CyberNews: 19/08/2025 Edition

Published by Dunateo on 2025-08-19

Today’s roundup

Summary

Recent cybersecurity events that pose significant operational risk:
UK government abandons plan to force Apple to weaken iCloud encryption in response to US scrutiny; the order would have granted US citizens’ data access.
The ‘DripDropper’ group exploits a two‑year‑old Apache ActiveMQ vulnerability in Linux servers, installs malware, then patches the flaw themselves.
FreeVPN.One, a Chrome Web Store VPN extension, is discovered to have reprogrammed spyware, collecting and exfiltrating user data.
Australian ISP iiNet breached, exposing personal data of over 280,000 customers, triggering a regulatory response.
CISA lists CVE‑2025‑54948 and CVE‑2025‑54987 in Trend Micro Apex One as actively exploited command‑injection RCEs, with patches available but a fix tool pending.
Pharmaceutical company Inotiv confirms a ransomware incident that encrypted critical systems, prompting a disclosure to the SEC.