-orders/
๐ ๏ธ Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day vulnerability โ Microsoft's latest security update fixed 66 vulnerabilities, including a zero-day exploited by the Stealth Falcon group for targeted attacks. Users are urged to patch systems due to widespread risks. https://cyberscoop.com/microsoft-patch-tuesday-june-2025/
๐ DNS4EU: Die EU startet eigenen DNS-Resolver-Dienst mit optionalen Filtern privacy โ Die EU hat DNS4EU eingefรผhrt, einen eigenen DNS-Resolver-Dienst, der digitale Unabhรคngigkeit fรถrdern soll. Nutzer kรถnnen zwischen verschiedenen Filteroptionen wรคhlen, wรคhrend Datenschutz versprochen wird. https://www.kuketz-blog.de/dns4eu-die-eu-startet-eigenen-dns-resolver-dienst-mit-optionalen-filtern/
๐ผ Crooks posing as job hunters to malware-infect recruiters cybercrime โ Cybercriminals from FIN6 are targeting recruiters by posing as job seekers and directing them to fake portfolio sites that deliver malware, enabling remote access and credential theft. https://www.theregister.com/2025/06/11/crooks_posing_job_hunters_target_recruiters/
๐ค AI Therapy Bots Are Conducting 'Illegal Behavior,' Digital Rights Organizations Say security news โ Digital rights groups are urging the FTC to investigate Character.AI and Meta for unlicensed therapy bots misleading users about credentials and confidentiality, raising serious ethical concerns. https://www.404media.co/ai-therapy-bots-meta-character-ai-ftc-complaint/
โ ๏ธ Angriffe mit manipulierten SVG warning โ CERT.at warnt vor Phishing-Angriffen, die manipulierte SVG-Dateien als Anhรคnge nutzen, um JavaScript auszufรผhren und sensible Informationen zu stehlen. Sicherheitsmaรnahmen sind dringend erforderlich. https://www.cert.at/de/warnungen/2025/6/phishing-angriffe-mit-manipulierten-svg-dateien-vorsicht-geboten
๐ Apple fixes new iPhone zero-day bug used in Paragon spyware hacks vulnerability โ Apple has patched a zero-day vulnerability exploited by Paragon spyware to hack iPhones of two journalists, revealing the flaw was fixed in the February iOS update but not disclosed until now. https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/
๐ข How to Protest Safely in the Age of Surveillance privacy โ With rising surveillance during protests, individuals should consider both physical and digital security. Key strategies include limiting phone use, using encrypted communication, and being cautious about online activity. https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/
๐ฃ โAnmeldung mit nicht erkanntem Gerรคtโ: Phishing warning โ Phishing attacks are using fake websites that mimic official ones, often with subtle changes in the URL, such as replacing a letter, to deceive victims into revealing sensitive information. https://www.watchlist-internet.at/news/phishing-attacke-paypal/
๐ป Bert Ransomware: What You Need To Know cybercrime โ Bert ransomware encrypts files and demands payment for decryption, also exfiltrating data. Victims are advised to contact hackers for recovery, emphasizing the need for strong cybersecurity measures. https://www.fortra.com/blog/bert-ransomware-what-you-need-know
๐ฎ Dutch police identify users as young as 11-year-old on Cracked.io hacking forum security news โ Dutch police identified 126 users from the dismantled Cracked.io hacking forum, including an 11-year-old, highlighting the involvement of young individuals in cybercrime. Authorities aim to educate and warn them about potential consequences. https://www.bitdefender.com/en-us/blog/hotforsecurity/dutch-police-cracked-io-hacking-forum
๐ฎ Exploiting Heroes of Might and Magic V vulnerability โ The article discusses a vulnerability in Heroes of Might and Magic V related to how the game handles map files, allowing attackers to exploit the game's zip file processing to execute arbitrary code. https://www.synacktiv.com/publications/exploiting-heroes-of-might-and-magic-v.html
Some More, For the Curious
๐พ Internet infamy drives The Comโs crime sprees cybercrime โ The Com, a youth-driven cybercrime group, thrives on notoriety, engaging in serious crimes like sextortion and violence, fueled by economic pressures and a need for belonging. https://cyberscoop.com/the-com-subculture-infamy-crimes/
๐ LinkedIn for OSINT: tips and tricks โ Compass Security Blog hacking write-up โ LinkedIn is a rich source for open-source intelligence, offering insights into individuals and companies. Caution is advised to maintain privacy while gathering useful data for assessments. https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
๐ข Breaking down โEchoLeakโ, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilott vulnerability โ Aim Labs discovered a zero-click AI vulnerability called EchoLeak in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction, highlighting critical security risks in AI applications. https://www.aim.security/lp/aim-labs-echoleak-blogpost
