cyberlights – week 38/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
✈️ Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching privacy – Major airlines are selling billions of ticket records to the government for warrantless monitoring, raising significant privacy concerns about surveillance of individuals' movements. https://www.404media.co/airlines-sell-5-billion-plane-ticket-records-to-the-government-for-warrantless-searching/
🔑 Password Security Part 2: The Human Factor – Password Patterns and Weaknesses cyber defense – Human behavior leads to predictable password patterns that compromise security. Organizations can mitigate risks through password policies, filtering, and multi-factor authentication, while credential audits reveal weaknesses. https://www.guidepointsecurity.com/blog/password-security-part-2-human-factor-patterns-weaknesses/
💼 Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records data breach – Hackers, identified as Shiny Hunters, stole personal data of millions from luxury brands Gucci, Balenciaga, and Alexander McQueen, including names and contact details, raising concerns about targeted scams. https://securityaffairs.com/182236/cyber-crime/hackers-steal-millions-of-gucci-balenciaga-and-alexander-mcqueen-customer-records.html
🦠 FileFix attacks trick victims into executing infostealers malware – The FileFix attack tricks victims into executing malware by posing as a Facebook security alert, leading to the installation of the StealC infostealer. This method has surged in popularity, emphasizing the need for improved anti-phishing training. https://www.theregister.com/2025/09/16/filefix_attacks_facebook_security_alert/
🤖 Millions turn to AI chatbots for spiritual guidance and confession privacy – Tens of millions are using AI chatbots for spiritual advice, with apps gaining popularity for their accessibility. However, concerns arise over their accuracy, privacy, and the nature of their responses. https://arstechnica.com/ai/2025/09/millions-turn-to-ai-chatbots-for-spiritual-guidance-and-confession/
🛡️ OpenAI to predict ages in bid to stop ChatGPT from discussing self harm with kids privacy – OpenAI is implementing age prediction and identity verification systems to protect minors after a lawsuit linked its chatbot to a teenager's suicide. The company prioritizes safety over privacy for younger users. https://therecord.media/openai-age-prediction-chatgpt-children-safety
🔒 Samsung patches zero-day security flaw used to hack into its customers' phones vulnerability – Samsung has patched a zero-day vulnerability that allowed hackers to remotely install malicious code on devices running Android 13 to 16, following a private alert from Meta and WhatsApp. https://techcrunch.com/2025/09/16/samsung-patches-zero-day-security-flaw-used-to-hack-into-its-customers-phones/
🔧 Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs vulnerability – Apple's latest updates for iOS, iPadOS, and macOS patch multiple vulnerabilities, including some with potential root access, but no active exploits have been reported. Users can also update to earlier versions for critical patches. https://cyberscoop.com/apple-security-updates-september-2025/
⚖️ BreachForums founder resentenced to three years in prison cybercrime – Conor Brian Fitzpatrick, founder of the BreachForums cybercrime marketplace, was resentenced to three years in prison after a lenient initial sentence was overturned due to his lack of remorse and continued illegal activities. https://cyberscoop.com/conor-fitzpatrick-pompompurin-resetenced-breachforums/
🖥️ Consumer Reports asks Microsoft to keep supporting Windows 10 security news – Consumer Reports has urged Microsoft to continue supporting Windows 10, highlighting concerns about user security and compatibility as the transition to Windows 11 proceeds. https://www.theverge.com/news/779079/consumer-reports-windows-10-extended-support-microsoft
📰 Russian fake-news network back in action with 200+ new sites security news – A Russian troll farm has launched over 200 new fake news websites using AI to generate content, aiming to influence political discourse in multiple countries, including the US and Canada. https://www.theregister.com/2025/09/18/russian_fakenews_network/
🔒 10585 is the sixth actively exploited Chrome zero vulnerability – Google patched four vulnerabilities in Chrome, including the actively exploited zero-day CVE-2025-10585, a type confusion issue in the V8 engine, marking the sixth such vulnerability in 2025. https://securityaffairs.com/182322/uncategorized/cve-2025-10585-is-the-sixth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html
