Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [04 Sep 2025]

admin
Cybersecurity News | Daily Recap [04 Sep 2025]

The recap highlights notable AI/ML threats, supply-chain exploits, and vulnerability disclosures, including Model Namespace Reuse targeting Google Vertex AI and Azure, and widespread patching efforts across Windows, Android, Chrome, Django, and Linux. It also notes significant incidents such as data breaches, nation-state activity, and enforcement actions, with various high-profile actors and organizations affected.
#ModelNamespaceReuse #NotDoor #APT28 #APT29 #ShinyHunters #NotDoorBackdoor #Google #Bridgestone #Workiva #DeepSeek

Daily Cybersecurity News Recap

AI & ML Threats

  • Researchers demonstrated a new AI supply-chain exploit called Model Namespace Reuse that can swap or hijack model names on repos like Hugging Face to push malicious models affecting Google Vertex AI and Microsoft Azure — AI Supply Attack
  • Attackers are abusing X’s Grok assistant to bypass posting limits and amplify malicious links and scams at scale — Grok Abuse
  • Open-source AI tooling like HexStrike-AI is being repurposed by threat actors to weaponize n-day Citrix flaws within days of disclosure, accelerating automated exploitation — HexStrike Exploit, HexStrike Report

DDoS & Infrastructure

  • Global DDoS activity surged in H1 2025 as geopolitics and easy-to-use tools (including AI-driven automation and DDoS-for-hire) fuel attacks by hacktivist groups like NoName057DDoS Surge
  • Cloudflare reported mitigating the largest-ever DDoS at 11.5 Tbps (35 seconds), a UDP flood from compromised IoT devices and cloud hosts that highlighted growing attack scale — Cloudflare 11.5Tbps

Vulnerabilities & Patches

  • Microsoft acknowledged that August/September Windows updates introduced unexpected UAC prompts and app install failures for non-admin users while fixing CVE-2025-50173, and is working on mitigations — Windows UAC Issue
  • Google released Android security updates addressing 120 flaws including two actively exploited zero-days and kernel/Qualcomm bugs — Android Patch, Android Alert
  • Google pushed Chrome 140 to fix multiple flaws including a V8 use-after-free, urging users to update to mitigate remote exploitation risks — Chrome 140
  • Critical bugs were disclosed in widely used stacks: Django’s CVE-2025-57833 enabling high-risk SQL injection via FilteredRelation, and Linux UDisks CVE-2025-8067 allowing local data exposure—admins urged to patch immediately — Django SQLi, UDisks CVE
  • Mis-issued TLS certificates for 1.1.1.1 DNS raised man-in-the-middle concerns and highlighted PKI/cert-transparency gaps — 1.1.1.1 Certs
  • The US CISA warned of active exploitation of a TP-Link range extender flaw (CVE-2020-24363), stressing patching even for discontinued devices — TP‑Link Extender

Malware, Scams & Supply‑chain

  • New sextortion spyware named Stealerium automates webcam captures of victims on adult sites and steals data, worsening blackmail risks—malware was found freely distributed on GitHub — Stealerium
  • Android droppers have evolved into modular distributors delivering banking trojans, SMS stealers and spyware that evade Play Protect and hide payloads via timing tricks, with notable activity in AsiaAndroid Droppers
  • Social-engineered scams using fake AnyDesk installers and Windows search tricks are distributing MetaStealer as part of ClickFix campaigns, targeting remote-support victims — MetaStealer ClickFix
  • Malicious npm packages are leveraging Ethereum smart contracts to hide commands and deploy malware, signaling developer-supply-chain innovation by attackers — Malicious npm

Nation‑state Activity

  • A new Outlook backdoor called NotDoor linked to Russia’s APT28/Fancy Bear can monitor, exfiltrate and execute commands against NATO-connected firms, showing continued tooling evolution — NotDoor Backdoor
  • Investigations detail how Russia-linked APT29 used watering‑hole techniques to turn everyday sites into surveillance traps for targeted espionage, underscoring persistent supply-chain and web targeting risks — APT29 Watering‑Hole

Data Breaches & Incidents

  • South Carolina’s School District 5 disclosed a ransomware/data breach by Interlock that exposed social security and financial details for about 31,000 people and disrupted operations/payroll — School District Breach
  • Tire maker Bridgestone confirmed a cyberattack impacted some North American manufacturing sites, prompting containment and supply‑chain disruption concerns with possible ransomware involvement — Bridgestone Attack
  • SaaS firm Workiva disclosed a breach tied to third‑party Salesforce intrusions attributed to the ShinyHunters group that exposed customer contact data, highlighting CRM supply‑chain risks — Workiva Breach
  • A misconfigured database at Chinese AI firm DeepSeek leaked over a million sensitive log streams, emphasizing routine risk from cloud misconfigurations — DeepSeek Leak

Policy, Legal & Enforcement

  • France’s CNIL fined Google €325 million (~$381M) for dark-pattern consent and ad practices in Gmail, reinforcing strict EU privacy enforcement — Google Fine
  • The European court rejected a challenge to the EU‑US Data Privacy Framework, upholding trans‑Atlantic data flows and U.S. safeguards for EU personal data transfers — EU‑US Ruling
  • The U.S. government offered a $10 million reward for information on three Russian FSB officers tied to widespread critical‑infrastructure cyber intrusions — FSB Bounty
  • The DOJ and FTC actions target Chinese toy maker Apitor for illegally collecting children’s geolocation data in violation of COPPA, with lawsuits/fines and proposed deletion/remediation terms — Apitor DOJ, Apitor FTC
  • Lawmakers voted to extend key U.S. cybersecurity programs ahead of the September 30 deadline as Congress debates information-sharing, CISA authorities, and AI-focused provisions — Cyber Legislation
  • International law enforcement and ACE disrupted the Streameast piracy network, arresting suspects in Egypt and seizing infrastructure in the largest illegal sports-streaming takedown — Streameast Takedown, Streameast Police

Industry Moves & Funding

  • Tidal Cyber raised $10 million Series A to expand its CTI and adversary-behavior platform that maps TTPs to MITRE ATT&CK for automated detection/response — Tidal Funding
  • Cato Networks acquired AI security firm Aim Security to bolster its SASE platform with protections for AI apps and development lifecycles amid emerging AI‑centric threats — Cato Acquires

Research, Events & Programs

  • Apple opened applications for its 2026 Security Research Device Program, offering specially configured iPhones to vetted researchers for advanced vulnerability discovery and early access — Apple SRDP
  • A global calendar lists major cybersecurity conferences from Sep–Dec 2025 (ESORICS, COSAC, Black Hat, BSides and more) to aid planning and attendance — Cyber Events
  • An interview with McKenzie Wark reframes hacking as creative play and cultural practice, broadening perspectives on the hacker role in society — Hacker Conversation

Other / Regional Politics

  • Ukraine’s SBU called corruption charges against former cyber chief Illia Vitiuk politically motivated and framed as retaliation, raising controversy over anti‑corruption probes in the security sector — Ukraine Case

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint