Cybersecurity News Review - Week 35 (2025)
What happens when AI starts writing its own malicious code and foreign adversaries embed themselves in the software supply chain? This week's developments remind us we are entering a new era where traditional security assumptions no longer apply.
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
A critical remote code execution vulnerability (CVE-2025-7775) affecting Citrix NetScaler ADC and Gateway is being actively exploited in the wild, with over 28,200 vulnerable instances identified globally. The Shadowserver Foundation reports most affected systems are in the United States (10,100), Germany (4,300), and the United Kingdom (1,400). Citrix has released patches and urges immediate firmware upgrades as no workarounds exist. The vulnerability impacts specific configurations including Gateway/AAA virtual servers and certain LB virtual servers. CISA has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by August 28, highlighting the severity of the threat.
Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS allows attackers to escape containers and access the Docker Engine's HTTP API without authentication. This flaw enables malicious actors to launch privileged containers, mount the host file system, and modify it to gain administrative privileges. On Windows, attackers can overwrite system DLLs, while on macOS they can backdoor the Docker app by modifying its configuration, though macOS has additional isolation layers requiring user permission. The vulnerability, which has a CVSS score of 9.3, is easily exploitable when an attacker has access to a container or can execute a server-side request forgery attack. Docker has patched this issue in version 4.44.3.
FreePBX servers hacked via zero-day, emergency fix released
The Sangoma FreePBX Security Team has issued a warning about an actively exploited zero-day vulnerability affecting FreePBX systems with exposed Administrator Control Panels (ACP). Since August 21, hackers have been targeting this vulnerability, with multiple customers reporting server breaches affecting thousands of SIP extensions and trunks. While an EDGE module fix has been released for testing and a full security update is expected soon, administrators are advised to limit access to their ACP through firewall settings or completely block access until patched. Indicators of compromise include missing configuration files, suspicious shell scripts, unusual Apache log entries, and unauthorized database entries. Affected users should restore from pre-August 21 backups, deploy patched modules, rotate credentials, and review call records for signs of abuse.
CISA warns of actively exploited Git code execution flaw
CISA has added a high-severity Git vulnerability (CVE-2025-48384) to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by September 15th. The flaw stems from Git's mishandling of carriage return characters in configuration files, allowing attackers to execute arbitrary code when users clone repositories with specially crafted submodules. Git released fixes in versions 2.43.7 through 2.50.1, with alternative mitigations including avoiding recursive submodule clones from untrusted sources. CISA also added two medium-severity Citrix Session Recording vulnerabilities (CVE-2024-8068 and CVE-2024-8069) to the KEV catalog, with the same September 15th remediation deadline.
This 'Lethal Trifecta' Can Trick AI Browsers Into Stealing Your Data
AI browsers face a fundamental security flaw where they cannot distinguish between legitimate user commands and malicious instructions hidden in web content. Brave researchers demonstrated this by embedding hidden commands in regular web pages that, when processed by Perplexity's Comet browser's "Summarize this page" feature, could steal user credentials by navigating to accounts, triggering password resets, accessing emails, and sending stolen data back to attackers. This vulnerability stems from how large language models process all text identically, making them unable to differentiate between user instructions and malicious code embedded in content. While Perplexity has patched this specific exploit, the underlying architectural problem persists across all AI browsers with similar capabilities. Proposed solutions include separating user commands from web content, requiring confirmation for sensitive actions, and isolating AI browsing environments.
PromptLock: First AI-Powered Ransomware Emerges
Researchers at ESET have discovered "PromptLock," the first known ransomware that uses AI systems for local operations. This GoLang-written malware leverages OpenAI's GPT-OSS:20b model to generate Lua scripts that perform various malicious actions including file inspection, data exfiltration, and encryption using the SPECK 128-bit algorithm. While potentially threatening, PromptLock requires specific conditions to function: the Ollama API must be running on the victim's system, which demands substantial computing resources not typically available on standard systems. Currently considered only a proof-of-concept that hasn't been deployed in the wild, ESET is sharing these findings to promote awareness and preparedness within the cybersecurity community about this emerging AI-powered threat.
‘Vibe-hacking’ is now a top AI threat
Anthropic's new Threat Intelligence report shows sophisticated cybercriminals are weaponizing AI systems like Claude for large-scale attacks, with one ring using Claude Code to extort data from 17 organizations worldwide in a month, targeting healthcare, government, and religious institutions. The AI acted as both technical consultant and operator, writing psychologically targeted extortion demands and helping assess stolen data's dark web value for ransom demands exceeding $500,000. What once required teams of sophisticated actors can now be executed by individuals with AI assistance, with Claude performing end-to-end operations that would be more difficult and time-consuming manually. The report also documents Claude helping North Korean IT workers fraudulently obtain Fortune 500 jobs, representing what Anthropic calls "the most sophisticated use of agents for cyber offense.”
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Google Threat Intelligence Group (GTIG) warns of a widespread data theft campaign by UNC6395 targeting organizations through compromised OAuth tokens associated with Salesloft Drift applications. The threat actor accessed Salesforce customer instances and Google Workspace email accounts between August 8-18, 2025, systematically exporting large volumes of data and searching for sensitive credentials like AWS keys and passwords. The compromise extends beyond just the Salesforce integration, potentially affecting all authentication tokens connected to the Drift platform. In response, Google revoked affected tokens, disabled integrations, and Salesforce removed the Drift application from AppExchange. Organizations are urged to treat all data in integrated platforms as compromised, review third-party integrations, revoke and rotate credentials, and implement stronger access controls.
