cyberlights - week 29/2025
from 📰wrzlbrmpft's cyberlights💥
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🕵️♂️ willhaben & PayLivery: Wie Kriminelle einen eigentlich sicheren Service ausnutzen cybercrime – Fraudsters manipulate victims into leaving a secure platform for WhatsApp, disguising their communications to bypass security checks, aiming for money transfers under false pretenses. https://www.watchlist-internet.at/news/willhaben-paylivery-sicheres-service/
🚨 CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe vulnerability – A critical vulnerability in Citrix NetScaler, CVE-2025-5777, is actively exploited worldwide, prompting urgent patching recommendations from CISA as attackers target sensitive data. Risks are particularly high for federal networks. https://cyberscoop.com/citrixbleed2-exploits-spread/
💔 Episource is notifying millions of people that their health data was stolen data breach – Episource has disclosed a cyberattack affecting over 5.4 million individuals, compromising personal and health data, including medical records and insurance information, attributed to ransomware. https://techcrunch.com/2025/07/14/episource-is-notifying-millions-of-people-that-their-health-data-was-stolen/
🚆 Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years vulnerability – A critical vulnerability allows hackers to remotely lock train brakes, known since 2012 but only recently addressed by the railroad industry, posing serious safety risks. https://www.404media.co/hackers-can-remotely-trigger-the-brakes-on-american-trains-and-the-problem-has-been-ignored-for-years/
🎮 FBI Seizes NSW2U, PS4PKG Domains in $170 Million Game Piracy Investigation cybercrime – The FBI has seized major domains involved in video game piracy, impacting sites like nsw2u, which offered early access to pirated games. Estimated losses reach $170 million, highlighting serious legal repercussions for such activities. https://thecyberexpress.com/fbi-seizes-nsw2u-ps4pkg-domains/
🔍 Meta fixes bug that could leak users' AI prompts and generated content vulnerability – Meta has resolved a security flaw that allowed users to access others' AI prompts and responses, discovered by a researcher who received a $10,000 bounty. No evidence of exploitation was found. https://techcrunch.com/2025/07/15/meta-fixes-bug-that-could-leak-users-ai-prompts-and-generated-content/
🔒 6554 marks the fifth actively exploited Chrome Zero vulnerability – CVE-2025-6554 is the fifth actively exploited zero-day vulnerability in Chrome for 2025, concerning a type-confusion issue in the V8 engine. Google has issued patches and is aware of existing exploits. https://securityaffairs.com/180001/hacking/cve-2025-6554-marks-the-fifth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html
🛒 UK retail giant Co-op confirms hackers stole all 6.5 million customer records data breach – Co-op confirmed a cyberattack resulted in the theft of 6.5 million customer records, including personal details. The breach was part of a broader campaign affecting the UK retail sector. https://techcrunch.com/2025/07/16/uk-retail-giant-co-op-confirms-hackers-stole-all-6-5-million-customer-records/
👶 Adoption Agency Data Exposure Revealed Information About Children and Parents data breach – A recent data exposure incident at an adoption agency compromised sensitive information about children and their parents, highlighting ongoing privacy and security concerns within such organizations. https://www.wired.com/story/adoption-agency-data-exposure-revealed-information-about-children-and-parents/
💼 Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal privacy – Meta investors have settled a lawsuit alleging mishandling of the Cambridge Analytica scandal, with unclear terms, while seeking $8 billion in damages related to data privacy violations. https://therecord.media/meta-investors-zuckerberg-settle-privacy-lawsuit
🔓 Hackers are trying to steal passwords and sensitive data from users of Signal clone cybercrime – Hackers are exploiting a vulnerability in the TeleMessage app, a Signal clone used by officials, to steal usernames, passwords, and sensitive data. The flaw has been recognized by CISA as actively exploited. https://techcrunch.com/2025/07/17/hackers-are-trying-to-steal-passwords-and-sensitive-data-from-users-of-signal-clone/
🍞 Loaf and order: Belgian police launch bread-based cybersecurity campaign cyber defense – Belgian police are promoting cybersecurity awareness by printing tips on bakery bags, aiming to reach those less engaged with digital media and educate the public about online fraud and scams. https://grahamcluley.com/loaf-and-order-belgian-police-launch-bread-based-cybersecurity-campaign/
📹 Ring reintroduces video sharing with police security news – Ring has resumed allowing police to request user footage through a partnership with Axon, reversing its previous stance on video sharing. Users can choose to share footage, which will be encrypted. https://www.theverge.com/news/709836/ring-police-video-sharing-police-axon-partnership
🔑 Authorities released free decryptor for Phobos and 8base ransomware cybercrime – Japanese police have released a free decryptor for Phobos and 8Base ransomware, enabling victims to recover files without paying ransom. The tool is available on official sites and promotes safe recovery practices. https://securityaffairs.com/180108/malware/authorities-released-free-decryptor-for-phobos-and-8base-ransomware.html
🔒 For privacy and security, think twice before granting AI access to your personal data privacy – As AI tools increasingly request extensive access to personal data, users should be cautious. Granting such access can pose significant privacy and security risks, often for minimal benefit. https://techcrunch.com/2025/07/19/for-privacy-and-security-think-twice-before-granting-ai-access-to-your-personal-data/
Some More, For the Curious
🔓 Framework 13. Press here to pwn vulnerability – The Framework 13 laptop has a vulnerability allowing BIOS reset via a tamper switch, compromising critical security settings without vendor fixes available. Users should be cautious in unsecured environments. https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/
⌚️ WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch security research – The article discusses a project enhancing interoperability, privacy, and user autonomy for Apple Watch users with Android phones. https://arxiv.org/abs/2507.07210
