FTC Announces Settlement with Toy Robot Makers That Tracked Location of Children
Article Link: https://cyberscoop.com/ftc-settlement-apitor-childrens-privacy-violation/
- The U.S. Federal Trade Commission (FTC) just slammed Shenzhen-based Apitor Technology with a settlement after the company secretly tracked the geolocation of U.S. kids under 13 using its toy robots.
- Federal prosecutors said Apitor’s app snuck in a third-party kit called JPush, pulling precise location data from thousands of children without parents ever being told.
- Investigators said the company’s practices broke the Children’s Online Privacy Protection Act (COPPA), while its own policy falsely claimed compliance.
- Apitor agreed cough up $500,000 in fines, wipe the collected data, get parental sign-off, and face a decade of watchdog monitoring with full disclosure baked into its marketing.
Cloudflare Confirms Salesforce Data Compromised via SalesLoft Chatbot
Article Link: https://www.salesforceben.com/cloudflare-confirms-salesforce-data-compromised-via-salesloft-chatbot/
- Cloudflare confirmed attackers raided its Salesforce support system after exploiting Salesloft’s Drift app, exposing customer case data, contact info, and even access tokens and passwords.
- Hackers tied to GRUB1, also tracked as UNC6395 by Google and overlapping with ShinyHunters, stole support case text in just three minutes using a Bulk API job.
- The breach ran between August 12 and 17, 2025, with Cloudflare notified only after Salesloft and Salesforce flagged suspicious Drift activity. Impacted customers were alerted on September 2.
- Cloudflare yanked Salesloft software, rotated credentials, and told customers to reset any logs, passwords, or tokens ever shared in support tickets to head off future misuse.
U.S. Offers $10 Million for Three Russian Energy Firm Hackers
Article Link: https://www.securityweek.com/us-offers-10-million-for-three-russian-energy-firm-hackers/
- The U.S. State Department announced rewards of up to $10 million for tips leading to the arrest of three Russian FSB Center 16 officers: Pavel Akulov, Mikhail Gavrilov, and Marat Tyukov, all accused of hacking energy companies worldwide.
- Indicted in 2021, the dirty-rotten trio allegedly ran the Dragonfly and Dragonfly 2.0 campaigns, infecting networks with Havex malware and launching spear-phishing attacks against more than 3,300 users at over 500 firms and agencies.
- Officials say the men, linked to the FSB Center 16 unit (successor to the Soviet-era KGB), are associated with Berserk Bear, Blue Kraken, and Ghost Blizzard, where they besieged U.S. government agencies as well as nuclear plants, utilities, as well as oil and gas companies across 135 countries.
- The FBI recently warned that Center 16 has been exploiting older Cisco flaws, while Cisco linked the activity to its own “Static Tundra” group, focused on stealing configurations and maintaining long-term access.
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Article Link: https://hackread.com/scattered-lapsus-hunters-google-fire-experts-data-leak/
- A coalition blatantly calling itself “Scattered Lapsus$ Hunters” threatened Google on September 1, demanding the firing of two security researchers or they will leak alleged stolen data.
- The group, blending tactics of Scattered Spider, Lapsus$, and ShinyHunters, posted on Telegram, targeting one analyst from Google’s Threat Intelligence Group and another from Mandiant.
- They ordered Google to stop tracking UNC3944, UNC5537, UNC6040, UNC6240, and UNC6395, echoing earlier ShinyHunters activity that exploited Salesforce systems tied to Google.
- No evidence of access to Google’s internal infrastructure has been shown, and experts say the threats aim to intimidate and disrupt investigations rather than extort money.
WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users
Article Link: https://www.securityweek.com/whatsapp-zero-day-exploited-in-attacks-targeting-apple-users/
- WhatsApp disclosed a zero-day flaw, CVE-2025-55177, that was exploited alongside Apple bug CVE-2025-43300 in targeted spyware attacks against iOS and macOS users.
- The WhatsApp issue, rated 5.4 CVSS, involved incomplete authorization of device sync messages, allowing attackers to force content from arbitrary URLs.
- Apple patched its ImageIO flaw on August 20 across iOS, iPadOS, and macOS, warning it may have been actively exploited in highly sophisticated operations.
- WhatsApp patched its bug in July and August in iOS and Mac versions, urging users to update immediately to close the attack path.
