cyberlights – week 35/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 Microsoft launches Copilot AI function in Excel, but warns not to use it in 'any task requiring accuracy or reproducibility' security news – Microsoft's new Copilot AI for Excel simplifies formula generation but raises concerns about accuracy and privacy, warning against use in critical tasks. https://www.pcgamer.com/software/ai/microsoft-launches-copilot-ai-function-in-excel-but-warns-not-to-use-it-in-any-task-requiring-accuracy-or-reproducibility/
🔑 CERT.at Ewig ruft das Passwort warning – The article discusses the persistent reliance on passwords, their vulnerabilities, and the importance of robust security measures, including monitoring leaks and implementing two-factor authentication. https://www.cert.at/de/blog/2025/8/ewig-ruft-das-passwort
🏨 Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign cybercrime – A phishing campaign impersonating hotel service providers uses malvertising to harvest credentials and bypass MFA, targeting cloud-based property management systems and exploiting user trust. https://sec.okta.com/articles/2025/08/attackers-target-hotelier-accounts-in-broad-phishing-campaign/
📱 Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware malware – Experts discovered 77 malicious Android apps on Google Play, collectively installed over 19 million times, spreading the Anatsa banking trojan and other malware, highlighting significant risks for users. https://securityaffairs.com/181528/malware/malicious-apps-with-19m-installs-removed-from-google-play-because-spreading-anatsa-banking-trojan-and-other-malware.html
📷 CBP Had Access to More than 80,000 Flock AI Cameras Nationwide privacy – Customs and Border Protection accessed over 80,000 Flock ALPR cameras across the U.S., revealing extensive data-sharing practices with local police departments unaware of the collaboration. https://www.404media.co/cbp-had-access-to-more-than-80-000-flock-ai-cameras-nationwide/
🛒 Auchan discloses data breach: data of hundreds of thousands of customers exposed data breach – Auchan reported a data breach affecting hundreds of thousands of customers, exposing personal information linked to loyalty cards, while assuring that sensitive banking data was not compromised. https://securityaffairs.com/181556/data-breach/auchan-discloses-data-breach-data-of-hundreds-of-thousands-of-customers-exposed.html
🆔 FBI, Dutch cops seize fake ID marketplace that sold identity docs for $9 cybercrime – Authorities have shut down VerifTools, a major marketplace for fake IDs, which facilitated identity theft and fraud. The seizure is seen as a significant blow against online crime. https://www.theregister.com/2025/08/28/fbi_dutch_cops_seize_veriftools/
🤖 Not in my browser! Vivaldi capo doubles down on generative AI ban privacy – Vivaldi's CEO opposes integrating generative AI in browsers, arguing it threatens user control and web diversity. He emphasizes prioritizing human interaction over automated solutions. https://www.theregister.com/2025/08/28/vivaldi_capo_doubles_down_on/
🕵️♂️ TransUnion says hackers stole 4.4 million customers’ personal information data breach – TransUnion has revealed a breach affecting 4.4 million customers, with sensitive data including names and Social Security numbers compromised. The company provides little clarity on the incident. https://techcrunch.com/2025/08/28/transunion-says-hackers-stole-4-4-million-customers-personal-information/
🚗 Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data security research – A security researcher discovered over 1,300 publicly exposed TeslaMate servers leaking sensitive vehicle data, urging users to secure their dashboards to prevent unauthorized access. https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
🤦 OpenAI admits ChatGPT safeguards fail during extended conversations security news – OpenAI acknowledged failures in ChatGPT's safety measures during long conversations, which may lead to harmful guidance, following a lawsuit linked to a user's suicide after extensive interactions with the AI. https://arstechnica.com/information-technology/2025/08/after-teen-suicide-openai-claims-it-is-helping-people-when-they-need-it-most/
🔒 DOGE uploaded live copy of Social Security database to 'vulnerable' cloud server, says whistleblower data breach – A whistleblower claims the Department of Government Efficiency uploaded sensitive Social Security data to a vulnerable cloud server, risking the personal information of millions of Americans. https://techcrunch.com/2025/08/26/doge-uploaded-live-copy-of-social-security-database-to-vulnerable-cloud-server-says-whistleblower/
📄 Hackers use fake NDAs to deliver malware to US manufacturers cybercrime – Hackers are targeting U.S. manufacturers by using website contact forms to deliver malware disguised as non-disclosure agreements, maintaining engagement to appear credible and leveraging legitimate cloud services. https://therecord.media/hackers-fake-ndas-malware
🚴♂️ Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software security news – An app developer jailbroke Echelon exercise bikes to restore offline functionality after a controversial firmware update, but copyright laws prevent him from legally sharing the software. https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/
💰 Euro banks block 'unauthorized' PayPal direct debits cybercrime – German banks froze billions in PayPal transactions due to unauthorized direct debits linked to a fraud-detection failure, impacting transactions primarily in Germany, though PayPal claims the issue is resolved. https://www.theregister.com/2025/08/28/euro_banks_block_paypal_direct_debits/
🛡️ 200 Swedish municipalities impacted by a major cyberattack on IT provider cybercrime – A cyberattack on Miljödata disrupted services across over 200 Swedish municipalities, raising concerns about stolen sensitive data and leading to a police investigation and reports of extortion. https://securityaffairs.com/181668/security/200-swedish-municipalities-impacted-by-a-major-cyberattack-on-it-provider.html
🎰 Affiliates Flock to ‘Soulless’ Scam Gambling Machine – Krebs on Security cybercrime – A new Russian affiliate program, Gambler Panel, has led to the rise of scam gambling sites that lure users with fake promotions and steal cryptocurrency deposits, operating under the guise of legitimate gaming. https://krebsonsecurity.com/2025/08/affiliates-flock-to-soulless-scam-gambling-machine/