โ ๏ธ High Severity Vulnerabilities in Gitlab Products vulnerability โ GitLab released security updates addressing multiple high-severity vulnerabilities, including account takeover and XSS issues. Users are urged to update affected installations promptly. https://cert.europa.eu/publications/security-advisories/2025-020/
๐ก๏ธ Cyber resilience begins before the crisis security news โ Microsoft's Deputy CISO emphasizes the importance of proactive planning and communication for cyber resilience, highlighting misconceptions, actionable steps, and the role of AI in improving response to cyber incidents. https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/
๐ Mitigating prompt injection attacks with a layered defense strategy cyber defense โ Google addresses the rising threat of indirect prompt injection attacks on AI systems by implementing a layered defense strategy, including content classifiers, user confirmation, and URL redaction to enhance security. https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
๐ช Paraguay is Being Targeted by Cybercriminals โ 7.4 Million Citizen Records for Sale data breach โ A significant data breach in Paraguay has exposed 7.4 million citizen records for sale on the dark web, linked to cybercriminals who demand a ransom. The incident highlights increasing cybersecurity threats in the region. https://www.resecurity.com/blog/article/paraguay-is-being-targeted-by-cybercriminals-74-million-citizen-records-for-sale
๐ชฉ NTLM reflection is dead, long live NTLM reflection! โ An in-depth analysis of CVE-2025-33073 security research โ The article analyzes CVE-2025-33073, a vulnerability allowing NTLM reflection attacks, detailing its exploitation, patching process, and emphasizing the importance of SMB signing for enhanced security. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025.html
๐ง the Microsoft way (part 89): user group policies don't deserve tamper protection vulnerability โ The article discusses vulnerabilities in user group policies on Windows, highlighting how unprivileged users can bypass restrictions by manipulating registry files. Recommendations for countermeasures are provided. https://seclists.org/fulldisclosure/2025/Jun/13
๐ฎ Hijacked Trust: How Malicious Actors Exploited Discordโs Invite System to Launch Global Multi-Stage Attacks cybercrime โ Attackers hijacked expired Discord invite links to redirect users to malicious servers, using fake bots and phishing sites to steal credentials and deploy malware, primarily targeting cryptocurrency users. https://blog.checkpoint.com/research/hijacked-trust-how-malicious-actors-exploited-discords-invite-system-to-launch-global-multi-stage-attacks/
๐๏ธ Check Point Research Warns of Holiday-Themed Phishing Surge as Summer Travel Season Begins cybercrime โ Phishing scams spike with over 39,000 new vacation-related domains; cybercriminals mimic trusted platforms to steal personal and payment information from travelers. https://blog.checkpoint.com/research/check-point-research-warns-of-holiday-themed-phishing-surge-as-summer-travel-season-begins/
๐ The Growing Risk of Malicious Browser Extensions security research โ Malicious browser extensions are increasingly hijacking user sessions and manipulating content, posing serious risks to privacy and security, with recent campaigns targeting sensitive data and financial information. https://socket.dev/blog/the-growing-risk-of-malicious-browser-extensions
๐ช Reflective Kerberos Relay Attack Against Domain vulnerability โ The Reflective Kerberos Relay Attack allows low-privileged users to gain NT AUTHORITY\SYSTEM privileges on domain-joined Windows systems without SMB signing, posing a high security risk. A patch is available. https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-002/
CISA Corner
๐ Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider security news- CISA warns that ransomware actors are exploiting unpatched vulnerabilities in SimpleHelp RMM to compromise utility billing software providers, urging immediate action for software updates and mitigations. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a
โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has added two vulnerabilities in Erlang/OTP SSH Server and Roundcube Webmail to their catalog. https://www.cisa.gov/news-events/alerts/2025/06/09/cisa-adds-two-known-exploited-vulnerabilities-catalog โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has added two vulnerabilities in Wazuh and WebDAV to its KEV Catalog. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog
โ๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ CISA issued four advisories addressing vulnerabilities in industrial control systems by SinoTrack, Hitachi, MicroDicom and Assured Telematics. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-releases-four-industrial-control-systems-advisories โ๏ธ CISA Releases Ten Industrial Control Systems Advisories vulnerability โ CISA has published ten advisories addressing vulnerabilities in various industrial control systems by Siemens, AVEVA and PTZOptics. https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.