This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
191 Comments
Tomi Engdahl says:
https://www.phoronix.com/news/Linux-ASI-Lower-Overhead
Tomi Engdahl says:
https://cybersecuritynews.com/soupdealer-malware-bypasses-every-sandbox/
Tomi Engdahl says:
Microsoft Dissects PipeMagic Modular Backdoor
https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/
PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility.
Microsoft has delved into the inner workings of PipeMagic, a modular backdoor used in multiple ransomware attacks since the beginning of this year.
Posing as a legitimate open source ChatGPT Desktop Application, PipeMagic is a sophisticated malware framework that provides attackers with persistent access to the compromised system.
The backdoor uses modules for its various capabilities, such as command-and-control (C&C) communication, and is able to dynamically execute payloads and provide the attackers with granular control over code execution, Microsoft explains.
“By offloading network communication and backdoor tasks to discrete modules, PipeMagic maintains a modular, stealthy, and highly extensible architecture, making detection and analysis significantly challenging,” the company notes.
Tomi Engdahl says:
Data Breaches
1.1 Million Unique Records Identified in Allianz Life Data Leak
https://www.securityweek.com/1-1-million-unique-records-identified-in-allianz-life-data-leak/
Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life.
Tomi Engdahl says:
https://www.securityweek.com/australias-tpg-telecom-investigating-iinet-hack/
Tomi Engdahl says:
Gabbard Says UK Scraps Demand for Apple to Give Backdoor Access to Data
Britain abandoned its demand that Apple provide backdoor access to any encrypted user data stored in the cloud.
https://www.securityweek.com/gabbard-says-uk-scraps-demand-for-apple-to-give-backdoor-access-to-data/
Tomi Engdahl says:
https://www.securityweek.com/gambling-tech-firm-bragg-discloses-cyberattack/
Tomi Engdahl says:
Hacktivist Sentenced to 20 Months of Prison in UK
https://www.securityweek.com/hacktivist-sentenced-to-20-months-of-prison-in-uk/
Al-Tahery Al-Mashriky of the Yemen Cyber Army has been accused of hacking into and defacing many websites as part of hacktivist campaigns.
Tomi Engdahl says:
https://www.securityweek.com/new-exploit-poses-threat-to-sap-netweaver-instances/
Tomi Engdahl says:
New Research Links VPN Apps, Highlights Security Deficiencies
https://www.securityweek.com/new-research-links-vpn-apps-highlights-security-deficiencies/
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications.
Nearly two dozen VPN applications in Google Play contain security weaknesses impacting the privacy of their users, exposing transmitted data to decryption, a new Citizen Lab report shows.
Furthermore, the VPN providers that offer these applications can be linked to one another, although they claim to be separate entities and use various means to hide their true identities.
Starting from previous reports linking Innovative Connecting, Autumn Breeze, and Lemon Clove, three VPN providers claiming to be based in Singapore, to a Chinese national, Citizen Lab’s analysis identified additional connections between their applications, and linked other VPN apps and their providers.
According to Citizen Lab’s report (PDF), eight VPN applications from Innovative Connecting, Autumn Breeze, and Lemon Clove share code, dependencies, and hardcoded passwords, potentially allowing attackers to decrypt the traffic of their users. These apps have over 380 million combined downloads in Google Play.
Tomi Engdahl says:
https://www.securityweek.com/help-desk-at-risk-scattered-spider-shines-light-on-overlook-threat-vector/
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector
As attackers target help desks and identity systems, traditional security perimeters are proving insufficient against agile, socially-engineered threats.
