This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
251 Comments
Tomi Engdahl says:
Dasha Litvinova / Associated Press:
Russia is “partially” restricting WhatsApp and Telegram calls, saying the apps are used “to deceive and extort money” and “in sabotage and terrorist activities” — Russian authorities announced Wednesday they were “partially” restricting calls …
Russia restricts calls via WhatsApp and Telegram, the latest step to control the internet
https://apnews.com/article/russia-internet-messenger-whatsapp-telegram-crackdown-2a89703deb1094af1b0206161efe2050
Tomi Engdahl says:
Jonathan Stempel / Reuters:
New York AG Letitia James sues Zelle, claiming that security lapses led to $1B+ in consumer fraud losses; the US CFPB dropped a similar case in March 2025 — Zelle was sued on Wednesday by New York Attorney General Letitia James, who said the electronic payment platform’s refusal …
New York sues Zelle, says security lapses led to $1 billion consumer fraud losses
https://www.reuters.com/sustainability/boards-policy-regulation/new-york-sues-zelle-says-security-lapses-led-1-billion-consumer-fraud-losses-2025-08-13/
James says Zelle ignored basic anti-fraud safeguards
BofA, Chase, Wells Fargo, other banks own Zelle parent
Zelle calls James’ claims meritless, touts safety
NEW YORK, Aug 13 (Reuters) – Zelle was sued on Wednesday by New York Attorney General Letitia James, who said the electronic payment platform’s refusal to adopt critical safety features enabled fraudsters to steal more than $1 billion from consumers.
The lawsuit in a New York state court in Manhattan followed the U.S. Consumer Financial Protection Bureau’s decision in March to drop a similar case.
James said Zelle’s parent and the banks knew for years that the platform was vulnerable to fraudsters but resisted basic safeguards, with the banks sometimes ignoring customer complaints while Zelle let fraudsters stay on the platform.
The result was “rampant” fraud that Zelle sometimes refused to address even after it occurred, despite its assurances it was a safe alternative to cash and checks and “backed by the banks, so you know it’s secure,” the complaint said.
Tomi Engdahl says:
Hadas Gold / CNN:
A US judge rules Infowars will go up for sale yet again, paving the way for The Onion to revive its bid for the conspiracy-driven outlet and its assets — Alex Jones’ far-right platform Infowars can be sold once again to help pay the more than $1 billion he owes the families …
Alex Jones’ Infowars will go up for sale yet again, judge rules
https://edition.cnn.com/2025/08/13/media/infowars-alex-jones-onion-sale-texas-judge
Alex Jones’ far-right platform Infowars can be sold once again to help pay the more than $1 billion he owes the families of Sandy Hook shooting victims, a Texas district court judge has ordered.
Judge Maya Guerra Gamble said in a Wednesday hearing that Infowars’ parent company, Free Speech Systems, will be turned over to a court-appointed receiver, who will be responsible for selling the assets and using the proceeds to pay Jones’ debts to the Sandy Hook families.
The order paves the way for The Onion to revive its bid for the conspiracy-driven outlet and its assets.
Last year, the satirical news outlet had initially won a court-mandated auction for Infowars’ parent company, backed by the Sandy Hook families. However, in December, a federal bankruptcy judge halted the sale, citing concerns with the auction process and disputes over the bids. The judge later said the families should pursue what they’re owed in state court rather than at the federal level.
The Onion had planned to turn Infowars into a humorous send-up of the conspiracy-driven right-wing media ecosystem that allows figures like Jones to flourish. Their plans have also included an exclusive advertising agreement with Everytown for Gun Safety, a gun-control advocacy group.
Tomi Engdahl says:
https://www.facebook.com/share/p/1Hu7vmFyAB/
Security researchers discovered McDonald’s AI hiring platform used the password ‘123456’ to protect backend systems.
It exposed up to 64 million job applicant records.
Security researchers Ian Carroll and Sam Curry discovered that these login details granted administrator-level access to sensitive information, including names, emails, phone numbers, and chat transcripts of job seekers interacting with the AI chatbot “Olivia,” operated by Paradox.ai.
Additionally, a vulnerability known as insecure direct object reference (IDOR) allowed the researchers to sequentially retrieve applicant records.
