cyberlights โ week 33/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
๐คฆโโ๏ธ Scam hunter scammed by tax office impersonators security news โ Julie-Anne Kearns, a scam hunter, fell for a refund scam, losing personal information to impersonators, highlighting that anyone can be a victim of online fraud. https://www.malwarebytes.com/blog/news/2025/08/scam-hunter-scammed-by-tax-office-impersonators
๐ต๏ธโโ๏ธ New Website โIs It Really FOSS?โ Tracks Transparency in Open Source Distribution Models privacy โ A new website evaluates if software is genuinely Free and Open Source Software (FOSS), helping users navigate the complex licensing landscape and avoid misleading claims. https://socket.dev/blog/is-it-really-foss
๐ Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere security research โ A security researcher found vulnerabilities in a carmaker's portal that could allow hackers to access customer data and remotely control vehicles, raising serious security concerns. https://techcrunch.com/2025/08/10/security-flaws-in-a-carmakers-web-portal-let-one-hacker-remotely-unlock-cars-from-anywhere/
๐ฎ Inside the Multimillion-Dollar Gray Market for Video Game Cheats cybercrime โ An underground market for video game cheats rakes in millions, with sophisticated tools and services that challenge game developers' anti-cheat systems, raising privacy and security concerns. https://www.wired.com/story/inside-the-multimillion-dollar-grey-market-for-video-game-cheats/
โ ๏ธ CVE-2025-8355 & CVE-2025-8356: Xerox Issues Urgent Fixes for SSRF and RCE Bugs vulnerability โ Xerox has released urgent patches for two critical vulnerabilities in FreeFlow Core that could allow SSRF and RCE attacks, urging users to upgrade to the latest version immediately. https://thecyberexpress.com/xerox-fixes-cve-2025-8355-and-8356/
๐ Wikipediaโs operator loses challenge to UK Online Safety Act rules privacy โ A UK court dismissed Wikimedia's challenge to the Online Safety Act, which could impose user verification on Wikipedia, raising concerns about contributor safety and privacy. https://therecord.media/wikipedia-loses-challenge-online-safety-act-uk
๐ซ Electronic Arts blocks more than 300,000 attempts to cheat after launching Battlefield 6 beta security news โ After launching the Battlefield 6 beta, Electronic Arts blocked over 300,000 cheating attempts and acknowledged the ongoing challenge of maintaining anti-cheat measures in online gaming. https://techcrunch.com/2025/08/11/electronic-arts-blocks-more-than-300000-attempts-to-cheat-after-launching-battlefield-6-beta/
๐ป High-severity WinRAR 0-day exploited for weeks by 2 groups cybercrime โ Two Russian cybercrime groups exploited a high-severity zero-day vulnerability in WinRAR, using it to backdoor systems through malicious archives, highlighting the ongoing threat of unpatched software. https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
๐ Researchers cracked the encryption used by DarkBit ransomware security news โ Profero researchers cracked DarkBit ransomware encryption, allowing victims to recover files for free. The decryptor is not yet released, but weaknesses in the encryption were exploited for recovery. https://securityaffairs.com/181064/malware/researchers-cracked-the-encryption-used-by-darkbit-ransomware.html
๐ Hyundai UK charging customers for luxury of secure car locks security news โ Hyundai is charging UK customers ยฃ49 for a security upgrade to prevent thefts targeting vulnerable Ioniq 5 vehicles, amid rising concerns over keyless car theft methods. https://www.theregister.com/2025/08/12/hyundai_want_secure_locks_on/
๐ Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach data breach โ Hackers leaked 2.8 million sensitive records from Allianz Life, exposing personal and professional data of customers and partners due to a breach in a third-party CRM system accessed via social engineering. https://securityaffairs.com/181093/data-breach/hackers-leak-2-8m-sensitive-records-from-allianz-life-in-salesforce-data-breach.html
๐พ Ransomware crew dumps 43GB Saint Paul files, no ransom paid cybercrime โ The Interlock ransomware gang leaked 43GB of files stolen from Saint Paul, including sensitive internal documents, after the city refused to pay a ransom following a cyberattack that disrupted services. https://www.theregister.com/2025/08/13/ransomware_crew_spills_saint_pauls/
