August 23, 2025

Hello all,

Perhaps it is because I’m becoming jaded to all of the incessant histrionics about the latest new zero-day vulnerability, and the patches needed to fix flaws, and threat actors scoring big yet again; but there wasn’t much that stood out as headline newsworthy this week. There was a bit though, with Apple, Google, Mozilla, and the US Congress making the cut. So, onward.

Headline NEWS:

• Apple released updates to fix a zero-day that was under active exploitation “in an extremely sophisticated attack against specific targeted individuals”. Cointelegraph reported that it was a zero-click exploit that could be used to access the wallet and compromise key storage or signing. Obviously, if you use any iFruit, update quickly. Also in Apple news, the United Kingdon relented, after the USA intervened, and dropped their demand for access to encrypted data on Apple devices. Apple has not yet said if they’ll reenable the ability to turn on Advanced Data Protection (ADP) for users subject to UK laws.
• Google Chrome and Mozilla Firefox patched high-severity vulnerabilities in the respective browsers this past week. If you haven’t restarted or updated your browser yet, now would be a really good time to do so.
• US may soon have digital privateers if a bill introduced by Arizona lawmaker David Schweikert passes. The President would have the authority under the Scam Farms Marque and Reprisal Authorization Act of 2025 to issue letters of marque, a legal license to commit digital piracy on the high seas of electrons against those deemed enemies of the state that are engaged in cybercrime. Pirates of Internet could be coming to threat actors everywhere soon.

In Ransomware, Malware, and Vulnerabilities News:

• Fake Mac fixes trick users into installing new Shamos infostealer. One of the most successful attacks against Windows users recently have been “Click-Fix” or fake CAPTCHA scams. They spoof legitimate internet pop-up windows that attempt to verify if you’re a human. Or tell you to copy and paste something to “fix” an issue. Internet lowlife figured out how to mimic CAPTCHA and support sites and convince people to copy and paste commands to their own computers, which then give the threat actors access, and ultimately, control of their workstations. Now, the same or similar tactic is spreading to Mac users. Internet searches for a problem will turn up a threat actor’s “helpful” site that shows commands that the user is told to paste into a terminal screen on their Mac. When they do, they download and install malware onto their own system. If you don’t understand what you’re being asked to copy and paste, don’t do it.

In Other News Events of Note and Interest:

• Microsoft updates seem to be increasingly problematic, both in their online space, and local ones. Just a few days ago Big Redmond took down portions of office.com, and copilot due to a “configuration change”. The August Windows update patches now have at least three major issues reported and acknowledged; streaming functions are severely degraded, Solid State Drives (SSDs) are failing or disappearing entirely under heavy transfers, and windows reset and recovery was broken – just in time for Windows 10’s deprecation, when you resetting a PC to defaults prior to donation or disposal is ramping up. I know that it is impossible to test every possible combination of hardware and software out there, but this is getting a bit ridiculous.

Musings:

For most of North America, summer vacation time is nearly over. The last hurrah, Labor Day is only one week away, and if not already, schools across the nation will be open to students again. Millions of pupils will be engaged in the age-old process of Didactic Learning, and millions will be learning via Constructivist Learning, or more simply inquiry, discovery, and trial and error. No matter which method is used, remember to be kind to these young people. They are our future and in large part what they become, how they see themselves and the world for most of their lives all stems from how they perform, are perceived, and evaluated in this stage of life. They can be inspired to greatness or relegated to mediocrity; the voice of one key person could make all the difference in the world. What voice will you be in one of these scholars’ lives? Will it encourage and build, or tear down? The choice is up to you.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Apple fixes new zero-day flaw exploited in targeted attacks
• Apple Patches Zero-Click Exploit Threatening Crypto Users
• UK drops demand for backdoor into Apple encryption
• UK agrees to drop its Apple encryption backdoor request – but digital rights experts aren’t ready to celebrate
• Chrome High-Severity Vulnerability Let Attackers Crash Browser or Execute Arbitrary Code
• Mozilla High Severity Vulnerabilities Enables Remote Code Execution
• US rep introduces bill to authorize state-sanctioned piracy against cybercriminals
• Congressman proposes bringing back letters of marque for cyber privateers

