CyberNews: 19/08/2025 Edition
Today’s roundup
- U.K. Government Drops Apple Encryption Backdoor Order
- 'DripDropper' Hackers Patch Their Own Exploit
- Legitimate Chrome VPN Extension Turns to Browser Spyware
- Australian ISP iiNet Suffers Breach of 280,000+ Records
- U.S. CISA Adds Trend Micro Apex One Flaw to Known Exploited Vulnerabilities Catalog
- Drug Development Company Inotiv Reports Ransomware Attack to SEC
Summary
Recent cybersecurity events that pose significant operational risk:
UK government abandons plan to force Apple to weaken iCloud encryption in response to US scrutiny; the order would have granted US citizens’ data access.
The ‘DripDropper’ group exploits a two‑year‑old Apache ActiveMQ vulnerability in Linux servers, installs malware, then patches the flaw themselves.
FreeVPN.One, a Chrome Web Store VPN extension, is discovered to have reprogrammed spyware, collecting and exfiltrating user data.
Australian ISP iiNet breached, exposing personal data of over 280,000 customers, triggering a regulatory response.
CISA lists CVE‑2025‑54948 and CVE‑2025‑54987 in Trend Micro Apex One as actively exploited command‑injection RCEs, with patches available but a fix tool pending.
Pharmaceutical company Inotiv confirms a ransomware incident that encrypted critical systems, prompting a disclosure to the SEC.