cyberlights – week 20/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🎭 Threat actors use fake AI tools to deliver the information stealer Noodlophile cybercrime – Threat actors exploit AI trends to distribute Noodlophile, an information stealer, via fake AI tools on social media, tricking users into downloading malware disguised as legitimate applications. https://securityaffairs.com/177719/security/threat-actors-use-fake-ai-tools-to-deliver-the-information-stealer-noodlophile.html
✈️ Charter airline helping Trump's deportation campaign pwned data breach – GlobalX, a charter airline involved in deportations, reported a cybersecurity breach affecting its network. While the full impact remains unclear, it may include stolen flight records and passenger data. https://www.theregister.com/2025/05/12/globalx_security_incident/
💰 Google to pay Texas nearly $1.4 billion over alleged data privacy violations privacy – Google has agreed to a $1.37 billion settlement with Texas over lawsuits alleging illegal tracking of user data, including location and Incognito searches, without admitting wrongdoing. https://therecord.media/google-texas-privacy-violations-billions
🍏 Wide-ranging Apple security update addresses over 30 vulnerabilities vulnerability – Apple's latest security update addresses over 30 vulnerabilities across iOS, iPadOS, and macOS, including critical baseband flaws and privacy issues affecting various components. No active exploitation has been reported. https://cyberscoop.com/apple-security-update-c1-modem-privacy-fixes-may-2025/
📞 Android launches new protections against phone call scammers security news – Google is introducing features on Android to prevent phone call scams, including blocking app sideloading and accessibility permissions during calls, and warning users about likely scams when accessing banking apps. https://www.theverge.com/news/665706/google-phone-call-scam-protection-banking-apps
🔒 Zero Day Initiative — The May 2025 Security Update Review vulnerability – Adobe and Microsoft released significant security updates in May 2025, addressing numerous vulnerabilities across their software. Adobe patched 40 CVEs, while Microsoft addressed 75, including several critical flaws under active attack. https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review
🚫 Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud security news – Google is enhancing its AI Scam Detection feature in the Messages app to identify various types of scams, running locally on devices to protect user privacy. This aims to combat the rising tide of digital fraud. https://www.wired.com/story/google-io-on-device-ai-scam-texts/
🚘 License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows privacy – Flock is developing a product called Nova that combines license plate data with personal information from data brokers, allowing law enforcement to track individuals without warrants. Employees express ethical concerns over using hacked data. https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/
💻 North Korean IT Workers Are Being Exposed on a Massive Scale cybercrime – Researchers have identified North Korean IT workers infiltrating Western companies to fund the regime, revealing their lavish lifestyles and connections to cybercrime. A recent leak exposes over 1,000 email addresses linked to their activities. https://www.wired.com/story/north-korean-it-worker-scams-exposed/
⚖️ Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb privacy – Noyb has sent a cease and desist letter to Meta, challenging its plans to use EU user data for AI training without explicit consent. The group threatens legal action if Meta does not comply with GDPR requirements. https://www.theregister.com/2025/05/14/metas_still_violating_gdpr_rules/
🛑 White House scraps plan to block data brokers from selling Americans' sensitive data privacy – The CFPB has withdrawn a plan to regulate data brokers under the Fair Credit Reporting Act, citing misalignment with current interpretations. This move follows industry lobbying against the rule, raising concerns over privacy. https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/
💰 Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures cybercrime – Cybercriminals are reinvesting their profits into ordinary businesses like coffee shops and real estate to launder money. An investigation reveals a network of collaboration among criminals to diversify and legitimize their income streams. https://cyberscoop.com/what-cybercriminals-do-with-their-money-sophos/
👟 Meta plans to train AI on EU user data from May 27 without consent privacy – Meta intends to train its AI models using EU user data starting May 27 without explicit consent, prompting privacy group noyb to threaten legal action for violating GDPR regulations by relying on an 'opt-out' system. https://securityaffairs.com/177920/security/meta-plans-to-train-ai-on-eu-user-data-from-may-27-without-consent.html
🔒 Google Chrome’s May Update: What You Need to Know About CVE-2025-4372 and More vulnerability – Google's latest Chrome update addresses critical vulnerabilities, including CVE-2025-4664, which is actively exploited, and CVE-2025-4372, a use-after-free flaw. Users are urged to update immediately for security. https://thecyberexpress.com/google-chrome-update-fixe-cve-2025-4372/
🚫 EU court rules that tracking-based online ads are illegal privacy – The Brussels Court of Appeal ruled that tracking for online ads violates GDPR, stating that existing consent models are inadequate. This decision significantly impacts major tech companies relying on real-time bidding. https://therecord.media/eu-court-rules-tracking-based-ads-illegal
⚖️ Bahn vor Gericht: Warum der DB Navigator ein Fall für die Justiz ist privacy – The Frankfurt court case against Deutsche Bahn focuses on the DB Navigator app, which allegedly collects and shares user data without consent, raising significant GDPR compliance issues and consumer rights concerns. https://www.kuketz-blog.de/bahn-vor-gericht-warum-der-db-navigator-ein-fall-fuer-die-justiz-ist/
👿 US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials security news – The FBI warns that ex-government officials are being targeted by cybercriminals using AI-generated deepfake texts and voice messages to impersonate senior U.S. officials, aiming to gain access to personal accounts. https://securityaffairs.com/177987/cyber-crime/us-government-officials-targeted-texts-and-ai-generated-deepfake.html