Ransomware, Malware, and Vulnerabilities News

• CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks
• Cyber Insurers May Limit Payouts for Breaches via Flaws
• US seizes $2.8 million in crypto from Zeppelin ransomware operator
• Florida Man, linked to ‘Scattered Spider’ cybercrime gang sentenced to 10 years for cryptocurrency theft
• African authorities dismantle massive cybercrime and fraud networks, recover millions
• Nigeria deports 50 Chinese nationals in cybercrime crackdown
• ‘One of the most powerful DDoS botnets to ever exist’ has been taken down by the DoJ with help from Amazon Web Services, Google, Cloudflare and others
• FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage
• Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery
• Google unveils new AI and cloud security capabilities at Security Summit
• Chrome High-Severity Vulnerability Let Attackers Crash Browser or Execute Arbitrary Code
• Microsoft Curbs Early Notifications for Chinese Firms on Cybersecurity Flaws
• Asian Orgs Shift Cybersecurity Requirements to Suppliers
• ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure
• Elastic rejects claims of a zero-day RCE flaw in Defend EDR
• McFail again, McDonald’s Free Nuggets Hack Leads to Expose of Confidential Data
• Commvault releases patches for two pre-auth RCE bug chains
• IBM Finds Improper Controls in 97% of AI-Related Data Breaches
• AI Agents Access Everything, Fall to Zero-Click Exploit
• Boffins: LLM chatbots trivial to weaponize for data theft
• Transcription app Otter.ai accused of illegal recordings
• Your Chats With AI Chatbot Grok May Be Visible to Everyone
• AI website builder Lovable increasingly abused for malicious activity
• Hackers are embracing AI-powered malware as security teams counter with their own AI
• Discover the security risks of using automatic password autofill
• Major password managers can leak logins in clickjacking attacks
• Why email security needs its EDR moment to move beyond prevention
• Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
• Plex warns users to update systems immediately after detecting worrying security issue
• Think before you Click(Fix): Analyzing the ClickFix social engineering technique
• Fake Mac fixes trick users into installing new Shamos infostealer
• Split and nested QR codes fuel new generation of ‘quishing’ attacks
• Phishing always works, despite cyber training
• Researcher downloaded the data of all 270,000 Intel employees from an internal business card website
• Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025
• Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit
• Hackers Weaponizing Cisco’s Secure Links to Evade Link Scanning and By-Pass Network Filters
• Threat Actors Use Pirated Games to Bypass Microsoft Defender SmartScreen and Adblockers
• URL-based threats become a go-to tactic for cybercriminals
• Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
• Turning Camera Surveillance on its Axis
• Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code
• Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Injection During Restoration
• Android VPN apps used by millions are covertly connected AND insecure
• Free VPN apps found to have ties with Russia and China – and they’re hiding in Google and Apple’s app stores
• Microsoft puts the squeeze on onmicrosoft.com freeloaders
• Hackers steal Microsoft logins using legitimate ADFS redirects
• How attackers are using Active Directory Federation Services to phish with legit office.com links
• New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
• Copilot Broke Your Audit Log, but Microsoft Won’t Tell You
• Microsoft mum about M365 Copilot on-demand security bypass
• Microsoft Defender AI Can Detect Plaintext Credentials in Active Directory
• Microsoft Web deploy vulnerability
• Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
• Over 800 N-able servers left unpatched against critical flaws
• New Gmail Phishing Attack With Weaponized Login Flow Steals Login Credentials
• Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
• Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
• Arch Linux Confirms Ongoing Denial‑of‑Service Attack
• Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot
• Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger
• APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task
• DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
• How Warlock Ransomware Targets Vulnerable SharePoint Servers
• Honey, I shrunk the image and now I’m pwned
• Murky Panda hackers exploit cloud trust to hack downstream customers
• Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
• Hackers claim millions of PayPal accounts leaked while experts say the data looks suspiciously cheap and possibly stolen from old infostealer logs
• NY Business Council discloses data breach affecting 47,000 people
• Orange Belgium discloses data breach impacting 850,000 customers
• Allianz Life data breach affects 1.1 million customers
• HR giant Workday discloses data breach after Salesforce attack
• North Korean Hackers Stealthy Linux Malware Leaked Online
• Russian Hackers Target Polish Hydropower in Cyberattack
• Russia-linked European attacks renew concerns over water cybersecurity
• UK telecom firm Colt suffers massive ransomware attack
• Georgia SNAP call center still down after cyberattack
• City of Middletown, OH experiences cybersecurity incident impacting several services
• Systems online again after cyber-attack hit City of Lubbock
• Qilin Ransomware Gang Claims 4TB Data Breach at Nissan CBI
• Pharma firm Inotiv says ransomware attack impacted operations
• PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain
• Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware
• WordPress Contact Form 7 Redirection Plugin Vulnerability Hits 300k Sites

