cyberlights – week 37/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
🤞 We Got Lucky: The Supply Chain Disaster That Almost Happened No summary here, just a recommendation to read https://www.aikido.dev/blog/we-got-lucky-the-supply-chain-disaster-that-almost-happened
News For All
💾 Signal introduces free and paid backup plans for your chats security news – Signal now allows users to back up chats for free and offers a paid plan for full media backups. This enhances its value for secure messaging amid privacy concerns. https://techcrunch.com/2025/09/08/signal-introduces-free-and-paid-backup-plans-for-your-chats/
📺 Plex admits breach of account details, hashed passwords data breach – Plex has warned users to reset passwords after a breach potentially exposed emails, usernames, and hashed passwords. While credit card data wasn't compromised, this incident echoes previous breaches. https://www.theregister.com/2025/09/09/plex_breach/
🏋️♂️ Call audio from gym members, employees in open database data breach – An unprotected AWS database exposed sensitive audio recordings of gym members discussing personal and financial information. This raises concerns about potential identity theft and social engineering attacks. https://www.theregister.com/2025/09/09/gym_audio_recordings_exposed/
🔒 Apple says the iPhone 17 comes with a massive security upgrade security news – Apple's iPhone 17 features Memory Integrity Enforcement, an always-on security measure aimed at complicating spyware development, enhancing user protection. https://www.theverge.com/news/775234/iphone-17-air-a19-memory-integrity-enforcement-mte-security
📱 Nepal lifts social media ban after deadly youth protests security news – Nepal has lifted a ban on social media platforms following violent protests that resulted in 29 deaths. The government faced criticism for the ban, deemed digital repression by rights groups. https://therecord.media/nepal-social-media-ban-lifted-after-deadly-protests
🚗 Jaguar Land Rover says data stolen in disruptive cyberattack data breach – Jaguar Land Rover reported a cyberattack that resulted in data theft and halted vehicle assembly lines. The extent of the stolen data and its impact on employees or customers remains unclear. https://techcrunch.com/2025/09/10/jaguar-land-rover-says-data-stolen-in-disruptive-cyberattack/
🖼️ Google Online Security Blog: How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials security news – Google's Pixel and Android devices now utilize C2PA Content Credentials to enhance image authenticity, providing users with verifiable trust in their images and combating misinformation. http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
🔐 Brussels faces privacy crossroads over encryption backdoors privacy – Europe debates legislation requiring scanning of user content for child abuse, raising concerns over privacy and security. Critics argue it could lead to false accusations and a significant erosion of digital rights. https://www.theregister.com/2025/09/11/eu_chat_control/
💻 Kids in the UK are hacking their own schools for dares and notoriety cybercrime – The ICO reports that over half of personal data breaches in UK schools are caused by students, often through weak passwords and lax security practices. https://techcrunch.com/2025/09/11/kids-in-the-uk-are-hacking-their-own-schools-for-dares-and-notoriety/
🛡️ FTC opens inquiry into how AI chatbots impact child safety, privacy privacy – The FTC is investigating how major tech companies protect children using AI chatbots, focusing on safety measures and privacy practices. This follows concerns over negative impacts, including a tragic suicide case linked to a chatbot. https://therecord.media/ftc-opens-inquiry-ai-chatbots-kids
⚠️ Apple issues spyware warnings as CERT warning – Apple has issued alerts about a spyware campaign affecting iCloud-linked devices, confirmed by France's CERT-FR. Notifications indicate potential compromises, often involving sophisticated attacks with zero-day vulnerabilities. https://securityaffairs.com/182129/malware/apple-issues-spyware-warnings-as-cert-fr-confirms-attacks.html
🔒 Swiss government looks to undercut privacy tech, stoking fears of mass surveillance privacy – The Swiss government plans to require service providers to collect IDs, retain user data for six months, and potentially disable encryption, raising concerns over mass surveillance and the impact on privacy tech companies. https://therecord.media/switzerland-digital-privacy-law-proton-privacy-surveillance
🔒 Samsung fixed actively exploited zero vulnerability – Samsung patched the CVE-2025-21043 zero-day vulnerability, allowing remote code execution on Android devices. The flaw was exploited in attacks without user interaction, raising concerns over security. https://securityaffairs.com/182135/hacking/samsung-fixed-actively-exploited-zero-day.html
⚖️ Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal cybercrime – Aleksanteri Kivimäki, convicted of extorting over 20,000 psychotherapy clients, was released on appeal while his case continues. The hack has deeply impacted Finnish society, with many victims still suffering. https://therecord.media/finland-vastaamo-hacker-free-during-appeal-conviction
🧺 Dutch students denied access to jailbroken laundry machines security news – Over 1,250 University of Amsterdam students are without laundry services after a cyberattack compromised smart machines, allowing free washing. Management company Duwo refuses to restore the service due to costs. https://www.theregister.com/2025/09/12/jailbroken_laundry_machines/
🔓 Vietnam, Panama governments suffer incidents leaking citizen data data breach – Vietnam's National Credit Information Center suffered a data breach, with hackers claiming to have stolen 160 million records. Meanwhile, Panama's Ministry of Economy and Finance reported a cyberattack, with the INC ransomware gang claiming to have stolen 1.5 terabytes of data. https://therecord.media/vietnam-cic-panama-finance-ministry-cyberattacks
🚆 British rail passengers urged to stay on guard after hack signals failure data breach – LNER warns passengers of a data breach involving a third-party supplier, exposing contact details and journey information. Customers are advised to be cautious of unsolicited communications, although no payment details were compromised. https://www.bitdefender.com/en-us/blog/hotforsecurity/british-rail-passengers-hack-signals-failure