McDonald’s acted swiftly to disable the compromised credentials and patch the vulnerability after being notified. Still, the incident highlights a growing cybersecurity blind spot: poor management of non-human identities such as bots, service accounts, and API keys. In an era where machine identities vastly outnumber human users in cloud-native systems, the breach underscores the urgent need for stronger safeguards. Beyond reputational damage, McDonald’s faces potential regulatory fallout and legal scrutiny for the exposure of personally identifiable information. As AI adoption in hiring surges, this breach is a wake-up call for companies to prioritize identity and access security at every layer.
source
Greenberg, A. (2025, July 9). McDonald’s AI hiring bot exposed millions of applicants’ data to hackers who tried the password ‘123456’. Wired
Tomi Engdahl says:
Valtava riski – puolet löytyneistä USB-tikuista liitetään koneisiin
https://etn.fi/index.php/13-news/17780-valtava-riski-puolet-loeytyneistae-usb-tikuista-liitetaeaen-koneisiin
Tuntematonta USB-muistitikkua ei pidä koskaan liittää yrityksen tietokoneeseen. Silti kansainväliset tutkimukset osoittavat, että lähes puolet ihmisistä tekee niin.
Vuonna 2022 amerikkalaisen yliopiston ulkopuolelle levitettiin maahan 300 USB-muistitikkua. Niistä 98 prosenttia poimittiin ylös ja peräti 45 prosenttia kytkettiin tietokoneeseen. Kyberrikolliset hyödynsivät tikuissa houkuttelevia merkintöjä, kuten “luottamuksellinen” ja “tenttikysymysten ratkaisuja”, joiden tarkoituksena oli herättää uteliaisuus. Löytäjän oli lähes mahdotonta olla tutkimatta sisältöä – ja juuri siihen hyökkäys perustui.
Ruotsalainen it-tietoturvayritys Venorin vanhemman konsultin Philip Törnerin mukaan kyse on niin sanotusta USB-drop-hyökkäyksestä. Se on tekniikaltaan vanha mutta edelleen erittäin tehokas ja halpa tapa murtautua yritysten järjestelmiin. Hyökkäys perustuu siihen, että USB-tikkuun on tallennettu haittaohjelma, joka asentuu tietokoneelle, kun tikku kytketään ja tiedostoja avataan.
- Ongelmana on, ettei voida varmaksi tietää, suojaavatko tietokoneen tietoturvaominaisuudet tällaiselta hyökkäykseltä. Siksi paras neuvo on, ettei omaan tietokoneeseen tule koskaan liittää tuntematonta USB-muistitikkua. Ei koskaan eikä ikinä, Törner varoittaa.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/08/14/kiristyshaittaohjelmat-jyrkassa-kasvussa-heinakuussa/
Tomi Engdahl says:
‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks
The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset.
https://www.securityweek.com/madeyoureset-http2-vulnerability-enables-massive-ddos-attacks/
Tomi Engdahl says:
Passkey Login Bypassed via WebAuthn Process Manipulation
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security.
https://www.securityweek.com/passkey-login-bypassed-via-webauthn-process-manipulation/
Tomi Engdahl says:
Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam
During the April incident, hackers gained access to a digital system which remotely controls one of the dam’s valves and opened it to increase the water flow.
https://www.securityweek.com/norwegian-police-say-pro-russian-hackers-were-likely-behind-suspected-sabotage-at-a-dam/
Tomi Engdahl says:
https://www.facebook.com/share/p/19DbVgkThK/
So this, from a friend of mine, who happened to own the random number that some #ICE agent accidentally included in a thread on a raid. I believe CNN is investigating so hopefully more details to come. But thought I’d share here in case this goes unreported:
https://www.404media.co/ice-adds-random-person-to-group-chat-exposes-details-of-manhunt-in-real-time/
Tomi Engdahl says:
CISO Strategy
Tight Cybersecurity Budgets Accelerate the Shift to AI-Driven Defense
With cybersecurity budgets strained, organizations are turning to AI-powered automation to plug staffing gaps, maintain defenses, and survive escalating threats.
https://www.securityweek.com/tight-cybersecurity-budgets-accelerate-the-shift-to-ai-driven-defense/
Tomi Engdahl says:
IoT Security
Google Says Android pKVM Earns Highest Level of Security Assurance
Android pKVM has achieved SESIP Level 5 certification, which means it’s resistant to highly skilled, motivated, and funded attackers.
https://www.securityweek.com/google-says-android-pkvm-earns-highest-level-of-security-assurance/
Google announced this week that Android’s protected KVM (pKVM) has achieved SESIP Level 5 certification, claiming that it’s the first widely deployed security system to earn this level of assurance.
