Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [21 Aug 2025]

admin
Cybersecurity News | Daily Recap [21 Aug 2025]

This daily recap highlights urgent vulnerabilities patched by Apple, Docker, Chrome, and Cisco, emphasizing the importance of timely updates. It also covers ongoing exploits by Russian APT groups targeting Cisco devices, significant data breaches, and advancements in malware infrastructure attacks. #CVE-2025-43300 #CVE-2025-9074 #CVE-2025-9132 #AV25-532 #StaticTundra #BerserkBear #CiscoExploit #Qilin #ScatteredSpider

Daily Cybersecurity Recap

Vulnerabilities & Patches

  • Apple released emergency updates to fix an ImageIO zero-day CVE-2025-43300 that enabled remote code execution via malicious images across iOS, iPadOS and macOS in targeted attacks – Apple Zero-Day, Apple Zero-Day, Apple Zero-Day
  • A critical Docker Desktop flaw CVE-2025-9074 could allow malicious containers to access the host and control the Docker Engine API; users are urged to upgrade immediately – Docker Flaw
  • Google fixed a Chrome V8 bug CVE-2025-9132 in Chrome 139 discovered by Big Sleep AI that could be weaponized for code execution – Chrome V8
  • Cisco and partners published multiple advisories (eg. AV25-532) covering urgent flaws across products; admins should review vendor guidance and apply patches – Cisco Advisories

Russian APTs & Cisco Exploits

  • US authorities warn FSB-linked groups like Static Tundra/Berserk Bear continue exploiting the seven‑year‑old Cisco bug CVE-2018-0171 to infiltrate critical infrastructure and gather network configs — patch legacy devices now – Cisco Exploits, Cisco Exploits, Cisco Exploits

Data Breaches & Ransomware

  • Telecom provider Colt confirmed a data breach and the ransomware group WarLock is auctioning stolen files on the dark web – Colt Breach
  • Orange Belgium disclosed a breach affecting 850,000 customer accounts (names and account details); the telecom blocked access and notified authorities as phishing risks rise – Orange Breach, Orange Breach
  • Ransomware group Qilin claimed the Inotiv attack; meanwhile Europol-related reward stories caused confusion with both an official $50k reward and false reward scams circulating — enforcement and rumor control follow the gang’s high-profile hits – Inotiv Hack, Qilin Reward, Qilin Fake

Cybercrime Sentences & Takedowns

  • A member of Scattered Spider was sentenced to 10 years (and ordered to pay $13 million) for SIM‑swapping, crypto theft and corporate intrusions, underscoring the group’s global impact – Scattered Spider, Scattered Spider, Scattered Spider, Scattered Spider
  • The DOJ seized the Mirai‑based DDoS botnet “Rapper Bot” and charged an alleged operator after Operation PowerOff disrupted attacks on over 18,000 targets worldwide – Rapper Bot
  • A hacker tied to the Yemen Cyber Army was jailed for 20 months for site defacements and data theft, highlighting ongoing hacktivist prosecutions – Yemen Hacker

Credentials & Password Security

  • The Blue Report 2025 found nearly half of tested environments were compromised via weak passwords, stressing urgent improvements to authentication and credential hygiene – Blue Report
  • Studies reveal widespread clickjacking and DOM‑based extension attacks against browser password managers that can steal credentials, 2FA codes and payment data; vendors are patching but users should disable auto-fill until fixed – Password Clickjacking, Extension Clickjacking

Malware & Infrastructure Attacks

  • Researchers uncovered QuirkyLoader, used since late 2024 to deliver Agent Tesla, AsyncRAT and Snake Keylogger via email spam and DLL side‑loading targeting organizations in Taiwan and Mexico – QuirkyLoader
  • Attackers exploited a critical Apache ActiveMQ flaw to install persistent Linux malware (aka DripDropper), backdooring servers and using cloud services for C2 — patch and investigate IOCs – ActiveMQ Attack

AI, Platform Abuse & Phishing

  • Crooks are abusing AI site builders like Lovable to host phishing and malware pages, lowering barriers for attacks despite platform protections – Lovable Abuse
  • Agentic AI browsers such as Comet and Edge Copilot can be tricked into fraudulent transactions and are vulnerable to prompt injection and phishing, raising concerns for sensitive workflows – AI Browser Risks
  • The GPT‑5 router vulnerability PROMISQROUTE can force routing to older, less‑secure models, exposing users to safety bypasses and increased hallucination/jailbreak risk – GPT-5 Route
  • Attackers are stealing Microsoft 365 credentials by chaining legitimate ADFS redirects and office.com links to convincing phishing pages, bypassing some protections — review federation flows and MFA settings – ADFS Redirects

Industry, Policy & Guidance

  • VMware certifications and community resources (VMUG/Advantage) are being promoted as key to building resilient IT teams capable of handling evolving security threats – VMware Certs
  • Opinion: “Slow and steady” security prioritizes measured, strategic defenses over hype-driven reactions — ask the right risk questions before chasing every new threat – Security Strategy
  • The UK (with US alignment) sanctioned Kyrgyz financial and crypto networks for aiding Russian sanctions evasion and ransomware funding, aiming to choke illicit finance channels – Kyrgyz Sanctions, Kyrgyz Sanctions

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint