cyberlights โ week 30/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
๐จ Critical Vulnerabilities in Microsoft SharePoint vulnerability โ Microsoft has disclosed critical vulnerabilities in SharePoint, enabling remote code execution. Active exploitation is occurring, necessitating immediate isolation and mitigation actions for affected servers. Comment: The big one this week. https://cert.europa.eu/publications/security-advisories/2025-027/
๐ซ UK wants to weasel out of demand for Apple encryption back door privacy โ Under US pressure, the UK government is reportedly backing down from its demand for Apple to create a back door for iCloud encryption, avoiding a major privacy conflict. https://www.theverge.com/news/710504/uk-apple-encryption-back-door-icloud-adp-backing-down
๐ธ A Startup is Selling Data Hacked from Peoplesโ Computers to Debt Collectors privacy โ A startup is profiting by selling hacked data from over 50 million computers to various industries, raising ethical and legal concerns about privacy violations and exploitation of victims. https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/
๐ก WhoFi: Unique 'fingerprint' based on Wi-Fi interactions security research โ Italian researchers have developed 'WhoFi,' a biometric identifier using Wi-Fi signal distortions to track individuals across locations, potentially enhancing privacy-preserving surveillance methods. https://www.theregister.com/2025/07/22/whofi_wifi_identifier/
๐ฆ Arch Linux users told to purge Firefox forks after AUR malware scare malware โ Compromised packages of Firefox-based browsers from the Arch User Repository contained a Remote Access Trojan. Users are advised to uninstall affected browsers and check for security breaches. https://www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
๐๏ธ Copilot Vision on Windows 11 sends data to Microsoft servers privacy โ Microsoft's new Copilot Vision feature for Windows 11 captures user screens for AI analysis, sending data to its servers, raising privacy concerns. The update also introduces various AI tools and changes to system error displays. https://www.theregister.com/2025/07/23/microsoft_copilot_vision/
๐ฃ Fake Zoom Call Lures for Zoom Workplace Credentials cybercrime โ A phishing campaign exploits Zoom connection issues to trick users into entering credentials on a fake login page, leveraging urgency and deceptive URLs to harvest sensitive information. https://cofense.com/blog/fake-zoom-call-lures-for-zoom-workplace-credentials
โ ๏ธ Googleโs AI Is Destroying Search, the Internet, and Your Brain security news โ A Pew Research report reveals that Google's AI summary feature significantly reduces clicks on external links, threatening the traffic and business of many websites and blogs by prioritizing AI-generated content. https://www.404media.co/googles-ai-is-destroying-search-the-internet-and-your-brain/
๐จ Kriminelle versenden gefรคlschte Warnungen, um an Facebook warning โ Kriminelle versenden gefรคlschte Warnungen, um an Facebook-Zugangsdaten zu gelangen. Nutzer sollten ihr Passwort รคndern und sich an Facebook wenden, um ihr Konto zu sichern. https://www.watchlist-internet.at/news/kriminelle-versenden-fake-warnungen-um-facebook-accounts-zu-hacken/
๐ The EFF turns 35, but there's plenty more to do privacy โ As the Electronic Frontier Foundation celebrates 35 years, it continues to combat threats to privacy and free speech, focusing on issues like government surveillance, encryption, and data harvesting. https://www.theregister.com/2025/07/24/eff_turns_35/
๐ถ The Age-Checked Internet Has Arrived security news โ New UK laws require strict age verification for accessing adult content, sparking concerns over privacy, data security, and the effectiveness of such measures in protecting children online. https://www.wired.com/story/the-age-checked-internet-has-arrived/
๐ BlackSuit ransomware gangโs darknet websites seized by police cybercrime โ Police from over nine countries seized the darknet sites of the BlackSuit ransomware gang, which is linked to over $500 million in extortion demands, including attacks on notable organizations. https://therecord.media/blacksuit-ransomware-gang-website-takedown
๐ซ Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan data breach โ The dating safety app Tea suffered a breach exposing user data, including selfies and IDs, which were posted on 4chan. The app confirmed the data is from two years ago. https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/
