cyberlights โ week 39/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
๐ Stellantis says a third-party vendor spilled customer data data breach โ Stellantis confirms a data leak due to a third-party vendor breach, exposing customer names and emails. They have initiated an investigation and warned customers about potential phishing risks. https://www.theregister.com/2025/09/22/stellantis_breach/
โ ๏ธ FBI alerts public to spoofed IC3 site used in fraud schemes cybercrime โ The FBI warns of spoofed IC3 websites designed to steal personal information from users reporting cybercrimes. Users should verify URLs carefully to avoid falling victim to fraud. https://securityaffairs.com/182449/cyber-crime/fbi-alerts-public-to-spoofed-ic3-site-used-in-fraud-schemes.html
๐ฆ Hereโs how potent Atomic credential stealer is finding its way onto Macs malware โ Malicious ads impersonate services like LastPass to spread Atomic Stealer on Macs. Users are warned to avoid clicking ads and to download software only from official websites. https://arstechnica.com/security/2025/09/potent-atomic-credential-stealer-can-bypass-gatekeeper/
๐ฎ Steam game removed after cryptostealer takes over $150K malware โ A Steam game was pulled after a cryptostealer exploited it, stealing over $150,000 from users. The incident highlights the ongoing risks of malware in gaming platforms. https://www.theverge.com/news/782993/steam-blockblasters-crypto-scam-malware
๐ฉ AI โWorkslopโ Is Killing Productivity and Making Workers Miserable privacy โ A study reveals that AI-generated content, termed 'workslop', burdens workers with fixing low-quality outputs, undermining productivity rather than enhancing it. Companies struggle to define AI's benefits amid rising risks. https://www.404media.co/ai-workslop-is-killing-productivity-and-making-workers-miserable/
๐ง Jaguar Land Rover extends shutdown again following cyberattack data breach โ Jaguar Land Rover's operations remain halted due to a cyberattack, with losses estimated at ยฃ50-70 million daily. The shutdown affects thousands of workers and disrupts the broader supply chain. https://therecord.media/jaguar-land-rover-extends-shutdown-again-cyberattack
๐งณ Worried About Phone Searches? 1Passwordโs Travel Mode Can Clean Up Your Data privacy โ 1Passwordโs Travel Mode helps protect your data during phone searches by removing sensitive information temporarily. This feature is ideal for travelers concerned about privacy. https://www.wired.com/story/1password-travel-mode/
โ๏ธ What to do if your company discovers a North Korean worker in its ranks cyber defense โ Companies discovering North Korean IT workers face complex legal and cybersecurity challenges. Experts advise cooperation with the workers, careful monitoring, and engaging law enforcement to mitigate risks. https://cyberscoop.com/north-korean-it-workers-enterprise-risks-sanctions-response/
๐ฐ Researchers say media outlet targeting Moldova is a Russian cutout security research โ Researchers link the online news outlet REST Media to the Russian disinformation group Rybar, revealing its role in influencing Moldova's elections through deceptive tactics and social media. https://cyberscoop.com/researchers-say-media-outlet-targeting-moldova-is-russian-cutout/
๐ฐ Feds Tie โScattered Spiderโ Duo to $115M in Ransoms โ Krebs on Security cybercrime โ U.S. prosecutors charged Thalha Jubair and Owen Flowers, members of the Scattered Spider group, with hacking and extorting over $115 million. Their operations involved significant cyberattacks against major retailers and transport systems. https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
๐ โFind My Parking Copsโ Tracks Officers Handing Out Tickets All Around San Francisco privacy โ Riley Walz created 'Find My Parking Cops,' a site that maps San Francisco parking officers issuing tickets, helping users avoid fines. The city responded by altering access to public data. https://www.404media.co/find-my-parking-cops-tracks-officers-handing-out-tickets-all-around-san-francisco/
โ๏ธ UK arrests man in airport ransomware attack that caused delays across Europe security news โ A man was arrested in connection with a ransomware attack affecting multiple European airports, causing significant flight delays. The attack targeted the MUSE software, with reports suggesting simple ransomware tools were used. https://www.theverge.com/news/784786/uk-nca-europe-airport-cyberattack-ransomware-arrest
๐ Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljรถdata data breach โ A ransomware attack on supplier Miljรถdata exposed personal data of Volvo North America employees, including names and Social Security numbers. Volvo is offering affected individuals 18 months of identity protection services. https://securityaffairs.com/182577/data-breach/volvo-north-america-disclosed-a-data-breach-following-a-ransomware-attack-on-it-provider-miljodata.html
๐จ Cybercrooks publish toddlers' data in 'reprehensible' attack data breach โ The Radiant Group targeted Kido International, leaking sensitive data of toddlers and their parents, including names and addresses. Experts condemned the attack as a severe moral low for cybercriminals. https://www.theregister.com/2025/09/25/ransomware_gang_publishes_toddlers_images/
โ๏ธ DOGE might be storing every Americanโs SSN on an insecure cloud server privacy โ Senate Democrats report that DOGE has transferred sensitive information, potentially including Social Security numbers, to a cloud server, raising concerns about catastrophic security risks. https://www.theverge.com/news/785706/doge-insecure-cloud-server-social-security-numbers
๐ Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts data breach โ The call-recording app Neon has been taken offline after a security flaw exposed users' phone numbers, call recordings, and transcripts. The founder announced the shutdown while failing to address the security lapse. https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/
Some More, For the Curious
