Today’s roundup

• U.K. Government Drops Apple Encryption Backdoor Order
• 'DripDropper' Hackers Patch Their Own Exploit
• Legitimate Chrome VPN Extension Turns to Browser Spyware
• Australian ISP iiNet Suffers Breach of 280,000+ Records
• U.S. CISA Adds Trend Micro Apex One Flaw to Known Exploited Vulnerabilities Catalog
• Drug Development Company Inotiv Reports Ransomware Attack to SEC

Summary

Recent cybersecurity events that pose significant operational risk:
UK government abandons plan to force Apple to weaken iCloud encryption in response to US scrutiny; the order would have granted US citizens’ data access.
The ‘DripDropper’ group exploits a two‑year‑old Apache ActiveMQ vulnerability in Linux servers, installs malware, then patches the flaw themselves.
FreeVPN.One, a Chrome Web Store VPN extension, is discovered to have reprogrammed spyware, collecting and exfiltrating user data.
Australian ISP iiNet breached, exposing personal data of over 280,000 customers, triggering a regulatory response.
CISA lists CVE‑2025‑54948 and CVE‑2025‑54987 in Trend Micro Apex One as actively exploited command‑injection RCEs, with patches available but a fix tool pending.
Pharmaceutical company Inotiv confirms a ransomware incident that encrypted critical systems, prompting a disclosure to the SEC.