⚡ Experts found rogue devices, including hidden cellular radios, in Chinese security research – Investigators discovered hidden 'kill switches' and rogue cellular radios in Chinese-made power inverters used in US solar farms, raising concerns about potential remote control over critical energy infrastructure by Beijing. https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html
Some More, For the Curious
🕐 One-Click RCE in ASUS’s Preinstalled Driver Software hacking write-up – ASUS’s DriverHub software has a serious vulnerability that allows remote code execution due to weak origin checks, posing a significant security threat. https://mrbruh.com/asusdriverhub/
🤖 New 'Defendnot' tool tricks Windows into disabling Microsoft Defender security research – The 'Defendnot' tool exploits a Windows API to disable Microsoft Defender by registering a fake antivirus, showcasing vulnerabilities in system security features. https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/
🔐 The cryptography behind passkeys security research – Passkeys enhance authentication security by using cryptographic key pairs and the WebAuthn specification, eliminating phishing risks and password reuse while ensuring user authenticity. https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
🚨 CVE-2024-26809: Critical nftables Vulnerability in Linux Kernel Could Lead to Root Access vulnerability – A critical double-free vulnerability in the Linux kernel's nftables subsystem allows local attackers to escalate privileges and execute arbitrary code. Users should update their systems to mitigate this risk. https://thecyberexpress.com/cve-2024-26809-nftables-vulnerability/
🔍 EU Vulnerability Database Officially Launches Amid CVE Program Concerns security news – The EU has launched its vulnerability database to improve management of cybersecurity threats, coinciding with uncertainty over MITRE's CVE Program future. It will aggregate critical vulnerability information and facilitate better transparency. https://thecyberexpress.com/eu-vulnerability-database-officially-launches-amid-cve-program-concerns/
⚠️ New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch vulnerability – A moderate vulnerability in VMware Tools (CVE-2025-22247) allows attackers with limited access to compromise VMs by tampering with local files. Broadcom has released patches; no workarounds are available. https://thecyberexpress.com/vmware-tools-vulnerability-cve-2025-22247/
🔧 Commvault Command Center patch incomplete: researcher vulnerability – A critical flaw in Commvault's Command Center remained exploitable for free trial users despite a patch. Following a researcher's discovery, Commvault has changed its update policy to allow immediate access for all users. https://www.theregister.com/2025/05/13/patch_commvault_cvss_10/
🌟 Zero-Day Vulnerabilities in Ivanti EPMM vulnerability – Ivanti disclosed two zero-day vulnerabilities in their Endpoint Manager Mobile (EPMM) products, allowing unauthenticated remote code execution. CERT-EU recommends immediate updates, especially for internet-facing devices. https://cert.europa.eu/publications/security-advisories/2025-018/
🔍 Intel data-leaking Spectre defenses scared off once again vulnerability – Researchers discovered a new attack vector exploiting Intel's Spectre defenses, allowing unauthenticated remote code execution via branch predictor race conditions. Intel has released a microcode update to address this vulnerability. https://www.theregister.com/2025/05/13/intel_spectre_race_condition/
💝 Spies hack high-value mail servers using an exploit from yesteryear cybercrime – Recent reports indicate that spies have successfully compromised high-value mail servers by exploiting older vulnerabilities, demonstrating the ongoing risk posed by outdated security flaws. https://arstechnica.com/security/2025/05/spies-hack-high-value-mail-servers-using-an-exploit-from-yesteryear/
💵 Coinbase flips $20M extortion demand into bounty for info on attackers cybercrime – After cybercriminals extorted Coinbase for $20 million following a data breach, the company offered the same amount as a reward for information leading to the attackers' arrest, marking a proactive response to the incident. https://cyberscoop.com/coinbase-cyberattack-extortion-counter-reward/
💻 Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi security research – On day two of Pwn2Own Berlin 2025, hackers earned $435,000 for demonstrating zero-day exploits in various products, including VMware ESXi, with one researcher earning $150,000 for an integer overflow exploit. https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html
🛡️ ClickFix Fixes Ranked cyber defense – The 'ClickFix' attack technique exploits user coercion to execute malicious commands via the Windows Run dialog. Mitigations are ranked by effectiveness and annoyance, highlighting the balance between security and usability. https://taggart-tech.com/clickfix/
©️ How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes security news – TeleMessage, a Signal clone used by U.S. officials, was hacked, exposing user message logs in plaintext. The app has been disabled by Customs and Border Protection amid security concerns. https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/
CISA Corner
📢 Update to How CISA Shares Cyber-Related Alerts and Notifications security news – CISA is revamping its cybersecurity alerts by sharing updates solely through social media and email, focusing on urgent threats on its webpage to improve visibility and user experience. https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications
⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has added five Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-32756, a stack-based buffer overflow vulnerability in Fortinet products, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2025/05/14/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three new vulnerabilities in its Known Exploited Vulnerabilities Catalog: a command injection in DrayTek routers, an enforcement issue in Google Chromium, and a deserialization vulnerability in SAP NetWeaver, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-adds-three-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Twenty-Two Industrial Control Systems Advisories vulnerability – CISA has released twenty-two advisories regarding vulnerabilities in industrial control systems, aimed at enhancing security measures within critical infrastructure sectors. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.