Cyber security August 2025

This posting is here to collect cyber security news in August 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

104 Comments

  1. Tomi Engdahl says:

    Dasha Litvinova / Associated Press:
    Russia is “partially” restricting WhatsApp and Telegram calls, saying the apps are used “to deceive and extort money” and “in sabotage and terrorist activities” — Russian authorities announced Wednesday they were “partially” restricting calls …

    Russia restricts calls via WhatsApp and Telegram, the latest step to control the internet
    https://apnews.com/article/russia-internet-messenger-whatsapp-telegram-crackdown-2a89703deb1094af1b0206161efe2050

    Reply
  2. Tomi Engdahl says:

    Jonathan Stempel / Reuters:
    New York AG Letitia James sues Zelle, claiming that security lapses led to $1B+ in consumer fraud losses; the US CFPB dropped a similar case in March 2025 — Zelle was sued on Wednesday by New York Attorney General Letitia James, who said the electronic payment platform’s refusal …

    New York sues Zelle, says security lapses led to $1 billion consumer fraud losses
    https://www.reuters.com/sustainability/boards-policy-regulation/new-york-sues-zelle-says-security-lapses-led-1-billion-consumer-fraud-losses-2025-08-13/

    James says Zelle ignored basic anti-fraud safeguards
    BofA, Chase, Wells Fargo, other banks own Zelle parent
    Zelle calls James’ claims meritless, touts safety

    NEW YORK, Aug 13 (Reuters) – Zelle was sued on Wednesday by New York Attorney General Letitia James, who said the electronic payment platform’s refusal to adopt critical safety features enabled fraudsters to steal more than $1 billion from consumers.
    The lawsuit in a New York state court in Manhattan followed the U.S. Consumer Financial Protection Bureau’s decision in March to drop a similar case.

    James said Zelle’s parent and the banks knew for years that the platform was vulnerable to fraudsters but resisted basic safeguards, with the banks sometimes ignoring customer complaints while Zelle let fraudsters stay on the platform.

    The result was “rampant” fraud that Zelle sometimes refused to address even after it occurred, despite its assurances it was a safe alternative to cash and checks and “backed by the banks, so you know it’s secure,” the complaint said.

    Reply
  3. Tomi Engdahl says:

    Hadas Gold / CNN:
    A US judge rules Infowars will go up for sale yet again, paving the way for The Onion to revive its bid for the conspiracy-driven outlet and its assets — Alex Jones’ far-right platform Infowars can be sold once again to help pay the more than $1 billion he owes the families …

    Alex Jones’ Infowars will go up for sale yet again, judge rules
    https://edition.cnn.com/2025/08/13/media/infowars-alex-jones-onion-sale-texas-judge

    Alex Jones’ far-right platform Infowars can be sold once again to help pay the more than $1 billion he owes the families of Sandy Hook shooting victims, a Texas district court judge has ordered.

    Judge Maya Guerra Gamble said in a Wednesday hearing that Infowars’ parent company, Free Speech Systems, will be turned over to a court-appointed receiver, who will be responsible for selling the assets and using the proceeds to pay Jones’ debts to the Sandy Hook families.

    The order paves the way for The Onion to revive its bid for the conspiracy-driven outlet and its assets.

    Last year, the satirical news outlet had initially won a court-mandated auction for Infowars’ parent company, backed by the Sandy Hook families. However, in December, a federal bankruptcy judge halted the sale, citing concerns with the auction process and disputes over the bids. The judge later said the families should pursue what they’re owed in state court rather than at the federal level.

    The Onion had planned to turn Infowars into a humorous send-up of the conspiracy-driven right-wing media ecosystem that allows figures like Jones to flourish. Their plans have also included an exclusive advertising agreement with Everytown for Gun Safety, a gun-control advocacy group.

    Reply
  4. Tomi Engdahl says:

    https://www.facebook.com/share/p/1Hu7vmFyAB/

    Security researchers discovered McDonald’s AI hiring platform used the password ‘123456’ to protect backend systems.

    It exposed up to 64 million job applicant records.

    Security researchers Ian Carroll and Sam Curry discovered that these login details granted administrator-level access to sensitive information, including names, emails, phone numbers, and chat transcripts of job seekers interacting with the AI chatbot “Olivia,” operated by Paradox.ai.

    Additionally, a vulnerability known as insecure direct object reference (IDOR) allowed the researchers to sequentially retrieve applicant records.

    McDonald’s acted swiftly to disable the compromised credentials and patch the vulnerability after being notified. Still, the incident highlights a growing cybersecurity blind spot: poor management of non-human identities such as bots, service accounts, and API keys. In an era where machine identities vastly outnumber human users in cloud-native systems, the breach underscores the urgent need for stronger safeguards. Beyond reputational damage, McDonald’s faces potential regulatory fallout and legal scrutiny for the exposure of personally identifiable information. As AI adoption in hiring surges, this breach is a wake-up call for companies to prioritize identity and access security at every layer.

    source
    Greenberg, A. (2025, July 9). McDonald’s AI hiring bot exposed millions of applicants’ data to hackers who tried the password ‘123456’. Wired

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*