🛠️ Open-Source Tool Greenshot Hit by Severe Code Execution Vulnerability vulnerability – A critical vulnerability in Greenshot allows arbitrary code execution due to improper data handling, risking exploitation by local attackers. Users are urged to update to version 1.3.301 to mitigate the issue. https://thecyberexpress.com/greenshot-vulnerability/
📚 Librarians Are Being Asked to Find AI-Hallucinated Books security news – Librarians report increasing patron requests for non-existent books generated by AI, leading to confusion and diminished trust in information sources. The impact of generative AI on libraries raises concerns about information literacy and the quality of resources. https://www.404media.co/librarians-are-being-asked-to-find-ai-hallucinated-books/
🚆 ‘Scattered Spider’ teens charged over London transportation hack cybercrime – Two teenagers from the 'Scattered Spider' group have been charged in connection with a cyberattack that disrupted London's transportation systems, highlighting growing concerns about youth involvement in cybercrime. https://www.theverge.com/news/781039/scattered-spider-teens-charged-tfl-london-hack
✈️ Russia's main airport in St. Petersburg says its website was hacked security news – Pulkovo Airport in St. Petersburg experienced a cyberattack that took its website offline, although flight operations remained unaffected. This follows other disruptions in Russia's aviation sector amid rising cyberattacks since the Ukraine invasion. https://therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
👶 Watchdog finds MrBeast improperly collected children’s data privacy – The Children’s Advertising Review Unit found that YouTuber MrBeast collected children's data without parental consent, violating COPPA guidelines. He has since updated his data collection practices in response to the findings. https://therecord.media/watchdog-mrbeast-youtube-privacy-colection
🚗 JLR Cyberattack Becomes UK National Crisis cybercrime – The Jaguar Land Rover cyberattack has halted production, affecting over 200,000 workers and prompting government discussions for support. The incident, attributed to the Scattered Lapsus$ Hunters group, is causing significant financial losses. https://thecyberexpress.com/jlr-cyberattack-becomes-uk-national-crisis/
✈️ Hundreds of flights delayed at Heathrow and other airports after apparent cyberattack security news – A cyber-related incident involving Collins Aerospace led to significant flight delays at major European airports, including Heathrow, as airlines reverted to manual check-ins. Travelers are advised to arrive earlier for flights. https://techcrunch.com/2025/09/21/hundreds-of-flights-delayed-at-heathrow-and-other-airports-after-apparent-cyberattack/
Some More, For the Curious
🚨 T-1 month: Exchange Server 2016 and Exchange Server 2019 End of Support security news – Exchange Server 2016 and 2019 reach end of support on October 14, 2025, risking security vulnerabilities without updates. Users are urged to upgrade or migrate to Exchange Online. https://techcommunity.microsoft.com/blog/exchange/t-1-month-exchange-server-2016-and-exchange-server-2019-end-of-support/4453133
🕵️♂️ One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens vulnerability – A critical vulnerability in Entra ID allows attackers to impersonate Global Admins across tenants using undocumented Actor tokens. Microsoft swiftly fixed the issue, but risks remain. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
💨 Hosting a WebSite on a Disposable Vape hacking write-up – An innovative project explores hosting a web server on a disposable vape's microcontroller, achieving surprisingly fast response times despite its limited specs. A humorous take on tech recycling! https://bogdanthegeek.github.io/blog/projects/vapeserver/
🔓 Windows Local Privilege Escalation through the bitpixie Vulnerability vulnerability – The bitpixie vulnerability allows attackers to bypass BitLocker encryption via a downgrade attack on Windows Boot Manager, risking unauthorized access. A Microsoft patch is available to mitigate this risk. https://blog.syss.com/posts/bitpixie/
🚨 China Imposes One-Hour Reporting Rule for Major Cybersecurity Incidents security news – China's new regulations mandate reporting severe cybersecurity incidents within one hour, enhancing enforcement following high-profile data breaches. Proposed law amendments suggest stricter penalties for non-compliance. https://thecyberexpress.com/china-cybersecurity-incident-reporting/