Tomi Engdahl says:
Robert McMillan / Wall Street Journal:
Federal prosecutors charge an Oregon man with operating the Rapper Bot, one of the most powerful DDoS botnets ever seen, which knocked X offline earlier in 2025 — The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
The Rapper Bot network knocked out Elon Musk’s X social-media site earlier this year, cybersecurity researchers say
https://www.wsj.com/tech/oregon-man-accused-of-operating-one-of-most-powerful-attack-botnets-ever-seen-380b2caf?st=TeAk2p&reflink=desktopwebshare_permalink
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17794-microsoftin-copilotista-loeytyi-vakava-haavoittuvuus
Microsoftin 365 Copilotista paljastui kesällä vakava EchoLeak-haavoittuvuus, mutta yhtiö on jo paikannut sen. Kyseessä oli niin sanottu zero-click-tyyppinen hyökkäys, joka mahdollisti yritysten arkaluontoisen tiedon vuotamisen ilman käyttäjän minkäänlaista toimintaa.
Haavoittuvuuden löysi alun perin israelilainen kyberturvayhtiö AIM Security, ja sen laajempia vaikutuksia on sittemmin arvioinut muun muassa tietoturvayhtiö Check Pointin tutkimuslaitos. Haavoittuvuus tunnetaan tunnuksella CVE-2025-32711 ja lempinimellä EchoLeak.
Tomi Engdahl says:
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/
Tomi Engdahl says:
Vulnerabilities
Intel Employee Data Exposed by Vulnerabilities
A researcher said he found vulnerable internal services that exposed the information of 270,000 Intel employees.
https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17799-varo-verkkokauppojen-halpoja-reitittimiae
Share on Facebook Share on Twitter Share on LinkedIn
Varo verkkokauppojen halpoja reitittimiä
Julkaistu: 20.08.2025
Devices Networks
Kuituoperaattori Valoo varoittaa halpakaupoista ostetuista verkkolaitteista: ne voivat vaarantaa koko kotiverkon tietoturvan. Yhä useammin ulkomaisista verkkokaupoista hankitut reitittimet, digiboksit ja valvontakamerat osoittautuvat ongelmallisiksi. Pahimmillaan internetyhteys joudutaan katkaisemaan, jos laite saastuu ja alkaa osallistua kyberrikollisten hyökkäyksiin.
Myös asiantuntijat muistuttavat, ettei ongelma rajoitu vain kiinalaisiin verkkokauppoihin. Etteplanin myyntijohtaja Antti Tolvanen huomauttaa, että halpoja ja suojaamattomia laitteita voi päätyä markkinoille monenlaisten nettikanavien kautta, myös Euroopasta käsin.
- RED 3(3)def -direktiivin uudet vaatimukset pyrkivät parantamaan tilannetta, mutta esimerkiksi kiinalaiset toimijat eivät välitä EU:n säännöksistä. Silti tärkein ohje on yksinkertainen: hanki verkkolaite uskottavalta EU/ETA-toimijalta, esimerkiksi operaattorilta, Tolvanen sanoo.
Jos verkkokaupan kautta tilattu laite ei täytä säädöksiä, radiolain mukaan vastuu on lähtökohtaisesti myyjällä. Käyttäjälle ei ole säädetty rangaistuksia laitteen käytöstä, mutta hän voi silti menettää nettiyhteytensä, jos operaattori joutuu sulkemaan sen.
– Emme tee tätä kiusallamme, vaan asiakkaan eduksi. Yhteys avataan, kun laite on turvassa, Kim Heikkinen sanoo.
Tomi Engdahl says:
https://hackaday.com/2025/08/20/death-of-the-cheque-australia-moves-on/
Tomi Engdahl says:
Europol Says Qilin Ransomware Reward Fake
A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.
https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/
Tomi Engdahl says:
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.
https://www.securityweek.com/gpt-5-has-a-vulnerability-it-may-not-be-gpt-5-answering-your-call/
Tomi Engdahl says:
Slow and Steady Security: Lessons from the Tortoise and the Hare
By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.
https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/
Tomi Engdahl says:
Elastic Refutes Claims of Zero-Day in EDR Product
Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.