๐ญ Phishing and scams: how fraudsters are deceiving users in 2025 security news โ Phishing tactics are evolving, with AI-driven scams creating highly convincing messages, deepfakes, and personalized attacks targeting sensitive data, including biometrics and signatures, making detection increasingly difficult. https://securelist.com/new-phishing-and-scam-trends-in-2025/117217/
๐ Data Brokers Face New Pressure for Hiding Opt-Out Pages From Google privacy โ Senator Maggie Hassan is urging data brokers to clarify why they obscure opt-out information, making it difficult for users to manage their personal data amid privacy concerns and potential legal violations. https://www.wired.com/story/hassan-data-broker-opt-out-letter/
๐ Zoom patches critical Windows flaw allowing privilege escalation vulnerability โ Zoom fixed a critical Windows client vulnerability (CVE-2025-49457) allowing unauthenticated users to escalate privileges, impacting several Zoom products and posing risks to sensitive corporate data. https://securityaffairs.com/181140/security/zoom-patches-critical-windows-flaw-allowing-privilege-escalation.html
๐จ Italian hotels breached en masse since June, gov confirms security news โ Italy's AGID confirmed a cybercriminal accessed hotel booking systems, stealing nearly 100,000 sensitive ID documents from guests. The government warns of potential scams targeting affected individuals. https://www.theregister.com/2025/08/14/italian_hotels_breached_en_masse/
๐บ๏ธ Instagramโs new Map feature sparks a privacy scandal privacy โ Instagram's new Map feature allows location sharing but has raised privacy concerns, despite being off by default. Experts warn of risks like accidental sharing and stalking, urging users to understand privacy settings. https://moonlock.com/instagram-map-privacy
Some More, For the Curious
๐ต Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds security research โ Researchers revealed that a seven-year-old vulnerability can realistically leak private data from public clouds, challenging the assumption that such attacks are impractical and urging better security measures. https://cyberscoop.com/cloud-security-l1tf-reloaded-public-cloud-vulnerability-exploit/
๐ก๏ธ SonicWall pins firewall attack spree on year-old vulnerability security news โ SonicWall attributes recent ransomware attacks on its Gen 7 firewalls to a previously disclosed vulnerability, CVE-2024-40766, rather than a new zero-day, urging customers to apply patches and enhance security. https://cyberscoop.com/sonicwall-firewall-attacks-old-vulnerability/
๐ฃ Coordinated Brute Force Campaign Targets Fortinet SSL VPN security research โ GreyNoise reported a surge in brute-force attacks on Fortinet SSL VPNs, indicating potential upcoming vulnerabilities. A shift in targeting from FortiOS to FortiManager suggests evolving attacker behavior. https://www.greynoise.io/blog/vulnerability-fortinet-vpn-bruteforce-spike
๐ง Microsoft Patch Tuesday, August 2025 Edition โ Krebs on Security vulnerability โ Microsoft released updates addressing over 100 security flaws, including critical vulnerabilities in Exchange Server and Windows Kerberos. Users are urged to patch promptly to prevent exploitation. https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
๐ ๏ธ Adobe Patch Tuesday Fixes Over 60 Vulnerabilities Across 13 Products vulnerability โ Adobe's August Patch Tuesday addressed over 60 vulnerabilities in 13 products, including critical flaws in Adobe Commerce, Illustrator, and Substance 3D, urging users to update to prevent potential exploits. https://thecyberexpress.com/adobe-security-update-2/
โ ๏ธ Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs vulnerability โ The Dutch NCSC warns that the CVE-2025-6543 Citrix NetScaler flaw is being exploited for remote code execution, compromising critical organizations and erasing evidence of intrusions. https://securityaffairs.com/181070/hacking/dutch-ncsc-citrix-netscaler-zero-day-breaches-critical-orgs.html
๐ง DEF CON volunteers step up to help water sector after China, Iran attack utilities security news โ DEF CON Franklin, an initiative pairing white-hat hackers with U.S. water utilities, aims to bolster cybersecurity against rising threats from nation-state actors like China and Iran, emphasizing community support. https://therecord.media/def-con-franklin-water-utility-cybersecurity-volunteers
