Cyber security August 2025

This posting is here to collect cyber security news in August 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

191 Comments

  1. Tomi Engdahl says:

    Microsoft Dissects PipeMagic Modular Backdoor
    https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/

    PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility.

    Microsoft has delved into the inner workings of PipeMagic, a modular backdoor used in multiple ransomware attacks since the beginning of this year.

    Posing as a legitimate open source ChatGPT Desktop Application, PipeMagic is a sophisticated malware framework that provides attackers with persistent access to the compromised system.

    The backdoor uses modules for its various capabilities, such as command-and-control (C&C) communication, and is able to dynamically execute payloads and provide the attackers with granular control over code execution, Microsoft explains.

    “By offloading network communication and backdoor tasks to discrete modules, PipeMagic maintains a modular, stealthy, and highly extensible architecture, making detection and analysis significantly challenging,” the company notes.

    Reply
  2. Tomi Engdahl says:

    Data Breaches
    1.1 Million Unique Records Identified in Allianz Life Data Leak
    https://www.securityweek.com/1-1-million-unique-records-identified-in-allianz-life-data-leak/

    Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life.

    Reply
  3. Tomi Engdahl says:

    Gabbard Says UK Scraps Demand for Apple to Give Backdoor Access to Data

    Britain abandoned its demand that Apple provide backdoor access to any encrypted user data stored in the cloud.

    https://www.securityweek.com/gabbard-says-uk-scraps-demand-for-apple-to-give-backdoor-access-to-data/

    Reply
  4. Tomi Engdahl says:

    Hacktivist Sentenced to 20 Months of Prison in UK
    https://www.securityweek.com/hacktivist-sentenced-to-20-months-of-prison-in-uk/

    Al-Tahery Al-Mashriky of the Yemen Cyber Army has been accused of hacking into and defacing many websites as part of hacktivist campaigns.

    Reply
  5. Tomi Engdahl says:

    New Research Links VPN Apps, Highlights Security Deficiencies
    https://www.securityweek.com/new-research-links-vpn-apps-highlights-security-deficiencies/

    Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications.

    Nearly two dozen VPN applications in Google Play contain security weaknesses impacting the privacy of their users, exposing transmitted data to decryption, a new Citizen Lab report shows.

    Furthermore, the VPN providers that offer these applications can be linked to one another, although they claim to be separate entities and use various means to hide their true identities.

    Starting from previous reports linking Innovative Connecting, Autumn Breeze, and Lemon Clove, three VPN providers claiming to be based in Singapore, to a Chinese national, Citizen Lab’s analysis identified additional connections between their applications, and linked other VPN apps and their providers.

    According to Citizen Lab’s report (PDF), eight VPN applications from Innovative Connecting, Autumn Breeze, and Lemon Clove share code, dependencies, and hardcoded passwords, potentially allowing attackers to decrypt the traffic of their users. These apps have over 380 million combined downloads in Google Play.

    Reply
  6. Tomi Engdahl says:

    https://www.securityweek.com/help-desk-at-risk-scattered-spider-shines-light-on-overlook-threat-vector/

    Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector

    As attackers target help desks and identity systems, traditional security perimeters are proving insufficient against agile, socially-engineered threats.

    Reply
  7. Tomi Engdahl says:

    Robert McMillan / Wall Street Journal:
    Federal prosecutors charge an Oregon man with operating the Rapper Bot, one of the most powerful DDoS botnets ever seen, which knocked X offline earlier in 2025 — The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say

    Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
    The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say
    https://www.wsj.com/tech/oregon-man-accused-of-operating-one-of-most-powerful-attack-botnets-ever-seen-380b2caf?st=TeAk2p&reflink=desktopwebshare_permalink

    Reply
  8. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/17794-microsoftin-copilotista-loeytyi-vakava-haavoittuvuus

    Microsoftin 365 Copilotista paljastui kesällä vakava EchoLeak-haavoittuvuus, mutta yhtiö on jo paikannut sen. Kyseessä oli niin sanottu zero-click-tyyppinen hyökkäys, joka mahdollisti yritysten arkaluontoisen tiedon vuotamisen ilman käyttäjän minkäänlaista toimintaa.

    Haavoittuvuuden löysi alun perin israelilainen kyberturvayhtiö AIM Security, ja sen laajempia vaikutuksia on sittemmin arvioinut muun muassa tietoturvayhtiö Check Pointin tutkimuslaitos. Haavoittuvuus tunnetaan tunnuksella CVE-2025-32711 ja lempinimellä EchoLeak.