๐ค Researchers expose MalTerminal, an LLM malware โ MalTerminal is the first known malware using LLM technology to create malicious code dynamically, complicating detection for defenders. Researchers highlight the evolving threat landscape with LLM-integrated attacks. https://securityaffairs.com/182433/malware/researchers-expose-malterminal-an-llm-enabled-malware-pioneer.html
โ๏ธ Modern Solution: Bundesverfassungsgerich bestรคtigt โ Wegsehen ist sicherer als Aufdecken security news โ Germany's courts penalize a security expert for exposing a major vulnerability in e-commerce software instead of holding the developer accountable, undermining responsible disclosure and IT security. https://www.kuketz-blog.de/modern-solution-bundesverfassungsgerich-bestaetigt-wegsehen-ist-sicherer-als-aufdecken/
๐ฐ $150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations vulnerability โ Researchers earned $150K for exploiting L1TF Reloaded, leaking VM memory from public clouds despite mitigations. The attack demonstrates ongoing risks from transient CPU vulnerabilities. https://securityaffairs.com/182476/security/150k-awarded-for-l1tf-reloaded-exploit-that-bypasses-cloud-mitigations.html
๐ Secret Service says it dismantled extensive telecom threat in NYC area cybercrime โ The Secret Service disrupted a telecom network in NYC, uncovering 300 servers and 100,000 SIM cards used for encrypted communications by threat actors. Concerns about potential disruptions during the U.N. General Assembly were raised. https://cyberscoop.com/secret-service-dismantles-nyc-telecom-threat-un-general-assembly/
๐ Bypassing Mark of the Web (MoTW) via Windows Shortcuts (LNK): LNK Stomping Technique hacking write-up โ The LNK Stomping technique exploits Windows shortcuts to bypass security checks by manipulating file metadata, allowing attackers to execute malicious payloads undetected. This method highlights the evolving nature of cyber threats. https://asec.ahnlab.com/en/90299/
โ ๏ธ Critical Vulnerability in SolarWinds Web Help Desk vulnerability โ SolarWinds disclosed a critical vulnerability (CVE-2025-26399) in its Web Help Desk, allowing unauthenticated remote code execution. Users are urged to update to the latest version immediately. https://cert.europa.eu/publications/security-advisories/2025-034/
๐ก๏ธ EDR Bypass Technique Uses Windows Functions to Put Antivirus Tools to Sleep security research โ The EDR-Freeze technique allows attackers to bypass endpoint detection and response (EDR) tools by using Windows functions to suspend antivirus processes without installing vulnerable drivers. This new method enhances evasion tactics for threat actors. https://thecyberexpress.com/edr-bypass-technique-disables-antivirus/
โ ๏ธ High Vulnerability in Cisco IOS and IOS XE Software warning โ Cisco reported a high-severity vulnerability (CVE-2025-20352) in its IOS and IOS XE software SNMP subsystem, allowing remote code execution or denial of service. Immediate updates and security assessments are recommended. https://cert.europa.eu/publications/security-advisories/2025-035/
โ ๏ธ Worries mount over max-severity GoAnywhere defect vulnerability โ Concerns grow over a high-severity vulnerability (CVE-2025-10035) in GoAnywhere MFT, with evidence of active exploitation. Researchers criticize Forta for lack of transparency regarding the vulnerability's status. https://cyberscoop.com/goanywhere-vulnerability-active-exploitation-september-2025/
๐ Critical Vulnerabilities in Cisco ASA and FTD warning โ Cisco disclosed critical vulnerabilities (CVE-2025-20333, CVE-2025-20363, CVE-2025-20362) in its ASA and FTD software, allowing remote code execution. Immediate updates and compromise assessments are recommended. https://cert.europa.eu/publications/security-advisories/2025-036/
CISA Corner
๐ SonicWall Releases Advisory for Customers after Security Incident security news โ SonicWall alerts customers about a security incident where brute force attacks accessed cloud backup files. Users are urged to verify their account and follow guidance to secure their devices. https://www.cisa.gov/news-events/alerts/2025/09/22/sonicwall-releases-advisory-customers-after-security-incident ๐ CISA Shares Lessons Learned from an Incident Response Engagement cyber defense โ CISA's response to a cyber incident revealed critical vulnerabilities exploited via CVE 2024-36401. Key lessons include the importance of timely patching and robust incident response plans. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-266a ๐ค CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices security news โ CISA issued Emergency Directive ED 25-03, urging federal agencies to address vulnerabilities in Cisco ASA and Firepower devices. Agencies must identify affected devices and transmit memory files for analysis by September 26. https://www.cisa.gov/news-events/alerts/2025/09/25/cisa-directs-federal-agencies-identify-and-mitigate-potential-compromise-cisco-devices
โ ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ CISA has included CVE-2025-10585, a Google Chromium V8 Type Confusion Vulnerability, in its KEV Catalog due to active exploitation risks. Federal agencies must remediate identified vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2025/09/23/cisa-adds-one-known-exploited-vulnerability-catalog
โ๏ธ Dingtian DT-R002 vulnerability โ Dingtian DT-R002 relay boards have critical vulnerabilities (CVE-2025-10879 and CVE-2025-10880) that allow unauthorized retrieval of credentials. Users are urged to restrict access and enhance security measures. https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 โ๏ธ CISA Releases Six Industrial Control Systems Advisories vulnerability โ CISA issued six advisories detailing vulnerabilities in various Industrial Control Systems, including AutomationDirect and Mitsubishi Electric. Users are urged to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/09/23/cisa-releases-six-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.