cyberlights โ week 19/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
๐คฆโโ๏ธ WhatsApp provides no cryptographic management for group messages security research โ WhatsApp's group messaging lacks cryptographic safeguards, allowing potential unauthorized users to join chats unnoticed, raising privacy concerns for sensitive discussions. https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/
๐ซ Mr. Deepfakes, the Biggest Deepfake Porn Site on the Internet, Says Itโs Shutting Down for Good cybercrime โ Mr. Deepfakes, notorious for nonconsensual deepfake porn, has announced its permanent shutdown due to loss of service and data, leaving users with no access. https://www.404media.co/mr-deepfakes-the-biggest-deepfake-porn-site-on-the-internet-says-its-shutting-down-for-good/
๐ Passkeys for Normal People cyber defense โ Passkeys offer a phishing-resistant alternative to traditional passwords and OTPs for secure logins, enhancing online safety, but still require careful management across devices. https://www.troyhunt.com/passkeys-for-normal-people/
๐ The modified Signal app used by Mike Waltz was reportedly hacked data breach โ A breach involving a modified Signal app used by Mike Waltz has led to the exposure of message contents and contact information of government officials. https://www.theverge.com/news/661173/telemessage-signal-clone-hacked-mike-waltz
๐ฑ Smishing on a Massive Scale: โPanda Shopโ Chinese Carding Syndicate cybercrime โ Resecurity has uncovered a new smishing kit, โPanda Shop,โ linked to a Chinese syndicate, capable of sending millions of fraudulent messages daily and targeting vast consumer data. https://securityaffairs.com/177502/cyber-crime/smishing-on-a-massive-scale-panda-shop-chinese-carding-syndicate.html
๐ Fake Student Fraud in Community Colleges cybercrime โ Community colleges face rising fraud from fake students using AI-generated work to exploit financial aid, challenging detection efforts and disrupting class structures. https://www.schneier.com/blog/archives/2025/05/fake-student-fraud-in-community-colleges.html
๐จ Samsung MagicINFO flaw exploited days after PoC publication vulnerability โ A high-severity vulnerability (CVE-2024-7399) in Samsung MagicINFO was exploited shortly after a proof-of-concept was released, allowing unauthenticated users to execute code with system-level access. https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html
๐ต๏ธโโ๏ธ Meta awarded $167.25 million over Pegasus spyware attack security news โ Meta has been awarded $167.25 million after suing the NSO Group for using Pegasus spyware to target over 1,400 WhatsApp users. https://www.theverge.com/news/662242/meta-nso-group-pegasus-whatsapp-hack-damages
๐ Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years security news โ Tulsi Gabbard reportedly used the same easily cracked password across multiple accounts for years, raising concerns about her cybersecurity practices following a sensitive incident involving a Signal group chat. https://www.wired.com/story/tulsi-gabbard-dni-weak-password/
๐ป COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs cybercrime โ Google's Threat Intelligence Group reports on COLDRIVER's new malware, LOSTKEYS, used to steal files from Western targets, utilizing a multi-stage infection process involving social engineering techniques. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos/
๐ฐ PowerSchool customers hit by downstream extortion threats cybercrime โ After PowerSchool paid a ransom to delete stolen data, some of its school district customers are now facing extortion threats to leak that data, highlighting ongoing supply chain risks. https://cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/
๐ Polish authorities arrested 4 people behind DDoS cybercrime โ Polish police arrested four individuals operating DDoS-for-hire platforms used in global attacks, offering services for as little as โฌ10, as part of an international crackdown on cybercrime. https://securityaffairs.com/177590/cyber-crime/polish-police-arrested-4-people-behind-ddos-for-hire-platforms.html
๐ญ NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked security news โ Following ransomware attacks on Marks & Spencer and Co-op, the NCSC warns that hackers are using social engineering to impersonate employees and exploit helpdesk staff for account access. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked
๐โ๐ฆบ DOGE software engineerโs computer infected by info-stealing malware security news โ Kyle Schutt, a software engineer at CISA, had his login credentials exposed multiple times in public leaks from info-stealing malware, raising concerns about potential access to sensitive government information. https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
โ๏ธ Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for โDonnieโ Trump cybercrime โ Hacktivists claiming to be part of Anonymous breached GlobalX Airlines, leaking flight records and passenger manifests related to US deportation flights while defacing the airline's website with a message targeting Trump. https://www.bitdefender.com/en-us/blog/hotforsecurity/hackers-globalx-message-trump
๐ก๏ธ FBI and Dutch police seize and shut down botnet of hacked routers cybercrime โ A joint operation by the FBI and Dutch police dismantled a botnet of hacked routers used for cybercrime, indicting four individuals for running proxy services Anyproxy and 5Socks built on compromised devices. https://techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/
๐ฐ German operation shuts down crypto mixer eXch, seizes millions in assets cybercrime โ German police seized over $30 million in assets from the crypto mixer eXch, which was linked to laundering funds from the $1.46 billion Bybit hack, as part of a crackdown on money laundering activities. https://therecord.media/exch-cryptocurrency-mixer-germany-takedown
๐ How to turn on Lockdown Mode for your iPhone and Mac privacy โ Apple's Lockdown Mode enhances security for those facing sophisticated threats, limiting device functionality. It can be easily enabled or disabled on iPhones, iPads, and Macs through settings. https://www.theverge.com/tech/663794/lockdown-mode-iphone-mac-how-to
๐ฐ Google will pay Texas $1.4 billion over its location tracking practices privacy โ Google will pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and biometric data retention, marking a significant victory for user privacy against Big Tech violations. https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html