🕵️♂️ Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise security research – A phishing campaign compromised npm packages, injecting malicious code. Developers are urged to check their installs and secure accounts against similar threats. https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise
🔧 Thread Support for Flipper Zero, Part 1: Introduction hacking write-up – This article introduces the integration of OpenThread with Flipper Zero, enhancing its smart home capabilities while discussing technical challenges and upcoming features in the series. https://cujo.com/blog/thread-support-for-flipper-zero-part-1-introduction/
🛠️ Severity Arbitrary File Write in Git CLI I Arctic Wolf vulnerability – A high-severity arbitrary file write vulnerability (CVE-2025-48384) in Git allows malicious repositories to execute code when cloned, posing risks mainly to macOS and Linux users. Immediate upgrades are recommended. https://arcticwolf.com/resources/blog/poc-available-for-high-severity-arbitrary-file-write-in-git-cli-cve-2025-48384/
🤖 Curl creator mulls nixing bug bounty awards to stop AI slop security news – Daniel Stenberg, founder of curl, considers ending the bug bounty program due to an influx of low-quality AI-generated bug reports, which now constitute 20% of submissions, overwhelming the small security team. https://www.theregister.com/2025/07/15/curl_creator_mulls_nixing_bug/
🐛 Hackers exploit a blind spot by hiding malware inside DNS records cybercrime – Hackers are embedding malware in DNS records, using hexadecimal encoding to evade detection, allowing malicious binaries to be fetched through overlooked DNS traffic. This technique poses significant security challenges. https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/
🕵️♂️ Cato CTRL™ Threat Actor Profile: IntelBroker cybercrime – Kai Logan West, known as IntelBroker, led a major data brokerage operation causing over $25 million in damages before his arrest in 2025. His methods exploited basic security flaws, revealing vulnerabilities in cybercriminal OPSEC. https://www.catonetworks.com/blog/cato-ctrl-threat-actor-profile-intelbroker/
🔐 SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices vulnerability – A financially motivated group, UNC6148, is exploiting fully patched SonicWall SMA 100 devices using stolen admin credentials for data theft and possible ransomware deployment, despite the vendor's support efforts. https://cyberscoop.com/sonicwall-sma100-attacks/
🚨 Operation Eastwood disrupted operations of pro cybercrime – Operation Eastwood, a coordinated effort by international law enforcement, disrupted the pro-Russian hacker group NoName057(16), taking down over 100 systems and issuing several arrest warrants amid ongoing DDoS attacks. https://securityaffairs.com/180027/cyber-crime/operation-eastwood-disrupted-operations-of-pro-russian-hacker-group-noname05716.html
💻 GitHub abused to distribute payloads on behalf of malware-as-a-service cybercrime – Cisco's Talos team uncovered a malware-as-a-service operation using GitHub accounts to distribute various malicious software, including the Emmenhtal loader and Amadey malware, exploiting GitHub's accessibility in enterprise networks. https://arstechnica.com/security/2025/07/malware-as-a-service-caught-using-github-to-distribute-its-payloads/
⚠️ Critical Vulnerabilities in Cisco ISE warning – Cisco has identified three critical vulnerabilities in its Identity Services Engine (ISE), allowing attackers to execute arbitrary code. Users are urged to update affected versions immediately. https://cert.europa.eu/publications/security-advisories/2025-025/
⚠️ Critical Vulnerabilities in VMWare Products warning – VMware has released a security advisory for three critical vulnerabilities allowing code execution on affected devices, urging immediate updates, especially for internet-facing virtual machines. https://cert.europa.eu/publications/security-advisories/2025-026/
📍 A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations security research – Researchers found a Middle Eastern surveillance vendor exploiting a new SS7 attack to track phone locations by bypassing carrier security measures, raising concerns about the increasing use of such exploits for location tracking. https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/
🚨 CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild vulnerability – A critical zero-day vulnerability in CrushFTP (CVE-2025-54309) allows attackers to gain administrator access and is currently being exploited. CrushFTP has released mitigation techniques and identified affected versions. https://www.tenable.com/blog/cve-2025-54309-crushftp-zero-day-vulnerability-exploited-in-the-wild
🔮 Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release vulnerability – A critical SQL injection vulnerability in Fortinet FortiWeb (CVE-2025-25257) was exploited within hours of a proof-of-concept release, compromising multiple systems. Immediate patching is advised. https://securityaffairs.com/180118/hacking/fortinet-fortiweb-flaw-cve-2025-25257-exploited-hours-after-poc-release.html
CISA Corner
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a known exploited vulnerability in Wing FTP Server to its catalog, urging federal agencies and all organizations to prioritize remediation to protect against cyber threats. https://www.cisa.gov/news-events/alerts/2025/07/14/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a known exploited vulnerability in Fortinet FortiWeb to its KEV Catalog, urging federal agencies and all organizations to prioritize remediation to protect against cyber threats. https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog
⚙️ CISA Releases Six Industrial Control Systems Advisories vulnerability – CISA has published six advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the details and implement mitigations to enhance security. https://www.cisa.gov/news-events/alerts/2025/07/15/cisa-releases-six-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has published three new advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the details and implement necessary mitigations. https://www.cisa.gov/news-events/alerts/2025/07/17/cisa-releases-three-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.