Transcript
A (0:00)
From the CISO series, it's Cybersecurity headlines.
B (0:07)
These are the cybersecurity headlines for Tuesday, August 5, 2025. I'm Sarah Lane. Microsoft and Google among Most affected as zero day exploits jump 46% for Scout's latest threat review released at Black Hat USA shows zero day attacks rose 46% in the first half of 2025, with Microsoft and Google at the top of the most explo products. Ransomware attacks were up 36%, increasingly targeting unconventional devices like IP cameras and BSD servers to bypass defenses and move laterally across networks. Of 137 tracked threat actors, 40% were state sponsored, with Iran aligned hacktivists particularly focusing on critical OT infrastructure. Vietnamese hackers use pxa stealer, hit 4000 IPs and steal 200,000 passwords globally Vietnamese hackers appear to be behind a new global malware campaign using PXA Stealer, a python based info stealer that has compromised more than 4,000 IPs across 62 countries and stolen over 200,000 passwords. The malware targets browsers, crypto wallets, VPN clients and apps like Discord and exfiltrating data via Telegram to underground markets. Researchers say this latest variant is more evasive and multi stage, using DLL sideloading and decoy files to avoid detection. New plague Linux malware stealthily maintains SSH access A Linux backdoor dubbed Plague lets attackers maintain persistent, unauthenticated SSH access by embedding itself as a malicious pluggable authentication module, or pam. It was discovered by Nextron Systems and uses layered obfuscation anti debugging, hard coded passwords and environment scrubbing techniques to evade detection and erase forensic traces. Multiple samples have been uploaded to VirusTotal, but none have been flagged. Nvidia Triton bugs let unauthenticated attackers execute code and hijack AI servers Researchers at WIZ disclosed a set of critical vulnerabilities in Nvidia's Triton inference server that could let unauthenticated attackers remotely execute code and take full control of AI servers. The flaws are affecting both Windows and Linux deployments and stem from the Python backend that includes issues like out of bounds rights and memory limit bypasses. If chained together, they could let attackers steal AI models, manipulate inference outputs, or move laterally in networks. Nvidia patched the issues in version 25.07 and there's no evidence of exploitation in the wild. So far, huge thanks to our sponsor ThreatLocker. ThreatLocker is a global leader in zero trust endpoint security offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's threatlocker.com CISO Northwest radiologist data breach hits 350,000 in Washington A data breach at Northwest Radiologists back in January exposed the personal information of 348118 Washington residents. Attackers had unauthorized access between January 20th and 25th, affecting names, Social Security numbers, medical details and other information. The company hasn't confirmed the attack type, but signs point to ransomware. Law enforcement was notified. Security upgrades have been implemented and impacted individuals are being offered free credit and ID monitoring. No threat actor has claimed responsibility. Panel to create roadmap for establishing US cyber force a new 17 member panel called the Commission on Cyber Force Generation has been formed to design a plan for establishing a U S Cyber Force as a separate military branch backed by both the CSIS and the Cyberspace Solarium Commission 2.0. The the group includes former top Pentagon officials and cyber commanders aiming to deliver recommendations before the 2026 National Defense Authorization Act. Ghost in the zip reveals expanding ecosystem behind PXA Stealer Researchers from Sentinel Labs and Beasley Security are tracking a global cybercrime campaign dubbed Ghost in the Zip, which uses the Python based Pxa Stealer malware to steal sensitive data from victims in more than 60 countries. The malware is delivered via archived files disguised as PNG or PDF documents, leveraging sideloaded legitimate apps like HiHi, soft PDF reader and older versions of Microsoft Word. It exfiltrates stolen data including passwords, cookies and crypto wallet info through Telegram and cloudflare workers and is resold via Telegram based Cybercriminal Marketplaces. Mozilla flags phishing wave aimed at hijacking trusted Firefox add ons Mozilla is warning Firefox Add on developers about a phishing campaign impersonating mozilla or add ons.mozilla.org trying to trick devs into clicking fake account update links. It appears to be hijacking trusted developer accounts to distribute malicious extensions, many of which target crypto users by stealing wallet credentials like seed phrases. Over 40 of these malicious add ons have been identified, some posing as legitimate tools from brands like Coinbase or Metamask. Ohio sets new cybersecurity rules for local governments, including public approval of ransomware payments. Ohio enacted new cybersecurity rules requiring all local governments to implement formal policies and publicly approve any ransomware payments. The move was passed as part of the state's budget and follows a wave of cyber attacks on municipalities like Cleveland. Lawmakers say the new measures should increase transparency and improve defenses against increasingly sophisticated attacks that jeopardize constituent data and local infrastructure. Virtually every organization is making moves to embrace AI. Security teams and threat actors are no exception. But this presents a unique challenge. How do you secure the new generation of tools everyone is so keen on using, while also trying to use them yourself as a security practitioner? That is one of the questions we are trying to answer on this week's episode of the CISO Series podcast. Look for the episode they can't hack all our tools if we keep buying new ones. Wherever you get your podcasts and if you have thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I am Sarah Lane reporting for the CISO Series. Thanks for listening and we'll talk to you next time.