A

From the CISO series, it's Cybersecurity Headlines.

B

These are the cybersecurity headlines for Friday, August 22, 2025. I'm Steve Prentiss. Apple urges iPhone, iPad and Mac update ASAP this update, identified as 4-6-18, responds to a vulnerability that affects Image IO, which lets applications read write most image file formats. This lets your device know how to process and display a photograph or other image. Apple says quote processing a malicious image file may result in memory corruption, and that means that an attacker could exploit a flaw in Image IO by creating an image designed to corrupt your device's memory. They could then run malicious code and even install spyware. Apple further states the flaw may have already been used in an extremely sophisticated attack on targeted individuals. End quote Scattered spider operative gets 10 years and a big fine 20 year old Noah Michael Urban has been given the sentence for pleading guilty to charges related to wire fraud and aggravated identity theft. He faces an additional three years of supervised release following his sentence and has been ordered to pay $13 million in restitution to victims. Urban has a long history of cybercriminal activity, even prior to being a member of Scattered Spider, detailed in a blog post by Brian Krebs. Urban also has called the sentence unjust, alleging the judge purposely ignored my age as a factor because of the fact another Scattered Spider member hacked him personally during the course of my case. This was indeed the fact, as Krebs quotes another judge from the court as saying the court's password business is handled by an outside contractor and somebody called the outside contractor representing Judge Toomey saying I need a password change and they gave out the password change. That's how whoever was making the phone call got into court. End quote Microsoft seeks customer feedback on SSD failure issues this request follows on from this month's security update in which some customers experienced failure and data corruption issues affecting their solid state drives and hard disk drives. Microsoft says it is aware of reports regarding the data corruption and failure issues, but that it could not reproduce the issue on up to date Windows 1124H2 systems and as such is now looking to collect user reports. AI crawlers and fetchers place heavy burden on the web A new report from cloud services company Fastly says that AI crawlers account for 80% of all AI bot traffic, with the remaining 20% used by AI fetchers. Together, these can demand data from websites up to thousands of times per minute. The report points a finger squarely at Meta's AI division, which accounts for more than half of the crawlers and also points at OpenAI, which is responsible for the majority of on demand fetch requests fastly. Senior security researcher Arun Kumar says in the report. AI Driven Automation risks are becoming a blind spot for digital teams. End quote Huge thanks to our sponsor Conveyor does logging into a portal security questionnaire feel like punishment? Conveyor gets that Other solutions offer browser extensions that require you to do all the copy pasting. It's slow, tedious and frustrating. Conveyor takes care of it all for you. Their AI auto scrolls, finds every question and fills in accurate answers all automatically. And also their AI completes security questionnaires of any format, not just portals. So visit www.conveyor.com to learn more. That is C O N V E-Y-O-R.com Belgian telecom suffers cyber Attack Just a month after its parent company Orange Group detected a cyberattack, the Belgian subsidiary Orange Telecom announced this week that it too had discovered a cyberattack at the end of July. This attack compromised data from 850,000 customer accounts. The company said that no critical data such as passwords, email addresses, banking or financial details were compromised, but did warn that customer telephone numbers, SIM card numbers, PUK codes and tariff plans had been accessed. PUK codes are personal unblocking key codes, an eight digit security code that allows customers to unblock their SIM cards if they enter the wrong PIN multiple times. Business Council of New York State announces data breach the Council, which lobbies for business interests in the state legislature and promotes economic development, says the February attack gave hackers access to SENS information on more than 47,000 people, end quote. The stolen data includes PII, Social Security numbers, state ID numbers, payment card numbers, PINs, as well as expiration dates, taxpayer identification numbers and electronic signature information. Some also had medical data released, including information on diagnoses, prescriptions, treatments, procedures and health insurance. Flipper Zero can now turn Anyone into One of the Kia boys Just about a year ago, we reported on a story detailing how the famous ethical hackers go to tool the Flipper Zero can be used to steal Tesla cars by simply opening the doors electronically. An article from 404 Media shows that the technology can now be used on a much wider selection of car models from companies such as Ford, Audi, Volkswagen, Subaru, Hyundai, Kia and others, and also that newbie thieves are able to crack the Flipper Zero software, meaning that they do not have to pay to access the tool. The tool also locks legitimate owners out of their cars. According to the Article 404 media, journalists contacted all of the vehicle manufacturers mentioned in the Hackers recently released document. Most manufacturers did not provide a statement on whether they were aware of the attack or what they were doing to mitigate it. Ford declined to comment. End quote Hackers use QuirkyLoader to spread malware Researchers from IBM X Force are warning of a new malware loader called quirkyloader as one word being used to deliver information stealers and remote access trojans via email spam campaigns. In fact, this has been going on since November 2024. The attacks involve sending spam emails from both legitimate email service providers and a self hosted email server, and these emails feature a malicious archive which contains a dll, an encrypted payload, and a real executable. The DLL loader has only been used in limited campaigns thus far, chiefly targeting Taiwan and Mexico. Remember to join us later today for a special edition of our Week in Review show. We are celebrating the five year anniversary of Cybersecurity Headlines. We will still be running down the top news stories of the week, but also we'll be reflecting on some of the favorite stories of the Cybersecurity Headlines reporters since the show debuted back in 2020. So if you can join the live stream on the CISO Series YouTube channel later today, 3:30pm Eastern and as always, your comments and participation are welcome. And finally, if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us. Back@cisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.

A

Cybersecurity Headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.