https://www.securityweek.com/elastic-refutes-claims-of-zero-day-in-edr-product/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/08/21/sahkoautojen-latausinfrassa-voi-piilla-kyberuhkia/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17804-tietojen-kalastelusta-on-tullut-ammattimaista-palvelua
Tomi Engdahl says:
Wi-Fi tunnistaa henkilön ilman kameraa
https://etn.fi/index.php/13-news/17803-wi-fi-tunnistaa-henkiloen-ilman-kameraa
Rooman Sapienza-yliopiston tutkijat ovat kehittäneet WhoFi-järjestelmän, joka kykenee tunnistamaan ihmiset ilman kameraa pelkästään Wi-Fi-signaalien avulla. Ratkaisu hyödyntää langattomien reitittimien tuottamaa Channel State Information (CSI) -dataa, joka sisältää yksilöllisiä piirteitä ihmisen kehon rakenteesta, liikkeistä ja jopa sisäisestä koostumuksesta.
Käytännössä Wi-Fi-signaalin kulku vääristyy eri tavoin riippuen siitä, kuka sen tiellä liikkuu – ja tämä vääristymä toimii henkilön ainutlaatuisena “radiobiometrisena allekirjoituksena”.
Tomi Engdahl says:
Nathaniel Mott / Tom’s Hardware:
GFW Report: on August 20, China’s Great Firewall blocked all TCP port 443 traffic, used for HTTPS, for ~74 minutes, an unusual move; the cause may be accidental
China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
News
By Nathaniel Mott published 21 hours ago
The cause of the incident could be intentional or accidental
https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention
Tomi Engdahl says:
Turning Human Vulnerability Into Organizational Strength
Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
https://www.darkreading.com/vulnerabilities-threats/human-vulnerability-organizational-strength
Tomi Engdahl says:
https://www.cnx-software.com/2025/08/08/disruptorx-v2-an-esp32-based-ble-penetration-testing-device-with-sour-apple-exploit-mode/
Tomi Engdahl says:
https://www.forbes.com/sites/zakdoffman/2025/08/16/microsoft-issues-free-update-offer-to-millions-of-windows-users/
Tomi Engdahl says:
https://cybernews.com/security/featured-chrome-vpn-cought-spying-on-users/
Tomi Engdahl says:
FBI warns of Russian hacks targeting US critical infrastructure
https://www.reuters.com/world/us/fbi-warns-russian-hacks-targeting-us-critical-infrastructure-2025-08-20/
Tomi Engdahl says:
China’s Great Firewall blocked all traffic to a common HTTPS port for over an hour, severing connection to the outside world — with no hint as to its intention
News
By Nathaniel Mott published 2 days ago
The cause of the incident could be intentional or accidental
https://www.tomshardware.com/tech-industry/cyber-security/chinas-great-firewall-blocked-all-traffic-to-a-common-https-port-for-over-an-hour-with-no-hint-as-to-its-intention
Tomi Engdahl says:
China cut itself off from the global internet for an hour on Wednesday
Great Firewall took out all traffic to port 443 at a time Beijing didn’t have an obvious need to keep its netizens in the dark
https://www.theregister.com/2025/08/21/china_port_443_block_outage/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-remote-desktop-services-vulnerability-deny/#google_vignette
Tomi Engdahl says:
Windows lets anyone on your WiFi hijack your connection with IPv6
https://cybernews.com/security/hackers-can-abuse-ipv6-to-hijack-networks/
A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise.
IPv6 might not be widely used, but Windows enables it by default and prioritizes it over the older IPv4 version, which has very serious security repercussions.
If hackers have access to a single device on the network, even an IoT one, they can transform it into a fake configuration and DNS server. Windows computers will trust and prefer malicious instructions over the existing IPv4 configuration.