The Security Evaluation Standard for IoT Platforms (SESIP) is a security evaluation and certification framework designed for IoT products. SESIP defines five levels, from Level 1, which is based on self assessment, up to Levels 4 and 5, which require a rigorous evaluation.
“Achieving SESIP Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard,” Google explained.
It added, “A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access.”
pKVM is a security-focused virtualization technology used by Android for confidential computing, ensuring that sensitive data and processes remain protected even if the operating system is compromised.
Tomi Engdahl says:
https://hackaday.com/2025/08/15/this-week-in-security-the-ai-hacker-fortmajeure-and-project-zero/
Tomi Engdahl says:
https://www.securityweek.com/passkey-login-bypassed-via-webauthn-process-manipulation/
Tomi Engdahl says:
CISO Strategy
Tight Cybersecurity Budgets Accelerate the Shift to AI-Driven Defense
With cybersecurity budgets strained, organizations are turning to AI-powered automation to plug staffing gaps, maintain defenses, and survive escalating threats.
https://www.securityweek.com/tight-cybersecurity-budgets-accelerate-the-shift-to-ai-driven-defense/
Tomi Engdahl says:
https://hackaday.com/2025/08/15/this-week-in-security-the-ai-hacker-fortmajeure-and-project-zero/
One of the hot topics currently is using LLMs for security research. Poor quality reports written by LLMs have become the bane of vulnerability disclosure programs. But there is an equally interesting effort going on to put LLMs to work doing actually useful research. One such story is [Romy Haik] at ULTRARED, trying to build an AI Hacker. This isn’t an over-eager newbie naively asking an AI to find vulnerabilities, [Romy] knows what he’s doing. We know this because he tells us plainly that the LLM-driven hacker failed spectacularly.
The plan was to build a multi-LLM orchestra, with a single AI sitting at the top that maintains state through the entire process. Multiple LLMs sit below that one, deciding what to do next, exactly how to approach the problem, and actually generating commands for those tools. Then yet another AI takes the output and figures out if the attack was successful. The tooling was assembled, and [Romy] set it loose on a few intentionally vulnerable VMs.
I Built an AI Hacker. It Failed Spectacularly
https://www.ultrared.ai/blog/building-autonomous-ai-hacker
Tomi Engdahl says:
Microsoftin tekoälyssä on uhka
Tiedot paljastuvat, kun tekoäly käsittelee asiakirjaan upotettuja kehotteita.
https://www.iltalehti.fi/bitti/a/b9e05b65-e031-429d-a940-a597bdb3a738
Microsoftin tekoälyohjelmasta, Microsoft 365 Copilotista on löytynyt haavoittuvuus, joka edustaa uudenlaista uhkaa. Asiasta tiedottaa OSG Viestintä.
Check Point Researchin tutkijat ovat löytäneet uuden nollaklikkaushaavoittuvuuden, jossa haavoittuvuus ei vaadi yhtään klikkausta, latausta tai muita käyttäjän toimia.
– Nollaklikkaushaavoittuvuus, jossa hyökkääjän ei tarvitse houkutella käyttäjää avaamaan liitteitä tai klikkaamaan linkkejä, osoittaa, kuinka syvälle järjestelmiin integroidut tekoälyratkaisut voivat muodostaa uudenlaisen hyökkäyspinnan, OSG:n tiedotteessa kerrotaan.
Tiedot paljastuvat, kun Copilot käsittelee asiakirjaan upotettuja kehotteita, jotka ohjaavat tekoälyä “keksimään” vastauksia organisaatioon perustuen.
Tiedotteen mukaan tekoäly voidaan saada paljastamaan luottamuksellista organisaation sisäistä tietoa pelkästään prosessoimalla tietyllä tavalla muotoiltuja asiakirjoja, sähköposteja tai kalenterikutsuja.
Tomi Engdahl says:
Apple accidentally leaked its own top-secret hardware in software code—and it looks like we’re getting a slew of products across 7 categories
https://fortune.com/2025/08/14/apple-leaks-new-products-software-code-vision-pro-studio-display-homepod-tv-ipad/
Tomi Engdahl says:
Cisco’s Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole
Switchzilla’s summer of perfect 10s
https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/
Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands on vulnerable systems.
The vulnerability, tracked as CVE-2025-20265, received a critical 10.0 CVSS rating.