Some More, For the Curious
โ ๏ธ Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US security research โ Researchers highlight security concerns over easyjson, an open source tool linked to a Russian company, fearing it could be exploited for espionage or cyberattacks against the US. https://www.wired.com/story/easyjson-open-source-vk-ties/
5๏ธโฃ 5 Common Cybersecurity Mistakes That Attackers Love cyber defense โ Cybersecurity experts highlight five common mistakesโimproper secrets management, excessive user privileges, lack of network segmentation, overreliance on user training, and poor security detectionsโthat leave organizations vulnerable to attacks. https://bishopfox.com/blog/before-red-team-fix-these-5-common-mistakes
๐ณ Hundreds of e-commerce sites hacked in supply-chain attack security research โ A supply-chain attack has compromised hundreds of e-commerce sites, injecting malware that steals payment information from visitors, linked to three software providers over six years. https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/
โ๏ธ Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan security news โ Homeland Security Secretary Kristi Noem faced bipartisan criticism over a proposed $491 million budget cut to CISA, with lawmakers demanding details on the Trump administration's cyber strategy amid rising threats. https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts
๐ก๏ธ New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDR vulnerability โ A new BYOI technique allows attackers to exploit SentinelOne's upgrade process, disabling EDR protection and enabling Babuk ransomware deployment by interrupting the installation. https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html
โฐ Curl takes action against time-wasting AI bug reports security news โ Curl founder Daniel Stenberg implements a checkbox for bug reports to filter out AI-generated submissions, citing their overwhelming volume and lack of validity as a drain on maintainers' resources. https://www.theregister.com/2025/05/07/curl_ai_bug_reports/
๐ Play ransomware affiliate leveraged zero cybercrime โ The Play ransomware gang exploited a Windows zero-day vulnerability (CVE-2025-29824) to gain SYSTEM privileges and deploy malware, including the Grixba infostealer, in targeted attacks. https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html
๐ป CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS vulnerability โ A remote code execution vulnerability in macOS allows attackers to exploit ICC Profile files, potentially executing code on victims' machines. A patch has been released, but no attacks have been detected yet. https://www.thezdi.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos
๐ CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw vulnerability โ Cisco has patched a critical vulnerability (CVE-2025-20188) in its IOS XE Wireless Controller software that allows unauthenticated attackers to gain root access. Administrators are urged to apply fixes and check configurations. https://thecyberexpress.com/cisco-patches-cve-2025-20188/
๐ซฆ The LockBit ransomware site was breached, database dump was leaked online cybercrime โ The LockBit ransomware group's dark web site was breached, leaking a database with victim data, negotiation logs, and configurations, revealing insights into their operations and potential decryption keys. https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html
๐ A timeline of South Korean telco giant SKT's data breach data breach โ SK Telecom suffered a major data breach affecting 23 million customers, prompting investigations and customer backlash, as the company works to mitigate damage and replace compromised SIM cards. https://techcrunch.com/2025/05/08/a-timeline-of-south-korean-telco-giant-skts-data-breach/
๐ SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code vulnerability โ SonicWall patched three critical vulnerabilities in SMA 100 that could allow remote attackers to chain them for arbitrary code execution, including a potential zero-day. Users are advised to update to the latest version. https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html
๐ CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras vulnerability โ Ubiquity disclosed critical vulnerabilities in UniFi Protect, including a CVSS 10.0 flaw (CVE-2025-23123) allowing remote code execution. Users are urged to update firmware and applications immediately to mitigate risks. https://thecyberexpress.com/ubiquity-unifi-protect-flaws-cve-2025-23123/
CISA Corner
๐ถ Unsophisticated Cyber Actor(s) Targeting Operational Technology cyber defense โ CISA warns of unsophisticated cyber actors targeting ICS/SCADA systems in U.S. critical infrastructure, urging asset owners to improve cyber hygiene to prevent potential operational disruptions and physical damage. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
โ ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ CISA has added CVE-2025-3248, a missing authentication vulnerability in Langflow, to its catalog, highlighting its active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog โ ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ CISA has included CVE-2025-27363, an out-of-bounds write vulnerability in FreeType, in its catalog due to evidence of active exploitation posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-adds-one-known-exploited-vulnerability-catalog โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has included two new OS command injection vulnerabilities (CVE-2024-6047 and CVE-2024-11120) in its catalog, highlighting their active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/07/cisa-adds-two-known-exploited-vulnerabilities-catalog
โ๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ CISA has issued three advisories regarding vulnerabilities in industrial control systems, urging users to review the advisories for technical details and recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-releases-three-industrial-control-systems-advisories โ๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ CISA has issued five advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review the details and recommended mitigations for enhanced security. https://www.cisa.gov/news-events/alerts/2025/05/08/cisa-releases-five-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.