๐ Multiple Vulnerabilities in Fortinet Products vulnerability โ Fortinet released advisories for several vulnerabilities, including a critical one (CVE-2025-25256) exploited in the wild. Users are urged to update affected products immediately to mitigate risks. https://cert.europa.eu/publications/security-advisories/2025-031/
โ ๏ธ Matrix admits 'high severity' flaws need breaking fixes vulnerability โ Matrix.org has announced high severity protocol vulnerabilities requiring breaking changes for server and client updates. Users are advised to upgrade to ensure security, especially in open federations. https://www.theregister.com/2025/08/13/secure_chat_darling_matrix_admits/
๐ซ How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes data breach โ The dating app TeaOnHer exposed users' personal information, including driver's licenses, due to severe security flaws in its API. Investigators accessed sensitive data in under 10 minutes, prompting urgent concerns. https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/
๐ Norway confirms dam intrusion by Pro-Russian hackers security news โ Norway's PST confirmed pro-Russian hackers seized control of a dam in April, releasing water to demonstrate their capabilities and instill fear, highlighting risks to critical infrastructure. https://securityaffairs.com/181143/hacktivism/norway-confirms-dam-intrusion-by-pro-russian-hackers.html
๐ฆ Ransomware crews don't care about your endpoint security โ they've already killed it security research โ At least a dozen ransomware gangs have adopted kernel-level EDR killers to bypass security tools, escalate privileges, and deploy ransomware. Tools like RealBlindingEDR and HRSword are being used to disable endpoint protections. https://www.theregister.com/2025/08/14/edr_killers_ransomware/
๐ก๏ธ Cisco discloses maximum-severity defect in firewall software vulnerability โ Cisco revealed a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Center Software, allowing unauthenticated attackers to execute commands. A patch has been released, and users are urged to upgrade immediately. https://cyberscoop.com/cisco-vulnerability-secure-firewall-management-center/
๐ฅถ ERMAC 3.0 source code leak reveals expanding threat malware โ The leak of ERMAC 3.0's source code reveals its evolution from previous versions, now targeting over 700 banking and crypto apps. Researchers identified vulnerabilities that defenders can exploit to disrupt its operations. https://securityaffairs.com/181217/uncategorized/ermac-3-0-source-code-leak-reveals-expanding-threat.html
CISA Corner
๐ CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators security news โ CISA and partners released guidance for operational technology owners to create and maintain asset inventories, helping organizations classify and safeguard critical infrastructure assets to improve cybersecurity and incident response. https://www.cisa.gov/news-events/alerts/2025/08/13/cisa-and-partners-release-asset-inventory-guidance-operational-technology-owners-and-operators
โ ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ CISA has added three vulnerabilities to its KEV Catalog, including flaws in Internet Explorer, Excel, and WinRAR, highlighting significant risks to federal networks due to active exploitation. https://www.cisa.gov/news-events/alerts/2025/08/12/cisa-adds-three-known-exploited-vulnerabilities-catalog โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has added two new vulnerabilities to its KEV Catalog, highlighting their active exploitation and significant risks to federal enterprises, emphasizing the need for timely remediation. (N-able) https://www.cisa.gov/news-events/alerts/2025/08/13/cisa-adds-two-known-exploited-vulnerabilities-catalog
โ๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ CISA issued seven advisories on August 12, 2025, addressing security vulnerabilities in Industrial Control Systems by Ashlar-Vellum, Johnson, Schneider, AVEVA, MegaSys and End-/Head-of-Train, urging users to review them for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/08/12/cisa-releases-seven-industrial-control-systems-advisories โ๏ธ CISA Releases Thirty-Two Industrial Control Systems Advisories vulnerability โ CISA released thirty-two advisories on August 14, 2025, addressing security vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and necessary mitigations. https://www.cisa.gov/news-events/alerts/2025/08/14/cisa-releases-thirty-two-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.