Tomi Engdahl says:
https://www.lightreading.com/open-ran/researchers-recap-some-security-downsides-to-open-ran
Tomi Engdahl says:
Multiple Critical Flaws Hit Zero Trust Products from Check Point, Zscaler, and Netskope
https://gbhackers.com/multiple-critical-flaws-hit-zero-trust-products/#google_vignette
Tomi Engdahl says:
https://blog.trailofbits.com/2025/08/08/buttercup-is-now-open-source/
Tomi Engdahl says:
Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
https://cybersecuritynews.com/flipper-zero-darkweb-firmware/#google_vignette
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Tomi Engdahl says:
“Consider the dropping of literally every bit of personal info you have… as a warning for people in the future.” https://trib.al/S4ODTvO
Man’s Entire Life Destroyed After Downloading AI Software
https://futurism.com/the-byte/life-destroyed-ai?fbclid=IwQ0xDSwMXmpVjbGNrAxeaVWV4dG4DYWVtAjExAAEetxCKpwZU-LDsdUhEbIcw-qCqNaHmm__qQGHo7BAqA9MDj98Lrs8_OJP2E1w_aem_F_keaXi_ug8u0DLjr_Dovw
“It’s impossible to convey the sense of violation.”
Last February, Disney employee Matthew Van Andel downloaded what seemed like a helpful AI tool from the developer site GitHub.
Little did he know that the decision would totally upend his life — resulting in everything from his credit cards to social security number being leaked to losing his job, as the Wall Street Journal reports.
The software, an AI image generator, worked as advertised. But embedded into its files was a piece of malware, which a tenacious hacker used to probe Van Andel’s password manager. Van Andel found out after the hacker, going by the name “Nullbulge,” sent him an ominous message on Discord, a chat and VoIP platform popular with gamers.
That’s what alerted him that this wasn’t your typical spam message. In followup emails, the hacker threatened that if Van Andel didn’t give into their demands, he’d “end up on the net.”
The next day, the hacker used Van Andel’s work credentials to perpetrate a massive data leak at Disney, dumping everything from private customer info to internal revenue numbers online. Van Andel’s personal info was caught in the mix, including financial accounts — suddenly barraged with unsolicited bills — his social media, and even his children’s Roblox logins.
In a blog post, the hacker gloated about the attack, naming Van Andel.
“1.1 terabytes of data, almost 10,000 channels, every message file possible, dumped,” wrote Nullbulge, per a WSJ screenshot. “We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special Matthew J Van Andel!”
“Consider the dropping of literally every bit of personal info you have… as a warning for people in the future,” the hacker added.
Van Andel claims that he immediately contacted Disney’s cybersecurity “fire team” after he received the threats from the hacker. Their investigation found nothing on his work computer, but they recommended Van Andel run a thorough check on his personal desktop.
An anti-virus scan turned up the malware. But at that point, it was too late. The hacker had already gleaned enough to leak Disney’s data and ruin Van Andel’s life.
Van Andel knew the only way the hacker could have gained such extensive access was through his password manager, 1Password. It turned out that Van Andel had failed to secure the software with two-factor authentication. The hacker likely emplaced a keylogging Trojan virus on his home computer via the AI tool, at which point they’d have “nearly unrestricted access,” a 1Password spokesman told WSJ.
Eleven days after the leak, Disney called Van Andel to tell him he was fired, depriving him of about $200,000 in bonuses and his family’s healthcare. The company claimed that it found evidence that he’d accessed pornographic material on his work computer — claims that Van Andel firmly denies.
“I’m the one who got hacked,”
Tomi Engdahl says:
That wasn’t because of “AI” at all, it was because some guy downloaded sketchy software off GitHub that had malware baked into it. The whole thing was designed to steal personal info. That’s why it happened, not because he told an AI his secrets. The headline’s just clickbait.
Tomi Engdahl says:
xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.
Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations
xAI made people’s conversations with its chatbot public and searchable on Google without warning — including a detailed plan for the assassination of Elon Musk and explicit instructions for making fentanyl and bombs.
https://www.forbes.com/sites/iainmartin/2025/08/20/elon-musks-xai-published-hundreds-of-thousands-of-grok-chatbot-conversations/?utm_source=ForbesMainFacebook&utm_medium=social&utm_campaign=socialflowForbesMainFB&fbclid=IwQ0xDSwMXzMZleHRuA2FlbQIxMQABHkapxvoSgc5gzGbBR7J1KYZmiRP5JUg-92ER1aFokhWim686hJ8fcNbq-Rp__aem_v7TJ2EJXgBuSfL42LkYWDA