cyberlights – week 26/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 ICE Rolls Facial Recognition Tools Out to Officers' Phones privacy – ICE introduces Mobile Fortify, a facial recognition app for agents, raising concerns about privacy and wrongful arrests due to potential inaccuracies and surveillance risks. https://www.wired.com/story/ice-rolls-facial-recognition-tools-out-to-officers-phones/
🚨 BreachForums broken up? French police arrest five members of notorious cybercrime site cybercrime – French police arrest five alleged members of BreachForums, a major cybercrime marketplace, including one sought by the US for selling hacked data worth millions, amid ongoing investigations. https://www.bitdefender.com/en-us/blog/hotforsecurity/breachforums-broken-up-french-police-arrest-five-members-of-notorious-cybercrime-site
🏎️ How we turned a real car into a Mario Kart controller by intercepting CAN data security research – A team converted a Renault Clio into a Mario Kart controller by intercepting its CAN data, enabling real driving controls for a game demo, despite some technical challenges. https://www.pentestpartners.com/security-blog/how-we-turned-a-real-car-into-a-mario-kart-controller-by-intercepting-can-data/
💰 SafePay Ransomware: What You Need To Know security news – SafePay ransomware encrypts files and steals data, demanding cryptocurrency ransoms. Unlike typical ransomware, it doesn't operate as RaaS, focusing on operational security. It's linked to previous notorious groups and has specific language restrictions to avoid certain victims. https://www.fortra.com/blog/safepay-ransomware-what-you-need-know
⚠️ Security pro counts the cost of Microsoft dependency security news – A blog post highlights the risks of heavy reliance on Microsoft, advocating for improved digital sovereignty and quantifying potential security costs to influence decision-makers away from sole dependency on American cloud services. https://www.theregister.com/2025/06/26/cost_of_microsoft_dependency/
🔒 Complaint says Bumble feature connected to OpenAI violates European data privacy rules privacy – A complaint alleges Bumble's Icebreakers feature, powered by OpenAI, breaches GDPR by lacking user consent and transparency regarding data transfers, prompting concerns over privacy and control. https://therecord.media/bumble-for-friends-openai-noyb-complaint-gdpr
🎧 Security Advisory: Airoha-based Bluetooth Headphones and Earbuds vulnerability – Vulnerabilities in Airoha-based Bluetooth devices allow unauthenticated attackers to manipulate and take over devices within Bluetooth range. Users are advised to await firmware patches for remediation. https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
⚰️ Qilin ransomware attack on NHS results in confirmed death cybercrime – The NHS confirmed that a ransomware attack by Qilin on Synnovis led to a patient's death due to delays in receiving blood test results, highlighting the serious impact of cyberattacks on healthcare. https://www.theregister.com/2025/06/26/qilin_ransomware_nhs_death/
🖨️ New Vulnerabilities Expose Millions of Brother Printers to Hacking vulnerability – Hundreds of Brother printers and others have serious vulnerabilities allowing hackers to exploit devices without authentication. A critical flaw can expose admin passwords, risking device misuse. https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/
💍 Ring can use AI to 'learn the routines of your residence' privacy – Ring's new Video Descriptions feature uses AI to analyze motion activity, providing detailed notifications about detected events. Concerns arise over privacy and security given Ring's history and data handling practices. https://www.theregister.com/2025/06/25/amazons_ring_ai_video_description/
🔓 Russia frees REvil hackers after sentencing security news – Four members of the REvil ransomware group were released from custody after serving time while awaiting trial, despite pleading guilty to fraud and malware charges, with no fines imposed. https://www.theverge.com/news/692582/russia-revil-hacker-group-ransomware-sentencing
🏙️ Glasgow City Council impacted by ‘cyber incident’ data breach – Glasgow City Council is dealing with a cyber incident disrupting online services and potentially involving customer data theft, with affected servers taken offline and residents advised to be cautious. https://therecord.media/glasgow-city-council-cyber-incident
