CyberNews: 04/09/2025 Edition
Today’s roundup
-
Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
Iran MOIS Phishes 50+ Embassies, Ministries, Int'l Orgs
Russia's APT28 Targets Microsoft Outlook With 'NotDoor' Malware
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Severe Hikvision HikCentral Product Flaws: What You Need to Know
Google Addressed Two Android Flaws Actively Exploited in Targeted Attacks
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn
Cookie Chaos: How to Bypass __Host and __Secure Cookie Prefixes
Scattered Spider-Linked Group Claims JLR Cyber-Attack
Summary
Cybersecurity researchers identified malicious actors exploiting X’s Grok AI to bypass ad protections and spread malware to millions, a technique dubbed 'Grokking.' CISA flagged TP-Link Archer and TL-WR841N router vulnerabilities (CVE-2023-50224, CVE-2025-9377) as actively exploited, urging immediate patching. Iran’s Homeland Justice APT conducted a global phishing campaign targeting over 50 embassies and international organizations using hijacked email accounts. Russian APT28 (Fancy Bear) deployed 'NotDoor' malware via Microsoft Outlook for covert data exfiltration. Malicious npm packages abused Ethereum smart contracts to target developers, hiding payloads in blockchain transactions. Critical HikCentral flaws (CVE-2025-39247) allowed unauthenticated attackers to gain admin rights, risking surveillance system control. Google patched two Android zero-days (CVE-2025-38352, CVE-2025-48543) under active exploitation. A new 'infostealer' malware variant captured victims’ webcam photos during NSFW browsing. PortSwigger revealed methods to bypass __Host/__Secure cookie defenses via encoding discrepancies. Scattered Spider affiliates claimed a cyberattack on JLR, demanding ransom for stolen data. All incidents underscore escalating threats to critical infrastructure, data privacy, and enterprise security.