Tomi Engdahl says:
https://www.tomshardware.com/tech-industry/cyber-security/booking-com-customers-learn-the-hard-way-that-unicode-is-tricky
Tomi Engdahl says:
https://www.neowin.net/news/microsoft-shares-details-on-a-new-teams-mandatory-security-requirement-update/
Tomi Engdahl says:
https://cybersecuritynews.com/github-copilot-rce-vulnerability/
GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise
Tomi Engdahl says:
https://www.techradar.com/vpn/vpn-privacy-security/the-online-safety-act-isnt-just-about-age-verification-end-to-end-encryption-is-also-at-risk
Tomi Engdahl says:
https://www.404media.co/ice-adds-random-person-to-group-chat-exposes-details-of-manhunt-in-real-time/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/
Tomi Engdahl says:
https://www.phoronix.com/news/Intel-CPU-Microcode-August-2025
Tomi Engdahl says:
https://cybersecuritynews.com/hackers-weaponized-linux-webcams/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-0-click-ntlm-credential-leakage/
Tomi Engdahl says:
Novel 5G Attack Bypasses Need for Malicious Base Station
https://www.securityweek.com/novel-5g-attack-bypasses-need-for-malicious-base-station/
Researchers detailed a new 5G attack named Sni5Gect that can allow attackers to sniff traffic and cause disruption.
Tomi Engdahl says:
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
https://www.securityweek.com/hijacked-satellites-and-orbiting-space-weapons-in-the-21st-century-space-is-the-new-battlefield/
From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security
As Russia held its Victory Day parade this year, hackers backing the Kremlin hijacked an orbiting satellite that provides television service to Ukraine.
Instead of normal programing, Ukrainian viewers saw parade footage beamed in from Moscow: waves of tanks, soldiers and weaponry. The message was meant to intimidate and was an illustration that 21st-century war is waged not just on land, sea and air but also in cyberspace and the reaches of outer space.
Disabling a satellite could deal a devastating blow without one bullet, and it can be done by targeting the satellite’s security software or disrupting its ability to send or receive signals from Earth.
“If you can impede a satellite’s ability to communicate, you can cause a significant disruption,” said Tom Pace, CEO of NetRise, a cybersecurity firm focused on protecting supply chains.
“Think about GPS,” said Pace, who served in the Marines before working on cyber issues at the Department of Energy. “Imagine if a population lost that and the confusion it would cause.”
Tomi Engdahl says:
Workday Data Breach Bears Signs of Widespread Salesforce Hack
Workday appears to have joined the list of major companies that had their Salesforce instances targeted by hackers.
https://www.securityweek.com/workday-data-breach-bears-signs-of-widespread-salesforce-hack/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/08/15/eu-tiukentaa-alylaitteiden-tietoturvavaatimuksia/
Tomi Engdahl says:
Mikä voisi mennä vikaan? Espanja tallentaa salakuuntelunsa Huawein palvelimille
https://etn.fi/index.php/13-news/17792-mikae-voisi-mennae-vikaan-espanja-tallentaa-salakuuntelunsa-huawein-palvelimille
Espanjan hallituksen päätös antaa kiinalaiselle Huaweille 12,3 miljoonan euron arvoinen sopimus maan salakuuntelujärjestelmän ylläpidosta on herättänyt laajaa hämmennystä ja huolta sekä kotimaassa että liittolaisten keskuudessa. Päätöksen kohteena on SITEL-järjestelmä (Sistema Integrado de Interceptación de Telecomunicaciones), johon poliisi ja tiedusteluviranomaiset tallentavat vakaviin rikoksiin, terrorismiin ja järjestäytyneeseen rikollisuuteen liittyviä viestintätietoja.
Käytännössä Huawei vastaa jatkossa Espanjan herkimmän tiedusteluaineiston käsittelyyn käytettävistä palvelimista. Tilannetta pidetään monissa piireissä nurinkurisena, jopa absurdina. Euroopan unioni on jo vuosia varoittanut jäsenmaitaan Huawein ja toisen kiinalaisjätin, ZTE:n, laitteiden käytöstä erityisesti kriittisessä infrastruktuurissa. EU:n 5G-työkalupakki ja NIS 2 -direktiivi painottavat toimitusketjujen turvallisuutta ja “zero trust” -periaatetta, mutta jättävät lopulliset hankintapäätökset kansallisille viranomaisille. Espanja on tarttunut tähän liikkumavaraan tavalla, joka näyttää sivuuttavan liittolaisten huolen.