- Link to CVE-2025-55177: https://www.cve.org/CVERecord?id=CVE-2025-55177
House Panel Approves Cyber Information Sharing, Grant Legislation as Expiration Deadlines Loom
Article Link: https://cyberscoop.com/house-panel-approves-cyber-information-sharing-grant-legislation-as-expiration-deadlines-loom/
- The House Homeland Security Committee, chaired by Rep. Andrew Garbarino of New York, voted to reauthorize the 2015 Cybersecurity and Information Sharing Act as the Widespread Information Management for the Welfare of Infrastructure and Government Act (WIMWIG) and the State and Local Cybersecurity Grant Program as the Protecting Information by Local Leaders for Agency Resilience Act (PILLAR).
- The WIMWIG Act extends legal protections for sharing threat data for another 10 years, while the PILLAR Act continues a $1 billion grant fund for state, local, and tribal governments, backed by Rep. Andy Ogles of Tennessee.
- The committee also advanced the Generative Artificial Intelligence Terrorism Risk Assessment Act, sponsored by Rep. August Pfluger of Texas, and the Pipeline Security Act, sponsored by Rep. Julie Johnson of Texas, to codify the Transportation Security Administration (TSA) pipeline security office.
- Ranking Member Bennie Thompson of Mississippi supported moving the bills forward but raised concerns about changes, while Sen. Rand Paul of Kentucky is pressing for restrictions on the Cybersecurity and Infrastructure Security Agency (CISA) tied to speech oversight.
Phishing Emails Are Getting Smarter – and Using Some New Tricks to Snare Victims
Article Link: https://www.techradar.com/pro/security/phishing-emails-are-getting-smarter-and-using-some-new-tricks-to-snare-victims
- Barracuda researchers reported that the Tycoon phishing kit, a leading source of email attacks, has been updated with new trickery to conceal malware and malicious links.
- Techniques include URL encoding with invisible characters, fake CAPTCHAs, redundant protocol prefixes, misuse of the “@” symbol, and subdomain splits that mimic trusted brands.
- These tactics make phishing links harder for filters and users to spot, giving attackers new ways to lure victims into fraudulent sites.
- Best practices recommend a multi-layered defense strategy combining AI-driven detection tools with regular employee training to catch evolving threats.
Mis-issued Certificates for 1.1.1.1 DNS Service Pose a Threat to the Internet
Article Link: https://arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/
- Security researchers warned that three TLS certificates were wrongly issued in May for Cloudflare and APNIC’s 1.1.1.1 DNS service, potentially allowing attackers to decrypt encrypted DNS traffic.
- The certificates, issued by Fina RDC 2020 under Fina Root CA and trusted by Microsoft’s Root Certificate Program, remained valid for months before being flagged this week.
- Cloudflare confirmed it never authorized the issuance and contacted Fina, Microsoft, and regulators to revoke trust, while Microsoft pledged to block them through its disallowed list; Chrome and Firefox were never at risk.
- Experts say the lapse exposes a weakness in the certificate authority system, where one faulty authority can endanger trust across the Internet’s encryption backbone.
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps
Article Link: https://hackread.com/cloudflare-mitigates-largest-ddos-attack-11-5-tbps/
- On September 3, 2025, Cloudflare announced it had mitigated the largest distributed denial-of-service attack ever recorded, a 35-second UDP flood peaking at 11.5 terabits per second.
- Initial analysis pointed to Google Cloud, but further review showed the traffic came from compromised Internet of Things devices and multiple cloud providers.
- The flood was equivalent to streaming thousands of HD movies at once and followed record-setting attacks of 7.3 Tbps in June 2025 and 5.6 Tbps in 2024.
- Cloudflare confirmed its defenses absorbed the assault without a hiccup, framing the event as proof its infrastructure can keep customers online even against record-breaking floods.
22-year-old Frisco Woman Posed as FBI Agent to Scam Older Couple Out of Life Savings
Article Link: https://www.cbsnews.com/texas/news/texas-fbi-scam-frisco-woman-jessica-bahu-garland-police-chase-bank/
- Garland police arrested a 22-year-old Frisco woman accused of stealing more than $25,000 from an elderly couple by posing as both their bank and the FBI during a phone scam.
- On August 6, the victims, aged 80 and 77, received a spoofed call claiming to be from their bank, then the FBI, pressuring them for hours to withdraw their savings.
- The couple was told to hand the cash over in a parking lot, where the suspect falsely identified herself as an FBI agent.
- Police warn residents to ignore spoofed caller IDs, verify organizations directly, and stay alert for pressure tactics like urgency and isolation.