๐ฝ Microsoft exec admits it 'cannot guarantee' data sovereignty privacy โ Microsoft acknowledges it cannot guarantee data sovereignty for EU customers due to the Cloud Act, which allows US authorities access to data stored by US-based tech firms, raising privacy concerns. https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/
๐ Allianz Life says 'majority' of customers' personal data stolen in cyberattack data breach โ Allianz Life confirmed that hackers stole personal information from the majority of its 1.4 million customers during a July 16 breach, utilizing social engineering to access a third-party CRM system. https://techcrunch.com/2025/07/26/allianz-life-says-majority-of-customers-personal-data-stolen-in-cyberattack/
๐ฎ Hacker sneaks infostealer malware into early access Steam game malware โ A hacker compromised the early access Steam game Chemia, injecting infostealer malware that harvests user data. Users are advised to avoid the game until confirmed safe. https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/
Some More, For the Curious
๐ Mass attack spree hits Microsoft SharePoint zero-day defect vulnerability โ A critical zero-day vulnerability in Microsoft SharePoint is being actively exploited, allowing unauthorized access to sensitive data. Immediate action is advised to mitigate risks. https://cyberscoop.com/microsoft-sharepoint-zero-day-attack-spree/ ๐ Disrupting active exploitation of on-premises SharePoint vulnerabilities vulnerability โ Microsoft warns of active exploitation of SharePoint vulnerabilities CVE-2025-49706 and CVE-2025-49704 by Chinese threat actors, urging immediate patching and security measures to prevent ransomware deployment. https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ๐ What to know about ToolShell, the SharePoint threat under mass exploitation vulnerability โ A critical vulnerability in SharePoint (CVE-2025-53770) is under mass exploitation, allowing remote code execution. Microsoft has linked the attacks to Chinese state actors, emphasizing the need for urgent patching and inspection of affected systems. https://arstechnica.com/security/2025/07/what-to-know-about-toolshell-the-sharepoint-threat-under-mass-exploitation/ ๐ ToolShell: a story of five vulnerabilities in Microsoft SharePoint vulnerability โ Multiple vulnerabilities in SharePoint, dubbed ToolShell, are under active exploitation, allowing attackers to gain full control over servers. Organizations are urged to apply patches immediately to mitigate risks. https://securelist.com/toolshell-explained/117045/
๐ Google Online Security Blog: Introducing OSS Rebuild: Open Source, Rebuilt to Last cyber defense โ Google's OSS Rebuild project aims to enhance trust in open source by automating the reproduction of package builds, helping prevent supply chain attacks without burdening maintainers. http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
๐ Hardcoded credentials found in HPE Aruba Instant On Wi vulnerability โ HPE disclosed critical hardcoded credentials in Aruba Instant On Wi-Fi devices, allowing attackers to bypass authentication. Firmware updates are available to mitigate the vulnerabilities. https://securityaffairs.com/180230/security/hardcoded-credentials-hpe-aruba-instant-on-wi-fi-devices.html
โ๏ธ Another npm Supply Chain Attack: The 'is' Package Compromise cybercrime โ The 'is' package was compromised after attackers phished an old maintainer's account, leading to malicious versions being published. Developers are urged to check dependencies and implement security measures. https://www.stepsecurity.io/blog/another-npm-supply-chain-attack-the-is-package-compromise
๐ Detecting ADCS Privilege Escalation cyber defense โ The blog discusses how to detect privilege escalation in Active Directory Certificate Services (ADCS) through auditing and alerts, emphasizing the need for proper logging to identify vulnerabilities. https://www.blackhillsinfosec.com/detecting-adcs-privilege-escalation/
โ ๏ธ Critical Vulnerability in Popular npm form-data Package Used Across Millions of Installs vulnerability โ A serious flaw in the npm form-data package could lead to data injection attacks. Many projects remain at risk due to outdated versions despite available patches. https://socket.dev/blog/critical-vulnerability-in-popular-npm-form-data-package