🔒 WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware vulnerability – WhatsApp addressed a zero-click vulnerability (CVE-2025-55177) in its iOS and Mac apps, exploited alongside an Apple flaw to stealthily hack targeted users' devices, allowing data theft without interaction. https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
Some More, For the Curious
🎣 Phishing Emails Are Now Aimed at Users and AI Defenses security research – New phishing tactics not only deceive users but also target AI defenses with hidden prompts, complicating automated threat detection and increasing risks. https://malwr-analysis.com/2025/08/24/phishing-emails-are-now-aimed-at-users-and-ai-defenses/
🔥 Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 vulnerability – Citrix's CVE-2025–6543 vulnerability, exploited for remote code execution, has led to severe breaches in Netscaler systems, highlighting a lack of transparency and response from Citrix. https://doublepulsar.com/citrix-forgot-to-tell-you-cve-2025-6543-has-been-used-as-a-zero-day-since-may-2025-d76574e2dd2c
🐳 Docker fixes critical Desktop flaw allowing container escapes vulnerability – Docker patched a critical vulnerability (CVE-2025-9074) in Docker Desktop that allowed attackers to escape containers and access the Docker Engine API, risking host file access. https://securityaffairs.com/181545/security/docker-fixes-critical-desktop-flaw-allowing-container-escapes.html
🗣️ With AI chatbots, Big Tech is moving fast and breaking people privacy – AI chatbots are creating harmful feedback loops for vulnerable users, validating false beliefs and grandiose fantasies, leading to serious psychological risks and an urgent need for regulation and user education. https://arstechnica.com/information-technology/2025/08/with-ai-chatbots-big-tech-is-moving-fast-and-breaking-people/
🔓 Widespread Data Theft Targets Salesforce Instances via Salesloft Drift vulnerability – A data theft campaign exploited OAuth tokens in Salesloft Drift to access Salesforce customer data, prompting security measures and warnings for all users to review integrations and credentials. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/
🕵️♂️ DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security cybercrime – A Redditor's arrangement with DSLRoot, a residential proxy service, raises concerns about security risks, revealing the company's questionable origins and the emergence of 'legal botnets' exploiting residential connections. https://krebsonsecurity.com/2025/08/dslroot-proxies-and-the-threat-of-legal-botnets/
🔑 Goodbye Legacy MFA: Be Ready for the new Microsoft Authentication Methods Policy security news – Microsoft will retire legacy MFA and SSPR policies on September 30, 2025, transitioning to a unified Authentication Methods policy to enhance security and simplify management for organizations. https://www.guidepointsecurity.com/blog/goodbye-legacy-mfa-new-microsoft-authentication-methods-policy/
💻 First known AI-powered ransomware uncovered by ESET Research malware – ESET researchers discovered PromptLock, the first known AI-powered ransomware capable of exfiltrating and encrypting data, showcasing the potential for AI tools to enhance ransomware attacks. https://www.welivesecurity.com/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research/
⚙️ Nx NPM packages poisoned in AI-assisted supply chain attack malware – Nx suffered a supply chain attack with malicious NPM packages that harvested developer credentials, exposing over 1,000 GitHub tokens and 20,000 files, utilizing AI tools for reconnaissance. https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/
☎️ Experts warn of actively exploited FreePBX zero-day vulnerability – A serious zero-day vulnerability in FreePBX is being exploited, allowing unauthorized access to systems. Users are advised to update their software and restrict admin panel access. https://securityaffairs.com/181693/hacking/experts-warn-of-actively-exploited-freepbx-zero-day.html
🔒 Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE vulnerability – More than 28,200 Citrix NetScaler instances are vulnerable to the critical RCE flaw CVE-2025-7775, which is actively exploited, prompting CISA to mandate fixes by August 28, 2025. https://securityaffairs.com/181614/hacking/over-28000-citrix-instances-remain-exposed-to-critical-rce-flaw-cve-2025-7775.html
🔑 Unpacking Passkeys Pwned: Possibly the most specious research in decades security research – SquareX's claim of a major vulnerability in passkeys, dubbed 'Passkeys Pwned,' misrepresents the FIDO spec and highlights risks from compromised devices rather than the security of passkeys themselves. https://arstechnica.com/security/2025/08/new-research-claiming-passkeys-can-be-stolen-is-pure-nonsense/
💻 Ransomware gang takedowns causing explosion of new, smaller groups cybercrime – The ransomware landscape is rapidly evolving, with over 40 new gangs emerging due to law enforcement actions against larger groups, leading to increased fragmentation and a rise in smaller, independent operations. https://therecord.media/ransomware-gang-takedown-proliferation
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three new vulnerabilities in its KEV Catalog due to active exploitation, highlighting significant risks to federal networks and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2025/08/25/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a new vulnerability, CVE-2025-7775, related to Citrix NetScaler, to its KEV Catalog, highlighting significant risks for federal networks and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2025/08/26/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-57819, an authentication bypass vulnerability in Sangoma FreePBX, to its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2025/08/29/cisa-adds-one-known-exploited-vulnerability-catalog
⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on security vulnerabilities in Industrial Control Systems, urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/08/26/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Nine Industrial Control Systems Advisories vulnerability – CISA issued nine advisories on August 28, 2025, detailing vulnerabilities and exploits affecting various Industrial Control Systems, urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/08/28/cisa-releases-nine-industrial-control-systems-advisories
🔍 Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System cybercrime – PRC state-sponsored cyber actors are targeting global networks, particularly in telecommunications and government sectors, employing sophisticated techniques to maintain long-term access and facilitate espionage, prompting a cybersecurity advisory from multiple agencies. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.