🕯️ What LLMs Know About Their Users privacy – The article discusses a prompt for analyzing user interaction data in detail, highlighting preferences, past conversation topics, and insights into user behavior, raising questions about the capability of AI to build human-readable profiles. https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html
☠️ Hackers Are Poisoning Google Search Results for AI Tools to Deliver Infostealer Malware cybercrime – Threat actors are hijacking Google search results for AI tools to distribute malware via trojanized sites, using black hat SEO tactics to redirect users to infected downloads, notably Vidar and Lumma infostealers. https://thecyberexpress.com/poisoning-google-search-results-infostealers/
🔓 Leak of data belonging to 7.4 million Paraguayans traced back to infostealers data breach – Hackers accessed data on 7.4 million Paraguayans via infostealer malware on a government employee's device, leading to massive data leaks from multiple agencies. Paraguay's government plans a National Cybersecurity Strategy in response. https://therecord.media/data-leak-paraguayan-millions-infostealer
👓 Smartglass Ray-Ban Meta: Dauerüberwachung im Sonnenbrillengehäuse privacy – Meta's Ray-Ban Smartglasses, equipped with always-on recording capabilities and AI features, raise significant privacy concerns as they continuously collect data without clear opt-out options for bystanders. https://www.kuketz-blog.de/smartglass-ray-ban-meta-dauerueberwachung-im-sonnenbrillengehaeuse/
Some More, For the Curious
🛡️ RedirectionGuard: Mitigating unsafe junction traversal in Windows security news – Microsoft introduces RedirectionGuard in Windows 11 to prevent filesystem redirection attacks, closing a critical security gap and enhancing system integrity against privilege escalation. https://msrc.microsoft.com/blog/2025/06/redirectionguard-mitigating-unsafe-junction-traversal-in-windows/
📜 NIS2 Technical Implementation Guidance security news – ENISA provides practical guidance for implementing the NIS2 Directive, detailing cybersecurity requirements for various entities and offering examples and mappings for compliance. https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance
🔓 When Backups Open Backdoors: Accessing Sensitive Cloud Data via “Synology Active Backup for Microsoft 365” vulnerability – A leaked credential in Synology's backup tool allowed unauthorized access to sensitive Microsoft 365 data, raising serious security concerns and highlighting vulnerabilities in cloud services. https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/
✈️ FBI, cybersecurity firms say a prolific hacking crew is now targeting airlines and the transportation sector security news – The FBI warns that the hacking group Scattered Spider is now targeting airlines and transportation, employing social engineering and ransomware tactics to compromise sensitive data. https://techcrunch.com/2025/06/28/fbi-cybersecurity-firms-say-scattered-spider-hackers-now-targeting-airlines-transportation-sector/
💻 Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’ security news – Microsoft announces security updates to prevent future outages caused by third-party software, limiting direct kernel access and enhancing recovery features, including a revamped crash interface. https://cyberscoop.com/microsoft-security-updates-kernel-restrictions-downtime/
🥸 The Age of Integrity security research – Data integrity is crucial in the era of AI and Web 3.0, requiring systems to ensure accurate data throughout its lifecycle. We need to focus on integrous design to address integrity challenges. https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html
⚠️ CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php vulnerability – CVE-2024-39914 is a critical unauthenticated command injection vulnerability in FOG Project versions ≤ 1.5.10.34, allowing attackers to execute system commands or deploy webshells via export.php. https://www.offsec.com/blog/cve-2024-39914/
🔐 Cisco fixes two critical make-me-root bugs vulnerability – Cisco patched two critical vulnerabilities, CVE-2025-20281 and CVE-2025-20282, in its Identity Services Engine, allowing unauthenticated attackers to execute code with root privileges via API flaws. https://www.theregister.com/2025/06/26/patch_up_cisco_fixes_two/