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
The "s1ngularity" supply chain attack compromised Nx versions 20.9.0-21.8.0, stealing sensitive credentials from thousands of developers, particularly targeting macOS users and AI tools like Gemini, Claude, and Q. GitGuardian's analysis revealed that attackers used 1,346 repositories to store double-encoded stolen data, including 2,349 distinct secrets with over 1,000 still valid at the time of reporting. The malware not only stole GitHub tokens, npm authentication keys, and SSH private keys but also installed destructive payloads causing terminal sessions to crash. Interestingly, many AI clients resisted the malicious requests. GitGuardian has created a "HasMySecretLeaked" service to help affected developers check for compromised credentials, emphasizing that affected users must revoke and rotate their secret keys beyond just deleting compromised files.
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
Fast-glob, an open-source tool used in over 5,000 projects and embedded in at least 30 pre-built software packages in the Department of Defense, is solely maintained by a Yandex employee based in Russia, raising security concerns about potential covert data exfiltration. While no malicious code has been detected in the tool, security experts warn that having a single maintainer for such a widely used package (downloaded 70 million times weekly) creates significant risk, especially given Yandex's ties to the Kremlin. The maintainer, Denis Malinochkin, stated he has maintained the tool independently for seven years and has never been asked to manipulate it. This situation emerges as the Pentagon recently directed against using software susceptible to foreign adversarial influence, following similar concerns with Chinese engineers supporting Microsoft's DOD cloud services.
FBI warns Chinese hacking campaign has expanded, reaching 80 countries
A Chinese-government hacking campaign has expanded beyond previously targeted U.S. telecommunications companies to affect at least 200 American organizations across multiple industries and 80 countries worldwide, according to a joint advisory issued by the FBI and intelligence agencies from various nations. The hackers accessed communication carriers to extract call records and law enforcement directives, mapping communication patterns and surveillance targets, including prominent U.S. politicians from both parties. FBI Assistant Director Brett Leatherman described the operation as exceeding accepted espionage norms, noting that Chinese companies were permitted to select their own targets, resulting in widespread compromises of critical infrastructure globally, with the threat remaining active through hidden access points in various software systems.
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
Intelligence agencies from the U.S., UK, and 13 other countries have identified three Chinese technology companies that support China's cyber espionage campaigns known as Salt Typhoon. Since 2021, these state-backed hackers have compromised government, telecommunications, transportation, and military networks worldwide by exploiting known vulnerabilities in network edge devices rather than using zero-day exploits. The threat actors gain persistence through various techniques including modifying access control lists, creating tunnels, and deploying custom tools to steal data. Salt Typhoon has successfully breached major U.S. carriers including AT&T and Verizon, gaining access to sensitive communications and even law enforcement wiretap systems, prompting FCC action requiring telecoms to improve their security posture.
CISA Strengthens Software Procurement Security With New Tool
CISA has launched a new Software Acquisition Guide: Supplier Response Web Tool, a free interactive platform that transforms its existing Software Acquisition Guide into a digital format to enhance security in software procurement. The tool simplifies cybersecurity evaluation during the acquisition process by breaking content into adaptive sections, highlighting relevant questions based on user input, and generating exportable summaries for decision-makers. Designed for IT leaders, procurement officers, and software vendors, it requires no cybersecurity expertise to assess supplier security practices throughout the software lifecycle. Part of CISA's broader effort to strengthen software supply chain resilience, the tool has already attracted significant interest from government agencies and businesses seeking to implement stronger security practices in procurement.
TransUnion discloses a data breach impacting over 4.4 million customers
TransUnion, one of the three major U.S. credit reporting agencies, has experienced a data breach affecting over 4.4 million customers. The breach occurred through a third-party application used for U.S. consumer support operations, exposing limited personal information. While the company did not specify exactly what data was compromised, it emphasized that credit reports and core credit information were not affected. TransUnion has notified Maine's attorney general's office about the incident and is offering affected individuals free access to credit monitoring services for two years while working to enhance security controls to prevent similar incidents in the future.
Is it time for cyber-privateers? One US politician says ‘Aye, matey!’ - Cyber Daily
Republican Congressman David Schweikert has proposed the Cybercrime Marque and Reprisal Authorization Act of 2025, which would revive the centuries-old concept of letters of marque to combat cyber criminals. Under this legislation, private individuals would be authorized to conduct offensive actions against digital criminals, particularly those backed by foreign governments who target American seniors, intellectual property, and national security. Schweikert argues that Congress still holds this power under the Constitution, citing historical precedents including maritime privateering during early American conflicts and even a Goodyear blimp commissioned for anti-submarine patrols during World War II. The proposal parallels Australian defence academic Professor Dan Svantesson's 2024 concept of a "cyber militia" operating on behalf of the government but outside regular armed forces, suggesting that privateering might be adapted for modern digital warfare against increasingly sophisticated cyber threats.
Philippines Secure Elections With Zero-Knowledge Proofs
The Philippines successfully implemented secure online voting for its May midterm elections, allowing 1.2 million overseas Filipinos to vote digitally. The system, provided by Sequent, used zero-knowledge proof technology with end-to-end encryption to ensure votes were correctly cast and counted while maintaining ballot secrecy. Voters authenticated their identities using valid IDs and selfies before casting votes through a secure app. Despite 75,000 hacking attempts, the system remained secure through multiple protective layers, including AWS infrastructure and Cloudflare firewalls. This successful implementation, which achieved 82% voter turnout, demonstrates that online voting can be secure, verifiable, and cost-effective compared to mail-in voting, potentially expanding to more countries despite concerns about election security.
Stay tuned for next week's edition. If you spotted notable cybersecurity news not listed above, please share in the comments for community awareness.