Some More, For the Curious
🎢 Exploiting the Impossible: A Deep Dive into A Vulnerability Apple Deems Unexploitable vulnerability – A deep dive reveals a race condition in Apple's file-copy API that could be exploited, challenging Apple's belief that it was unexploitable. This vulnerability poses significant security risks. https://jhftss.github.io/Exploiting-the-Impossible/
🐱👤 Break The Protective Shell Of Windows Defender With The Folder Redirect Technique hacking write-up – This article details a method for exploiting Windows Defender's update mechanism through symbolic links, allowing attackers to control its execution folder and potentially disable the antivirus. https://www.zerosalarium.com/2025/09/Break-Protective-Shell-Windows-Defender-Folder-Redirect-Technique-Symlink.html
🔓 Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack security news – Salesloft's GitHub was breached by hackers who stole tokens, leading to a mass attack on major clients like Google and Cloudflare. Security measures are now in place after a lengthy detection delay. https://securityaffairs.com/182002/hacking/hackers-breached-salesloft-s-github-in-march-and-used-stole-tokens-in-a-mass-attack.html
💻 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security malware – Eighteen widely-used JavaScript packages were compromised to steal cryptocurrency after a developer was phished. Experts warn that such supply chain attacks could lead to more severe malware outbreaks. https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/
🕵️♂️ Detecting Active Directory Password-Spraying with a Honeypot Account cyber defense – This article outlines a method to detect password-spraying attacks using a honeypot account, reducing false positives by monitoring logon attempts specifically associated with this account. https://trustedsec.com/blog/detecting-password-spraying-with-a-honeypot-account
🔧 Zero Day Initiative — The September 2025 Security Update Review vulnerability – September updates include Adobe's fixes for 22 CVEs across various products, and Microsoft's 80 CVEs, featuring Critical vulnerabilities like remote code execution. No active exploitation noted. https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review
⚠️ SAP warns of high-severity vulnerabilities in multiple products vulnerability – SAP has identified multiple high-severity vulnerabilities, including a critical flaw rated 10 in NetWeaver, allowing unauthenticated command execution. Immediate patching is advised to prevent exploitation. https://arstechnica.com/security/2025/09/as-hackers-exploit-one-high-severity-sap-flaw-company-warns-of-3-more/
🎓 The State of Ransomware in Education 2025 security research – Sophos' study reveals evolving ransomware threats in education, highlighting phishing and exploited vulnerabilities as primary attack vectors. Recovery efforts decline while ransom demands and payments drop significantly, indicating growing resilience. https://news.sophos.com/en-us/2025/09/10/the-state-of-ransomware-in-education-2025/
😅 The npm incident frightened everyone, but ended up being nothing to fret about cybercrime – An npm account compromise led to malicious code injection in popular packages, causing initial panic. However, the attack's impact was minimal, quickly contained, and the community's response proved effective. https://cyberscoop.com/open-source-npm-package-attack/
🐛 ChillyHell modular macOS malware OKed by Apple in 2021 malware – ChillyHell, a modular macOS backdoor that passed Apple's notarization, has likely infected systems undetected since 2021. Its advanced features include multiple persistence methods and command-and-control protocols. https://www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/
🔍 Do we invest too much in risk assessments and too little in security? cyber defense – Organizations should prioritize basic security controls over risk assessments. A structured approach involves establishing foundational security, followed by managed capabilities and risk-based enhancements to improve overall security posture. https://safecontrols.blog/2025/09/10/do-we-invest-too-much-in-risk-assessments-and-too-little-in-security/
☁️ VMSCAPE Spectre vulnerability leaks cloud secrets vulnerability – ETH Zurich researchers have discovered the VMSCAPE vulnerability, a Spectre-based exploit that allows cloud users to leak secrets from the hypervisor on AMD and Intel CPUs without code changes. Software mitigations are required to address the issue. https://www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/
🦠 SonicWall firewalls targeted by fresh Akira ransomware surge cybercrime – Researchers warn of a surge in Akira ransomware attacks exploiting a year-old vulnerability in SonicWall firewalls. Improper configurations and failure to reset passwords have exacerbated the issue, with multiple organizations affected. https://cyberscoop.com/sonicwall-akira-ransomware-attacks-surge/
💻 HybridPetya ransomware dodges UEFI Secure Boot malware – HybridPetya, a new ransomware strain, exploits a vulnerability to bypass UEFI Secure Boot on Windows systems. While currently a proof-of-concept, it demonstrates significant technical capabilities, including MFT encryption. https://www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/
CISA Corner
⚙️ CISA Releases Fourteen Industrial Control Systems Advisories vulnerability – CISA issued fourteen advisories detailing vulnerabilities in various Industrial Control Systems, including multiple Rockwell Automation products. Users are urged to review these for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/09/09/cisa-releases-fourteen-industrial-control-systems-advisories ⚙️ CISA Releases Eleven Industrial Control Systems Advisories vulnerability – CISA issued eleven advisories on September 11, 2025, detailing vulnerabilities in various ICS products, primarily from Siemens and Schneider Electric. Users are urged to review these advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/09/11/cisa-releases-eleven-industrial-control-systems-advisories
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-5086, a deserialization vulnerability in Dassault Systèmes DELMIA Apriso, to its KEV Catalog due to active exploitation risks. Federal agencies are required to remediate identified vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2025/09/11/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.