    Reply
  9. Tomi Engdahl says:

    Vulnerabilities
    Intel Employee Data Exposed by Vulnerabilities

    A researcher said he found vulnerable internal services that exposed the information of 270,000 Intel employees.

    https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/

    Reply
  10. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/17799-varo-verkkokauppojen-halpoja-reitittimiae

    Share on Facebook Share on Twitter Share on LinkedIn

    Varo verkkokauppojen halpoja reitittimiä

    Julkaistu: 20.08.2025

    Devices Networks

    Kuituoperaattori Valoo varoittaa halpakaupoista ostetuista verkkolaitteista: ne voivat vaarantaa koko kotiverkon tietoturvan. Yhä useammin ulkomaisista verkkokaupoista hankitut reitittimet, digiboksit ja valvontakamerat osoittautuvat ongelmallisiksi. Pahimmillaan internetyhteys joudutaan katkaisemaan, jos laite saastuu ja alkaa osallistua kyberrikollisten hyökkäyksiin.

    Myös asiantuntijat muistuttavat, ettei ongelma rajoitu vain kiinalaisiin verkkokauppoihin. Etteplanin myyntijohtaja Antti Tolvanen huomauttaa, että halpoja ja suojaamattomia laitteita voi päätyä markkinoille monenlaisten nettikanavien kautta, myös Euroopasta käsin.

    - RED 3(3)def -direktiivin uudet vaatimukset pyrkivät parantamaan tilannetta, mutta esimerkiksi kiinalaiset toimijat eivät välitä EU:n säännöksistä. Silti tärkein ohje on yksinkertainen: hanki verkkolaite uskottavalta EU/ETA-toimijalta, esimerkiksi operaattorilta, Tolvanen sanoo.

    Jos verkkokaupan kautta tilattu laite ei täytä säädöksiä, radiolain mukaan vastuu on lähtökohtaisesti myyjällä. Käyttäjälle ei ole säädetty rangaistuksia laitteen käytöstä, mutta hän voi silti menettää nettiyhteytensä, jos operaattori joutuu sulkemaan sen.

    – Emme tee tätä kiusallamme, vaan asiakkaan eduksi. Yhteys avataan, kun laite on turvassa, Kim Heikkinen sanoo.

    Reply
  11. Tomi Engdahl says:

    Europol Says Qilin Ransomware Reward Fake

    A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.

    https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/

    Reply
  12. Tomi Engdahl says:

    GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models

    Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.

    https://www.securityweek.com/gpt-5-has-a-vulnerability-it-may-not-be-gpt-5-answering-your-call/

    Reply
  13. Tomi Engdahl says:

    Slow and Steady Security: Lessons from the Tortoise and the Hare

    By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.

    https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/

    Reply
  14. Tomi Engdahl says:

    Elastic Refutes Claims of Zero-Day in EDR Product

    Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.

    https://www.securityweek.com/elastic-refutes-claims-of-zero-day-in-edr-product/

    Reply
  15. Tomi Engdahl says:

    Wi-Fi tunnistaa henkilön ilman kameraa
    https://etn.fi/index.php/13-news/17803-wi-fi-tunnistaa-henkiloen-ilman-kameraa

    Rooman Sapienza-yliopiston tutkijat ovat kehittäneet WhoFi-järjestelmän, joka kykenee tunnistamaan ihmiset ilman kameraa pelkästään Wi-Fi-signaalien avulla. Ratkaisu hyödyntää langattomien reitittimien tuottamaa Channel State Information (CSI) -dataa, joka sisältää yksilöllisiä piirteitä ihmisen kehon rakenteesta, liikkeistä ja jopa sisäisestä koostumuksesta.

    Käytännössä Wi-Fi-signaalin kulku vääristyy eri tavoin riippuen siitä, kuka sen tiellä liikkuu – ja tämä vääristymä toimii henkilön ainutlaatuisena “radio­biometrisena allekirjoituksena”.

    Reply
  16. Tomi Engdahl says:

    Nathaniel Mott / Tom’s Hardware:
    GFW Report: on August 20, China’s Great Firewall blocked all TCP port 443 traffic, used for HTTPS, for ~74 minutes, an unusual move; the cause may be accidental

    China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
    News
    By Nathaniel Mott published 21 hours ago
    The cause of the incident could be intentional or accidental
    https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention

    Reply
  17. Tomi Engdahl says:

    Turning Human Vulnerability Into Organizational Strength
    Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
    https://www.darkreading.com/vulnerabilities-threats/human-vulnerability-organizational-strength

    Reply
  18. Tomi Engdahl says:

    China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
    News
    By Nathaniel Mott published 2 days ago
    The cause of the incident could be intentional or accidental
    https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention

    Reply
  19. Tomi Engdahl says:

    China cut itself off from the global internet for an hour on Wednesday
    Great Firewall took out all traffic to port 443 at a time Beijing didn’t have an obvious need to keep its netizens in the dark
    https://www.theregister.com/2025/08/21/china_port_443_block_outage/

    Reply
  20. Tomi Engdahl says:

    Windows lets anyone on your WiFi hijack your connection with IPv6
    https://cybernews.com/security/hackers-can-abuse-ipv6-to-hijack-networks/

    A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise.