🔑 Common SCCM Misconfigurations Leading to Privilege Escalation cyber defense – Misconfigurations in SCCM can lead to privilege escalation, allowing attackers to exploit Network Access Accounts and Domain Join Accounts to compromise domains. Recommendations include enforcing least privilege and avoiding legacy settings. https://www.truesec.com/hub/blog/sccm-tier-killer
🚨 Sipping from the CVE Firehose: How We Prioritize… cyber defense – The article discusses how security teams prioritize CVEs using a tiered scoring system to identify real-world threats, moving beyond traditional CVSS metrics to focus on attributes that reflect actual impact on customer attack surfaces. https://bishopfox.com/blog/sipping-cve-firehose-how-we-prioritize-emerging-threats-for-real-world-impact
🔒 Hackers deploy fake SonicWall VPN App to steal corporate credentials security research – Hackers are distributing a trojanized SonicWall NetExtender VPN app, dubbed SilentRoute, to steal user credentials by modifying the installer to bypass security checks. Users are advised to download only from official sources. https://securityaffairs.com/179332/hacking/hackers-deploy-fake-sonicwall-vpn-app-to-steal-corporate-credentials.html
📈 Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity warning – GreyNoise reports a significant increase in scanning activity targeting MOVEit Transfer systems, with over 300 unique IPs observed daily since May 27, 2025, indicating potential emerging threats and exploitation attempts. https://www.greynoise.io/blog/surge-moveit-transfer-scanning-activity
🦠 New Malware Embeds Prompt Injection to Evade AI Detection malware – A malware sample named Skynet attempts to use prompt injection to manipulate AI models for evasion, but the method fails against current LLMs. The article discusses its features and implications for future threats. https://research.checkpoint.com/2025/ai-evasion-prompt-injection/
🌐 Stealth China-linked ORB network gaining footholds in US, East Asia security research – A China-linked ORB network, dubbed 'LapDogs', has surpassed 1,000 devices, primarily in the US and East Asia, focusing on stealthy operations that complicate detection and attribution for espionage activities. https://cyberscoop.com/orb-network-china-lapdogs/
🔒 Up next on the KEV? All signs point to 'CitrixBleed 2' vulnerability – Citrix's new critical vulnerability, dubbed 'CitrixBleed 2', affects its NetScaler products, allowing attackers to read sensitive information without authentication. Experts warn of inevitable exploitation and urge immediate patching. https://go.theregister.com/feed/www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
🤔 The ‘16 billion password breach’ story is a farce security news – Recent reports of a 16 billion credential breach lack substantial evidence and are criticized by experts as recycled data from past leaks. The incident highlights the ongoing threat of infostealer malware and the need for better cybersecurity practices. https://cyberscoop.com/colossal-data-breach-16-billion-credentials-no-evidence-media-exaggeration/
💰 The State of Ransomware 2025 security research – The Sophos report reveals that exploited vulnerabilities and compromised credentials are major causes of ransomware attacks. While recovery rates are improving, ransom payments remain high, highlighting ongoing risks for organizations. https://news.sophos.com/en-us/2025/06/24/the-state-of-ransomware-2025/
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2024-54085, CVE-2024-0769, and CVE-2019-6693, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/06/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on June 26, 2025, addressing vulnerabilities in Mitsubishi Electric Air Conditioning Systems and TrendMakers Sight Bulb Pro, urging users to review for mitigation details. https://www.cisa.gov/news-events/alerts/2025/06/26/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA issued eight ICS advisories on June 24, 2025, addressing vulnerabilities in various systems including Schneider Electric and Mitsubishi Electric, urging users to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/06/24/cisa-releases-eight-industrial-control-systems-advisories
🔒 New Guidance Released for Reducing Memory-Related Vulnerabilities security news – CISA and NSA released a guide to reduce memory-related vulnerabilities in software, advocating for the adoption of memory safe languages (MSLs) to enhance security in development practices. https://www.cisa.gov/news-events/alerts/2025/06/24/new-guidance-released-reducing-memory-related-vulnerabilities
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.