Cyber News 24OCT2025

General

• AWS Report on the recent outage
  • https://aws.amazon.com/message/101925/
• Sensible move from Microsoft - don't preview content sourced from untrusted locations (presumably using Mark of the Web)
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
• Unit 42 takes a look at a large Smishing operation with click-fix and fake charges. Number and short-lifetime of domains is interesting
  • https://unit42.paloaltonetworks.com/global-smishing-campaign/
• YouTube removes fake tutorials misleading users into installing infostealers
  • https://www.theregister.com/2025/10/23/youtube_ghost_network_malware/
• JIRA on-premises arbitrary file-write (CVSS 8.7)
  • https://cyberpress.org/critical-jira-vulnerability-enables-arbitrary-file-modification-via-jvm-access/
  • https://nvd.nist.gov/vuln/detail/CVE-2025-22167
  • https://jira.atlassian.com/browse/JSWSERVER-26552
• [NKO] Switching the targeting of their fake-job interview attacks from crypt-currency to the defence (UAV) sector
  • https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
• [US] Impact of government workforce cuts - US is going backwards in cyber
  • https://www.theregister.com/2025/10/23/trumps_workforce_cuts_blamed_in_report/
• [US] Binance CEO plead guilty to AML, now pardoned by Trump
  • https://therecord.media/changpeng-zhao-former-binance-ceo-pardoned-donald-trump
  • https://www.justice.gov/archives/opa/pr/binance-and-ceo-plead-guilty-federal-charges-4b-resolution
• [US] More investigations inside L3 Harris. This time a step further up the hierarchy
  • https://techcrunch.com/2025/10/23/u-s-government-accuses-former-l3harris-cyber-boss-of-stealing-trade-secrets/
    • https://www.documentcloud.org/documents/26194391-peter-williams-criminal-information-doj/
  • (Yesterday's article) https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/

Retro Corner

• Remember DNS Cache Poisoning? It's back in BIND and unbound.
  • https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/
  • https://cyberpress.org/multiple-bind-9-flaws-allow-cache-poisoning-and-dos-attacks/
  • https://kb.isc.org/docs/cve-2025-40778
  • https://kb.isc.org/docs/cve-2025-40780
  • https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt

Privacy

• "Universe", the 'Privacy Browser' that's anything but private
  • (Wired) https://archive.li/MOjex
• More facial verification implementations - this time Tinder. Part of "Match Group", looks as though this is being implemented across all their brands. Let's hope this doesn't leak data.
  • https://therecord.media/tinder-face-check-tool-expanding-to-more-states
  • https://www.tinderpressroom.com/2025-10-22-Tinder-to-Expand-Facial-Verification-Feature-Across-the-U-S-,-Setting-a-New-Standard-for-Dating-Safety

Video selfies are used only to complete the verification process and are deleted shortly after review. A non-reversible, encrypted face map and face vector are stored solely to help verify new photos, detect fraud, and prevent duplicate accounts.

• Removing the safety LED from Meta/Ray Ban's glasses. Yet more proof that possession beats any local controls.
  • (404 Media) https://archive.li/3O9mw
• [PL] Former Deputy Justice Minister charged with channelling funds, meant for crime victims, to purchase Pegasus spyware
  • https://therecord.media/former-polish-official-indicted-spyware-probe

AI

• [US] Court record-preservation order on OpenAI is terminated, so they no longer have to record and retain all OpenAI sessions. (Some selective recording and retention to remain)
  • https://www.engadget.com/ai/openai-no-longer-has-to-preserve-all-of-its-chatgpt-data-with-some-exceptions-192422093.html
• [US] ...and now the DHS wants information from OpenAI on a user's chat history
  • https://cyberpress.org/new-dhs-warrant-asks-openai/
• More AI you don't want, no-one asked for...Clippy take 3 (counting Cortana as 2)... meet 'Mico'
  • https://www.bleepingcomputer.com/news/microsoft/meet-the-new-clippy-microsoft-unveils-copilots-mico-avatar/
• How OpenAI is addressing prompt-injection risks in their new Atlas browser (still sounds like a bunch of ‘hope’ and ‘too hard - delegate to user’)
  • https://x.com/cryps1s/status/1981037851279278414
  • https://simonwillison.net/2025/Oct/22/openai-ciso-on-atlas/#atom-everything
• Brave - AI Browser security is still a problem….Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
  • https://brave.com/blog/unseeable-prompt-injections/
  • https://simonwillison.net/2025/Oct/21/unseeable-prompt-injections/#atom-everything
• More AI browser attacks - this time via overlays
  • https://www.bleepingcomputer.com/news/security/spoofed-ai-sidebars-can-trick-atlas-comet-users-into-dangerous-actions/