    IPv6 might not be widely used, but Windows enables it by default and prioritizes it over the older IPv4 version, which has very serious security repercussions.

    If hackers have access to a single device on the network, even an IoT one, they can transform it into a fake configuration and DNS server. Windows computers will trust and prefer malicious instructions over the existing IPv4 configuration.

    Reply
  21. Tomi Engdahl says:

    Multiple Critical Flaws Hit Zero Trust Products from Check Point, Zscaler, and Netskope
    https://gbhackers.com/multiple-critical-flaws-hit-zero-trust-products/#google_vignette

    Reply
  22. Tomi Engdahl says:

    Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
    https://cybersecuritynews.com/flipper-zero-darkweb-firmware/#google_vignette

    A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.

    Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.

    Reply
  23. Tomi Engdahl says:

    “Consider the dropping of literally every bit of personal info you have… as a warning for people in the future.” https://trib.al/S4ODTvO

    Man’s Entire Life Destroyed After Downloading AI Software
    https://futurism.com/the-byte/life-destroyed-ai?fbclid=IwQ0xDSwMXmpVjbGNrAxeaVWV4dG4DYWVtAjExAAEetxCKpwZU-LDsdUhEbIcw-qCqNaHmm__qQGHo7BAqA9MDj98Lrs8_OJP2E1w_aem_F_keaXi_ug8u0DLjr_Dovw

    “It’s impossible to convey the sense of violation.”
    Last February, Disney employee Matthew Van Andel downloaded what seemed like a helpful AI tool from the developer site GitHub.

    Little did he know that the decision would totally upend his life — resulting in everything from his credit cards to social security number being leaked to losing his job, as the Wall Street Journal reports.

    The software, an AI image generator, worked as advertised. But embedded into its files was a piece of malware, which a tenacious hacker used to probe Van Andel’s password manager. Van Andel found out after the hacker, going by the name “Nullbulge,” sent him an ominous message on Discord, a chat and VoIP platform popular with gamers.

    That’s what alerted him that this wasn’t your typical spam message. In followup emails, the hacker threatened that if Van Andel didn’t give into their demands, he’d “end up on the net.”

    The next day, the hacker used Van Andel’s work credentials to perpetrate a massive data leak at Disney, dumping everything from private customer info to internal revenue numbers online. Van Andel’s personal info was caught in the mix, including financial accounts — suddenly barraged with unsolicited bills — his social media, and even his children’s Roblox logins.

    In a blog post, the hacker gloated about the attack, naming Van Andel.

    “1.1 terabytes of data, almost 10,000 channels, every message file possible, dumped,” wrote Nullbulge, per a WSJ screenshot. “We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special Matthew J Van Andel!”

    “Consider the dropping of literally every bit of personal info you have… as a warning for people in the future,” the hacker added.

    Van Andel claims that he immediately contacted Disney’s cybersecurity “fire team” after he received the threats from the hacker. Their investigation found nothing on his work computer, but they recommended Van Andel run a thorough check on his personal desktop.

    An anti-virus scan turned up the malware. But at that point, it was too late. The hacker had already gleaned enough to leak Disney’s data and ruin Van Andel’s life.

    Van Andel knew the only way the hacker could have gained such extensive access was through his password manager, 1Password. It turned out that Van Andel had failed to secure the software with two-factor authentication. The hacker likely emplaced a keylogging Trojan virus on his home computer via the AI tool, at which point they’d have “nearly unrestricted access,” a 1Password spokesman told WSJ.

    Eleven days after the leak, Disney called Van Andel to tell him he was fired, depriving him of about $200,000 in bonuses and his family’s healthcare. The company claimed that it found evidence that he’d accessed pornographic material on his work computer — claims that Van Andel firmly denies.

    “I’m the one who got hacked,”

    Reply
  24. Tomi Engdahl says:

    That wasn’t because of “AI” at all, it was because some guy downloaded sketchy software off GitHub that had malware baked into it. The whole thing was designed to steal personal info. That’s why it happened, not because he told an AI his secrets. The headline’s just clickbait.

    Reply
  25. Tomi Engdahl says:

    xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.

    Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations
    xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.
    https://www.forbes.com/sites/iainmartin/2025/08/20/elon-musks-xai-published-hundreds-of-thousands-of-grok-chatbot-conversations/?utm_source=ForbesMainFacebook&utm_medium=social&utm_campaign=socialflowForbesMainFB&fbclid=IwQ0xDSwMXzMZleHRuA2FlbQIxMQABHkapxvoSgc5gzGbBR7J1KYZmiRP5JUg-92ER1aFokhWim686hJ8fcNbq-Rp__aem_v7TJ2EJXgBuSfL42LkYWDA

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*