๐ European authorities arrest alleged admin of notorious Russian crime forum XSS cybercrime โ Authorities have arrested the alleged admin of XSS.is, a major Russian cybercrime forum, uncovering over $7 million in cybercrime proceeds through surveillance of their communications. https://techcrunch.com/2025/07/23/european-authorities-arrest-alleged-admin-of-notorious-russian-crime-forum-xss/
๐ก๏ธ Sophos fixed two critical Sophos Firewall vulnerabilities vulnerability โ Sophos has patched five vulnerabilities in its Firewall, including two critical flaws that could enable remote code execution. Users with automatic updates enabled are protected without action needed. https://securityaffairs.com/180283/security/sophos-addressed-five-sophos-firewall-vulnerabilities.html
๐ CrushFTP zero-day exploited in the wild warning โ CrushFTP is facing active exploitation of a zero-day vulnerability (CVE-2025-54309) allowing unauthorized admin access. Users are urged to check for signs of compromise and update to patched versions. https://cert.europa.eu/publications/security-advisories/2025-028/
๐ค AI slop and fake reports are coming for your bug bounty programs security news โ The rise of AI-generated low-quality bug reports, dubbed 'AI slop,' is overwhelming bug bounty platforms with false vulnerabilities, complicating the detection of genuine security issues. https://techcrunch.com/2025/07/24/ai-slop-and-fake-reports-are-exhausting-some-security-bug-bounties/
๐ 20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability vulnerability โ A vulnerability in Cisco ISE allows unauthenticated remote code execution via command injection, enabling attackers to gain root access. The flaw was patched under CVE-2025-20281 and CVE-2025-20337. https://www.thezdi.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability
๐ Supply-chain attacks on open source software are getting out of hand cybercrime โ Recent supply-chain attacks have compromised multiple npm packages, exposing user data and allowing attackers to execute malicious code. Developers are urged to monitor their dependencies and implement security measures. https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/
CISA Corner
โ ๏ธ CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 โToolShell,โ to Catalog warning โ CISA has identified CVE-2025-53770, a Microsoft SharePoint vulnerability, as actively exploited, urging federal agencies to address it to mitigate significant risks. https://www.cisa.gov/news-events/alerts/2025/07/20/cisa-adds-one-known-exploited-vulnerability-cve-2025-53770-toolshell-catalog โ ๏ธ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning โ CISA has identified four new vulnerabilities in CrushFTP, Google Chromium and SysAid On-Prem to add to its KEV Catalog, emphasizing their active exploitation and risks to federal networks, urging prompt remediation by agencies. https://www.cisa.gov/news-events/alerts/2025/07/22/cisa-adds-four-known-exploited-vulnerabilities-catalog โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has included two new vulnerabilities regarding Microsoft SharePoint in its KEV Catalog, emphasizing their active exploitation and risks to federal networks, urging timely remediation by agencies. https://www.cisa.gov/news-events/alerts/2025/07/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
โ๏ธ CISA Releases Nine Industrial Control Systems Advisories vulnerability โ CISA has issued nine advisories detailing vulnerabilities and security issues related to various Industrial Control Systems, urging users to review for mitigations and technical details. https://www.cisa.gov/news-events/alerts/2025/07/22/cisa-releases-nine-industrial-control-systems-advisories โ๏ธ CISA Releases Six Industrial Control Systems Advisories vulnerability โ CISA has published six advisories detailing vulnerabilities and security issues in various Industrial Control Systems, urging users to review them for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/07/24/cisa-releases-six-industrial-control-systems-advisories
๐ก๏ธ #StopRansomware: Interlock security news โ A joint advisory details the Interlock ransomware, which targets organizations via unique methods and employs a double extortion model. Recommendations for mitigation are provided to enhance cybersecurity. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.