CyberNews: 04/09/2025 Edition

Published by Dunateo on 2025-09-04

Today’s roundup

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

Iran MOIS Phishes 50+ Embassies, Ministries, Int'l Orgs

Russia's APT28 Targets Microsoft Outlook With 'NotDoor' Malware

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Severe Hikvision HikCentral Product Flaws: What You Need to Know

Google Addressed Two Android Flaws Actively Exploited in Targeted Attacks

Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

Cookie Chaos: How to Bypass __Host and __Secure Cookie Prefixes

Scattered Spider-Linked Group Claims JLR Cyber-Attack

Summary

Cybersecurity researchers identified malicious actors exploiting X’s Grok AI to bypass ad protections and spread malware to millions, a technique dubbed 'Grokking.' CISA flagged TP-Link Archer and TL-WR841N router vulnerabilities (CVE-2023-50224, CVE-2025-9377) as actively exploited, urging immediate patching. Iran’s Homeland Justice APT conducted a global phishing campaign targeting over 50 embassies and international organizations using hijacked email accounts. Russian APT28 (Fancy Bear) deployed 'NotDoor' malware via Microsoft Outlook for covert data exfiltration. Malicious npm packages abused Ethereum smart contracts to target developers, hiding payloads in blockchain transactions. Critical HikCentral flaws (CVE-2025-39247) allowed unauthenticated attackers to gain admin rights, risking surveillance system control. Google patched two Android zero-days (CVE-2025-38352, CVE-2025-48543) under active exploitation. A new 'infostealer' malware variant captured victims’ webcam photos during NSFW browsing. PortSwigger revealed methods to bypass __Host/__Secure cookie defenses via encoding discrepancies. Scattered Spider affiliates claimed a cyberattack on JLR, demanding ransom for stolen data. All incidents underscore escalating threats to critical infrastructure, data privacy, and enterprise security.