🛡️ Google Online Security Blog: Supporting Rowhammer research to protect the DRAM ecosystem security research – Google supports research on Rowhammer vulnerabilities in DRAM, leading to the development of test platforms and new attack patterns that expose weaknesses in existing mitigations, necessitating further improvements. http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
🐍 Replicating Worm Hits 180+ Software Packages – Krebs on Security cybercrime – The Shai-Hulud worm has infected over 180 NPM packages, stealing credentials and publishing them on GitHub. It self-replicates, raising concerns over supply chain security in software development. https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/
🚫 Microsoft, Cloudflare shut down RaccoonO365 phishing domains cyber defense – Microsoft seized 338 domains linked to the RaccoonO365 phishing operation, led by Joshua Ogundipe, which sold phishing kits that compromised Microsoft 365 credentials. The takedown disrupts a major tool used by cybercriminals. https://www.theregister.com/2025/09/16/microsoft_cloudflare_shut_down_raccoono365/
💻 HybridPetya: The Petya/NotPetya copycat comes with a twist malware – ESET has identified a new ransomware called HybridPetya, which mimics NotPetya but can also compromise UEFI systems and exploit CVE‑2024‑7344 to bypass UEFI Secure Boot. It's not currently spreading in the wild. https://www.welivesecurity.com/en/videos/hybridpetya-petya-notpetya-copycat-twist/
🔓 Attack on SonicWall’s cloud portal exposes customers’ firewall configurations data breach – SonicWall confirmed a breach of its MySonicWall.com platform, exposing firewall configuration files of less than 5% of its customers. The incident highlights systemic security issues within the vendor's operations. https://cyberscoop.com/sonicwall-cyberattack-customer-firewall-configurations/
⛈️ Cloudflare DDoSed itself with React useEffect hook blunder security news – Cloudflare experienced an outage due to a coding error involving a React useEffect hook, which caused excessive API calls and overloaded its Tenant Service API. The incident sparked discussions on the proper use of useEffect in development. https://www.theregister.com/2025/09/18/cloudflare_ddosed_itself/
⚙️ SystemBC – Bringing the Noise security research – Lumen's Black Lotus Labs discovered the SystemBC botnet, leveraging over 80 C2s and primarily targeting VPS systems to create high-volume proxies for cybercriminal activities. The botnet is linked to various criminal groups and is being used alongside the REM Proxy service for malicious operations. https://blog.lumen.com/systembc-bringing-the-noise/
🔒 CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities vulnerability – CISA reports a malware campaign exploiting Ivanti EPMM vulnerabilities (CVE-2025-4427 and CVE-2025-4428), allowing unauthorized access and malware deployment. Organizations are urged to upgrade systems and implement security measures. https://thecyberexpress.com/cisa-mar-cve-2025-4427-28/
🔐 CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT vulnerability – A critical vulnerability, CVE-2025-10035, has been identified in Fortra's GoAnywhere MFT software, potentially exposing sensitive data. Users are urged to apply patches immediately to mitigate risks. https://www.vulncheck.com/blog/cve-2025-10035-fortra-go-anywhere-mft
🤔 Future of CVE Program in limbo as CISA, board members debate path forward security news – The future of the CVE Program is under debate after a funding incident raised concerns about its management. CISA asserts its leadership role while board members advocate for a collaborative, globally-supported model. https://therecord.media/cve-program-future-limbo-cisa
CISA Corner
⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories addressing vulnerabilities in various Industrial Control Systems, including products from Siemens, Schneider Electric, and Hitachi Energy, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/09/16/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Nine Industrial Control Systems Advisories vulnerability – CISA has issued nine advisories addressing vulnerabilities in various Industrial Control Systems, including products from Westermo, Schneider Electric, and Hitachi Energy, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-nine-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.