Other News Events of Note and Interest

• Cool Tool: Ventoy 1.1.06 Brings TrueNAS Scale Support
• It’s official: The U.S. owns 9.9 percent of Intel
• FydeOS offers ChromeOS without the Google strings attached
• CISA Releases Operational Technology Guide for Owners and Operators Across all Critical Infrastructure
• New Army PCA wants more AI-enabled cyber at the edge for offensive, defensive ops
• MITRE Updates List of Most Common Hardware Weaknesses
• Mozilla warns Germany could soon declare ad blockers illegal
• This sleek new printer tosses complicated buttons, endless trays, and glued parts
• Mind-reading tech from US decodes inner thoughts with 74% accuracy
• The best new features of the Google Pixel 10 lineup
• 14 ways Googlers use AI to work more effectively
• Google applies age verification algorithm to Google Search
• AI Mode in Google Search adds personalization, agentic features
• In a first, Google has released data on how much energy an AI prompt uses
• End-to-end encryption coming to iOS-Android RCS chats as soon as next month
• Should Europe wean itself off US tech?
• Why You Should Update Your BIOS
• LibreOffice 25.8: smarter, faster and more reliable
• At China’s Humanoid Robot Games, Athletes Fell Down a Lot
• Mozilla warns Germany could soon declare ad blockers illegal
• Erasing data from the devices you discard is a booming business
• How long can AI agents like Cursor keep burning cash? Investors are divided.
• Citrix Virtual Apps and Desktops 2507 Long Term Service Release is now available
• Palo Alto Networks founder Nir Zuk steps down, marking end of an era in cybersecurity
• Microsoft: August Windows updates cause severe streaming issues
• Microsoft AI CEO Is Worried About ‘Seemingly Conscious AI’
• Microsoft blames configuration change for another 365 outage
• Microsoft is tweaking its enterprise software pricing once again – and some customers won’t be too happy
• Protecting against typosquatting with website typo protection in Microsoft Edge
• Microsoft Entra Private Access brings conditional access to on-prem Active Directory
• Microsoft is finally modernizing SharePoint sites
• Microsoft Teams adds mic icon for live audio feedback
• Microsoft crams Copilot AI directly into Excel cells
• Microsoft delays plan to let Copilot see your Teams screen
• Microsoft OneNote for Windows 10 is being killed off, here is what you need to do
• Microsoft breaks Windows reset and recovery
• Microsoft releases emergency updates to fix Windows recovery
• Microsoft reportedly fixing SSD failures caused by Windows updates
• Microsoft squashes bug that broke upgrade paths in Windows 10 and Windows Server