A list of topics we covered in the week of August 18 to August 24 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (August 18 – August 24)
Malicious Go module, new Mirai botnet, Silk Typhoon exploits cloud
Malicious Go module steals credentials via Telegram Mirai-based botnet resurfaces targeting systems globally Silk Typhoon hackers exploit cloud trust to hack downstream customers Huge thanks to our sponsor, Prophet Security Ever feel like your security team is stuck in a…
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
Host David Shipley explores the latest in cybersecurity, including the rapid development of AI-generated exploits for critical vulnerabilities, record-high searches of digital devices at US borders, and a fired developer jailed for sabotaging his former employer. Additionally, the episode highlights…
UKGovernment Drops Demand for Apple iCloud Backdoor After US Pressure
UK ends push to force Apple to create iCloud backdoor for US citizens’ data after US opposition Introduction For months, the UK government attempted to… The post UKGovernment Drops Demand for Apple iCloud Backdoor After US Pressure appeared first on…
Grok AI Chats Appear In Public Searches
Hundreds of thousands of chats from xAI’s Grok chatbot appear on Google and other search engines, with no notice to users This article has been indexed from Silicon UK Read the original article: Grok AI Chats Appear In Public Searches
NIST Releases Lightweight Cryptography Standard for IoT Security
The National Institute of Standards and Technology (NIST) has formally published Special Publication 800-232, “Ascon-Based Lightweight Cryptography Standards for Constrained Devices,” establishing the first U.S. government benchmark for efficient cryptographic algorithms tailored to resource-constrained environments such as the Internet of…
Hackers Steal Windows Secrets and Credentials Undetected by EDR Detection
A cybersecurity researcher has unveiled a sophisticated new method for extracting Windows credentials and secrets that successfully evades detection by most Endpoint Detection and Response (EDR) solutions currently deployed in enterprise environments. The technique, dubbed “Silent Harvest,” leverages obscure Windows…
Happy Birthday Linux! 34 Years of Open-Source Power
August 25, 2025, marks the 34th anniversary of Linux, a project that began as a modest hobby and has grown into the bedrock of modern digital infrastructure. On this day in 1991, 21-year-old Finnish student Linus Torvalds posted to the…
Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents
Microsoft has disclosed a critical flaw in its Copilot agents’ governance framework that allows any authenticated user to access and interact with AI agents within an organization—bypassing intended policy controls and exposing sensitive operations to unauthorized actors. At the core…
Farmers Insurance Data Breach Impacts Over 1 Million People
Farmers New World Life Insurance and Farmers Group have filed separate data breach notifications with state authorities. The post Farmers Insurance Data Breach Impacts Over 1 Million People appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
KorPlug Malware Unmasked – TTPs, Control Flow, IOCs Exposed
A sophisticated malware strain known as KorPlug has emerged as a significant threat in the cybersecurity landscape, employing advanced obfuscation techniques to evade detection and complicate analysis efforts. This malware represents a particularly concerning development due to its implementation of…
Hackers Leverage SendGrid in Recent Attack to Harvest Login Credentials
A sophisticated credential harvesting campaign has emerged, exploiting the trusted reputation of SendGrid to deliver phishing emails that successfully bypass traditional email security gateways. The attack leverages SendGrid’s legitimate cloud-based email service platform to create authentic-looking communications that target unsuspecting…
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click remote code execution flaw affecting Apple’s image processing infrastructure. The vulnerability, discovered in Apple’s implementation of JPEG Lossless Decompression within the RawCamera.bundle, allows attackers…
Why a new AI tool could change how we test insider threat defenses
Insider threats are among the hardest attacks to detect because they come from people who already have legitimate access. Security teams know the risk well, but they often lack the data needed to train systems that can spot subtle patterns…
Why satellite cybersecurity threats matter to everyone
Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is…
IT Security News Hourly Summary 2025-08-25 06h : 2 posts
2 posts were published in the last hour 4:3 : New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies 4:3 : Australian university used Wi-Fi location data to identify student protestors
PoC Exploit and Technical Analysis Published for Apple 0-Day RCE Vulnerability
A critical zero-click remote code execution vulnerability in Apple’s iOS has been disclosed with a working proof-of-concept exploit, marking another significant security flaw in the company’s image processing capabilities. The vulnerability, tracked as CVE-2025-43300, affects Apple’s implementation of JPEG Lossless Decompression…
Critical Tableau Server Flaws Allows Malicious File Uploads
Salesforce has addressed multiple critical security vulnerabilities in Tableau Server and Desktop that could enable attackers to upload malicious files and execute arbitrary code. The vulnerabilities, disclosed on August 22, 2025, were proactively identified during a security assessment and patched…
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies
Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare. It’s essentially a walkthrough of offensive and defensive approaches to AI security. About the author John Sotiropoulos is the Head Of…
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer. It doesn’t create a full…
Smart manufacturing demands workers with AI and cybersecurity skills
The manufacturing sector is entering a new phase of digital transformation. According to Rockwell Automation’s 10th Annual State of Smart Manufacturing Report, 56% of manufacturers are piloting smart manufacturing initiatives, 20% have deployed them at scale, and another 20% are…
New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies
Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents. The feature addresses growing enterprise concerns about governance and security in AI agent…
Australian university used Wi-Fi location data to identify student protestors
PLUS: India bans ‘money’ games; SK Hynix cranks out 321-layer SSDs; Fastly re-thinking CDNs for Asia; and more! Asia In Brief Australia’s University of Melbourne last year used Wi-Fi location data to identify student protestors.… This article has been indexed…
How a scam hunter got scammed (Lock and Code S06E17)
This week on the Lock and Code podcast, we speak with Julie-Anne Kearns about what it felt like, as a scam hunter, to fall for a scam. This article has been indexed from Malwarebytes Read the original article: How a…