Monissa EU-maissa kehitys on kulkenut päinvastaiseen suuntaan. Ruotsissa Säpo ja puolustusvoimat estivät Huawein tukiasemien käytön 5G-verkoissa kansallisen turvallisuuden nimissä. Suomessa Huaweista on luovuttu vähin äänin, muun muassa yhteisverkon tukiasemaratkaisuissa. Myös Britannia, Yhdysvallat ja useat Itä-Euroopan maat ovat ajaneet Huawein pois kriittisistä verkoistaan kokonaan.
Tomi Engdahl says:
Vajaa puolet yrityksistä on ottanut kybervakuutuksen
https://etn.fi/index.php/13-news/17793-vajaa-puolet-yrityksistae-on-ottanut-kybervakuutuksen
Tietoturvayritys Arctic Wolfin tuoreen Cyber Insurance Outlook 2025 -raportin mukaan vain alle puolet yrityksistä on hankkinut kybervakuutuksen, vaikka kyberhyökkäysten määrä ja niistä aiheutuvat kustannukset kasvavat jatkuvasti. Raportin perusteella vain 47 prosentilla yrityksistä on kybervakuutus.
Euroopassa (erityisesti DACH-alueella) vakuutusten käyttö on yleisempää kuin Pohjois-Amerikassa, mutta kokonaisuudessaan markkina on vasta kypsymässä. Kybervakuutusten käyttö näkyy jo selvästi korvaustilastoissa. Vain 12 prosenttia vakuutetuista yrityksistä teki viimeisen vuoden aikana korvausvaatimuksen, mutta keskimääräinen vaatimus oli suuri, noin 205 000 dollaria eli lähes 190 000 euroa.
Korvauksia hakevista yrityksistä kaksi kolmesta joutui maksamaan korotettuja vakuutusmaksuja seuraavalla kaudella. Vakuutusalan toimijoista seitsemän kymmenestä arvioi, että korvausvaatimusten määrä kasvaa lähivuoden aikana, ja lähes yhtä moni uskoo vakuutusmaksujen nousevan samalla.
Tomi Engdahl says:
German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz
Hello loophole could let a rogue admin, or a pwned one, inject new facial scans
https://www.theregister.com/2025/08/07/windows_hello_hell_no/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-user-account-control-bypassed/
Tomi Engdahl says:
https://gbhackers.com/new-active-directory-attack-method/?fbclid=IwQ0xDSwMEFWFleHRuA2FlbQIxMAABHk2j21YKVogLGkS5cP08wnp13SFlCFVnh3eF8KUHKJKOP9bd2egrlsNZ0jiw_aem_dpahFLp0RHCuUqFZmMop0g#google_vignette
Tomi Engdahl says:
Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
https://cybersecuritynews.com/flipper-zero-darkweb-firmware/#google_vignette
Tomi Engdahl says:
Star leaky app of the week: StarDict
Fun feature found in Debian 13: send your selected text to China – in plaintext
https://www.theregister.com/2025/08/08/stardict_leaky_app_of_week/
Tomi Engdahl says:
The dead need right to delete their data so they can’t be AI-ified, lawyer says
Not everyone wants to be simulated after they’re gone
https://www.theregister.com/2025/08/09/dead_need_ai_data_delete_right/
Tomi Engdahl says:
https://cybersecuritynews.com/new-linux-kernel-vulnerability/
Tomi Engdahl says:
https://www.csoonline.com/article/4036868/black-hat-researchers-demonstrate-zero-click-prompt-injection-attacks-in-popular-ai-agents.html
Tomi Engdahl says:
https://www.theregister.com/2025/08/10/def_con_hackers_water_security/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
Tomi Engdahl says:
https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html
Tomi Engdahl says:
https://cybersecuritynews.com/bitunlocker-bypass-bitlocker/
Tomi Engdahl says:
https://www.forbes.com/sites/zakdoffman/2025/08/10/googles-gmail-warning-change-every-password-thats-on-this-list/
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/critical-flaw-cve-scoring
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/androids-pkvm-hypervisor-earns-sesip-level-5-security-certification/
Tomi Engdahl says:
Critical SSH vulnerabilities expose enterprise network infrastructure as patching lags
https://www.networkworld.com/article/4038192/critical-ssh-vulnerabilities-expose-enterprise-network-infrastructure-as-patching-lags.html