Cyber News 17OCT2025

General

• YouTube Outage
  • https://www.bleepingcomputer.com/news/google/youtube-is-down-worldwide-with-playback-error/
  • https://mastodon.social/@netblocks/115380912092569430
• ASP.Net Core - patch the Kestrel web server - CVSS 9.9 from request smuggling
  • https://www.theregister.com/2025/10/16/microsoft_aspnet_core_vulnerability/
• Crypto-currency ATM's as a scam enabler
  • https://edition.cnn.com/interactive/2025/10/us/crypto-atm-scams-companies-profit-invs-vis/
• KH - Cambodia to repatriate Korean citizens from scam compounds
  • https://therecord.media/cambodia-repatriating-south-koreans-scam-compounds
• KO - Meanwhile Korea bans travel to parts of Cambodia
  • https://asia.nikkei.com/spotlight/society/crime/seoul-bans-travel-to-parts-of-cambodia-due-to-scam-center-traps
• NKO - Using ethereum for malware distribution, hackers use EtherHiding to hide malware on the blockchain
  • https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
  • https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/
  • https://therecord.media/north-korean-hackers-using-blockchain-hiding-malware
• RU - With friends like these....CN hacking RU
  • https://therecord.media/rare-china-linked-intrusion-russian-tech-firms
• UK - Sotheby's (auction house) suffered a data breach in July. Nothing listed on any of the usual ransom sites (yet).
  • https://www.bleepingcomputer.com/news/security/auction-giant-sothebys-says-data-breach-exposed-customer-information/
  • https://www.theregister.com/2025/10/16/sothebys_breach/
• US - Unleash the Hounds - US Group 78 taking the fight to the cyber crims
  • https://archive.is/UKEmz
• AU - Sounds as though AU has unleashed the hounds as well
  • https://www.theaustralian.com.au/special-reports/defence/asd-leads-global-strike-on-cyber-crooks/news-story/a2a68a1a0d74788173cda6b8c5c0c2f8?btr=5ac699c73aa5709dc8ae4f4daee2ed6b
• US - Prosper (peer-to-peer lending) breached, PII stolen, still investigating scale.
  • https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-prosper-data-breach-impacting-176-million-accounts/
  • https://haveibeenpwned.com/Breach/Prosper

Getting Techy

• Always a fun read - watchTowr Labs pulls apart a CVE in WatchGuard VPN
  • https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/

Geo-Politics

• US - Dominion Systems (Voting Machines) has been sold, and renamed
  • https://www.wired.com/story/scott-leiendecker-dominion-liberty-votes/

Privacy

• Ring (Doorbells) to partner with Flock (surveillance platform for law enforcement).
  • https://therecord.media/ring-partner-flock-law-enforcement-video

AI

• Learn a bit more about the phases of LLM processing - combining a Mac Studio with Nvidia DGX
  • https://blog.exolabs.net/nvidia-dgx-spark/
• AI bots and bad recommendations - who could have predicted it?
  • https://www.404media.co/reddit-answers-ai-suggests-users-try-heroin/
• Microsoft CoPilot exploits inbound (maybe the next ‘click fix’)….Microsoft debuts Copilot Actions for agentic AI-driven Windows tasks
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-debuts-copilot-actions-for-agentic-ai-driven-windows-tasks/
• Microsoft adds Copilot voice activation on Windows 11 PCs
  • https://www.bleepingcomputer.com/news/security/microsoft-adds-hey-copilot-wake-word-to-windows-11-pcs/
  • https://www.theverge.com/news/799768/microsoft-windows-ai-copilot-voice-vision-launch