Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Wednesday, September 17, 2025. I'm Sarah Lane. House lawmakers moved to extend two key cyber programs U.S. house lawmakers unveiled a short term funding bill extending the 2015 Cybersecurity Information Sharing act and and the State and Local Cybersecurity grant program until November 21, giving Congress more time to negotiate longer term renewals. The programs are set to expire September 30, but provide legal protections for companies voluntarily sharing threat intelligence with the government. The House had proposed a 10 year extension. The Senate's version offers a shorter term and reduces some private sector safeguards. Apple Zero Day likely used in spy attacks affected older devices Apple issued a backported security update on Tuesday for older iPhones and iPads, including iPhone8.8 plus, iPhone X and early iPad Pro models, after the vulnerability may have been exploited in sophisticated attacks. The original patch for newer devices was released on August 20. The flaw allowed malicious image files to execute code and Apple confirmed it had been used against specific targeted individuals, highlighting ongoing risks to legacy devices. Reuters crafts phishing scam with AI chatbot help A Reuters investigation shows a variety of AI chatbots can be coaxed into creating phishing emails despite built in safety measures. Researchers including Harvard's Fred Hiding Tyler tested emails generated by Grok, ChatGPT, Meta, AI, Claude and Deepseek on 108 senior volunteers. About 11% click the links. Bots could also advise on timing and tactics, revealing AI's potential to scale fraud Google nukes 224 ad fraud Android malware apps Google removed 224 Android apps tied to a global ad fraud campaign called Slop ads, which generated 2.3 billion AD requests per day, according to Human's Satori Threat Intelligence Team. The apps were downloaded more than 38 million times across 228 countries and used obfuscation and steganography to conceal a malicious FAT module apk. Then it collected device and browser data and served ads through fake domains to generate fraudulent revenue. Google Play Protect now warns users to uninstall any affected apps. Human researchers note the attackers are likely to adapt their methods in future campaigns. Huge thanks to our sponsor Drata leading security teams Trust Safebase by Drata to turn trust into a growth engine. Their enterprise grade Trust center puts your security posture in one secure customer facing portal, giving buyers instant visibility into your company's continuous controls, certifications and policies with AI powered questionnaire assistance. Blast through inbound security questionnaires in minutes instead of days. Automate cross functional workflows and eliminate friction. That means less manual work and faster deal cycles. Win with trust. Learn more at SafeBase IO. Jaguar Land Rover says shutdown to last at least another week the Jaguar Land Rover cyber attack fallout marches on the company announced it will keep its global operations offline until at least September 24. This has sidelined thousands of employees and supply chain workers and is costing the company around 72 million pounds per day. The company confirmed internal data was compromised, leading to potential fines under British privacy law. Chaos mesh critical graphQL flaws enable RCE and full Kubernetes cluster takeover In a report shared with Hacker News, JFrog researchers disclosed critical flaws in Chaos Mesh, an open source chaos engineering platform that could let attackers take over Kubernetes clusters by executing commands or steal tokens. According to JFrog, the vulnerabilities, called Chaotic Deputy, stem from weak authentication in the Chaos Controller Manager's GraphQL server. They were responsibly disclosed on May 6th and patched in version 2.7.3 on August 21st. Users are advised to update to the latest version. Innovative file fix Phishing attack proves plenty potent Acronis researchers say that a global phishing campaign is weaponizing File Fix, a social engineering technique derived from a June proof of concept by researcher Mr. Dox. The lure impersonates Facebook security and tricks victims into pasting PowerShell code into the File Explorer address bar, which executes a loader that then pulls an AI generated JPEG carrying a hidden script via steganography. That embedded script drops steelsi, a commercial info stealer that harvests passwords, crypto wallets and VPN credentials. The campaign, observed by Acronis and visible in virustotal uploads, has been translated into at least 16 different languages. Self propagating supply chain attack hits 187 npm packages a supply chain attack dubbed Shai Hulad has compromised at least 187 npm packages, according to Socket and Aikido researchers. The worm style malware injects a bundle JS script that uses Trufflehog to steal developer and CI credentials, create unauthorized GitHub workflows, and exfiltrate secrets. CrowdStrike confirmed that some of its NPM packages were affected, but said its core platform is secure. If you want to make some great content for the CISO series, we want you to as well, and we've got a great way to do it. We need our listeners to fill out a quick five question survey. They're Family Feud style questions. Your responses will be used for an upcoming live event. It should be fun. If you've got an extra minute, please head on over to cisoseries.com participate to fill it out. And if you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. Hi, I'm Sarah Lane reporting for the CISO series. And hey, thanks for listening.