CyberNews: 20/08/2025 Edition
Today’s roundup
- Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts
- North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
- Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit
- Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack
- Exploit weaponizes SAP NetWeaver bugs for full system compromise
- Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
- Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
- Europe's Ransomware Surge Is a Warning Shot for US Defenders
- Hackers Weaponize QR Codes in New 'Quishing' Attacks
Summary
The following key cybersecurity incidents highlight elevated threats and new vulnerabilities.
North Korea used GitHub to spear‑phish 19 diplomatic staff via convincing meeting invites from March‑July 2025.
A 22‑year‑old Oregon man, Ethan Foltz, ran a botnet‑for‑hire 370,000 DDoS attacks; DOJ charged him on Aug. 20, 2025.
Warlock ransomware exploited a SharePoint toolShell flaw, gaining persistence in unpatched on‑prem SharePoint, and was seen globally.
Pharmaceutical research firm Inotiv suffered a Qilin ransomware attack on Aug. 8, 2025, encrypting systems and stealing ~176 GB of data.
A chained exploit for SAP NetWeaver (CVE‑2025‑31324 & CVE‑2025‑42999) bypasses auth, enables RCE, and was patched in April 2025.
Amazon Q Developer for VS Code contains invisible prompt injection via Unicode tags, allowing arbitrary code execution; a patch was released Aug. 8,2025.
Guardio Labs demonstrated PromptFix, a new AI browser prompt injection that tricks AI models using fake CAPTCHAs.
A Belgian telecom customer data breach exposed 850,000 accounts, leaking names, phone numbers and SIM details.
The surge in ransomware across Europe acted as a warning for US defenders, urging layered defenses and swift patching.
New quishing techniques split QR codes or embed malicious ones, expanding phishing vectors.