CyberNews: 04/09/2025 Edition

Published by Dunateo on 2025-09-04

Today’s roundup

Summary

Cybersecurity researchers identified malicious actors exploiting X’s Grok AI to bypass ad protections and spread malware to millions, a technique dubbed 'Grokking.' CISA flagged TP-Link Archer and TL-WR841N router vulnerabilities (CVE-2023-50224, CVE-2025-9377) as actively exploited, urging immediate patching. Iran’s Homeland Justice APT conducted a global phishing campaign targeting over 50 embassies and international organizations using hijacked email accounts. Russian APT28 (Fancy Bear) deployed 'NotDoor' malware via Microsoft Outlook for covert data exfiltration. Malicious npm packages abused Ethereum smart contracts to target developers, hiding payloads in blockchain transactions. Critical HikCentral flaws (CVE-2025-39247) allowed unauthenticated attackers to gain admin rights, risking surveillance system control. Google patched two Android zero-days (CVE-2025-38352, CVE-2025-48543) under active exploitation. A new 'infostealer' malware variant captured victims’ webcam photos during NSFW browsing. PortSwigger revealed methods to bypass __Host/__Secure cookie defenses via encoding discrepancies. Scattered Spider affiliates claimed a cyberattack on JLR, demanding ransom for stolen data. All incidents underscore escalating threats to critical infrastructure, data privacy, and enterprise security.