Project Hyphae
Search

Information Security News – 8/25/2025

Share This Post

Staying One Step Ahead

Article Link: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/staying-one-step-ahead

  • The FBI is warning that sextortion cases in Florida are up 60 percent this year, with kids losing almost a million dollars. These predators are hiding in the same apps, games, and chats our kids use every day.
  • They get one picture of a child and then threaten to share it unless the child sends more. Some groups, like one called “764,” are even pushing kids into violent or harmful acts.
  • A lot of kids stay quiet because they feel ashamed or scared, and that gives predators more power. In North Florida, cases in seven months already match all of last year, and the problem is growing fast.
  • Parents are reminded to keep an eye on what our kids are doing online, avoid putting too much personal information in their profiles, and save suspicious messages instead of deleting them. Most importantly, keep the conversation open so our kids know they can come to us if something feels wrong.
  • The FBI also has a free “Safe Online Surfing” program for grades 3–8 that teaches them how to protect themselves online: https://sos.fbi.gov/en/seventh-grade.html

New USF Program Focused on AI and Cybersecurity

Article Link: https://www.fox13news.com/news/new-usf-program-focused-ai-cyber-security

  • The University of South Florida announced a new Billini College of Artificial Intelligence, Cybersecurity and Computing, funded by a record $40 million donation from Arnie Bellini.
  • Starting this fall, the college will offer undergraduate and graduate programs that blend AI with protective technology, building partnerships with government, defense contractors, and Fortune 500 companies.
  • University leaders say combining AI and protective technology creates a national model for training future leaders, while Bellini called AI the “arms race of our time” and stressed that protecting innovation is essential to U.S. economic strength.
  • USF expects 3,000 students and 45 faculty this fall, growing to 5,500 students and 100 faculty within three years, with programs spanning across multiple campuses.

Executives Warned About Celebrity Podcast Scams

Article Link: https://www.infosecurity-magazine.com/news/experts-warn-executives-celebrity/

  • The Better Business Bureau (BBB) issued a warning about a new “podcast imposter” scam, where fake managers invite business leaders and influencers to appear on a supposed celebrity show for $2,000.
  • Victims are asked to test their camera and audio before the “podcast,” but the real goal is to trick them into downloading remote access software, giving scammers full control of their computer and online accounts.
  • KnowBe4’s Martin Kraemer noted that these scams no longer target influencers alone. Executives and specialists are also being lured, making their company accounts a valuable entry point for deeper network breaches.
  • The BBB advises users to check sender addresses carefully, be skeptical of generic or poorly formatted emails, refuse remote access requests, avoid unsolicited offers of money, and protect login credentials. Training and education remain key defenses.

McDonald’s Not Lovin’ It When Hacker Exposes Nuggets of Rotten Security

Article Link: https://www.theregister.com/2025/08/20/mcdonalds_terrible_security/

  • A hacker calling herself “Bobdahacker” uncovered major mcflaws in McDonald’s staff and partner portals, including ways to order free food, gain corporate email accounts, and access executive materials.
  • Weak protections allowed anyone to mcbypass logins, mcview secret keys in the code, and even mcchange franchise rule documents. Some fixes took months, and one mchalf-baked patch still let attackers create accounts by tweaking a single word in the URL.
  • The problems exposed employees’ and applicants’ data, including emails to the staff from the CEO down. One McDonald’s employee who assisted in the research was later mcfired, raising questions about how the company handles mcwhistleblowers.
  • McDonald’s mcclaims they have closed most of their gaps, but its job-screening chatbot “Olivia” was still found using “123456” as an admin password, recently leaking 64 million applicants’ data, like a Filet-o-Phishing combo no one ordered.

Hackers Weaponize QR Codes in New ‘Quishing’ Attacks

Article Link: https://www.infosecurity-magazine.com/news/hackers-qr-codes-new-quishing/

  • Barracuda Networks researchers reported on August 20 that hackers are now weaponizing QR codes in new ways, splitting them into separate images or nesting malicious code inside legitimate ones.
  • One group, Gabagool, used split codes that looked normal to people but bypassed scanners, tricking recipients into fake Microsoft password reset pages. Another group, Tycoon, nested harmful code within real code to create confusion and evade detection.
  • These techniques allow attackers to steal login credentials and make it harder for traditional defenses to identify phishing attempts. Customized messages suggest some attacks followed earlier email takeovers.
  • Researchers recommend multi-layered protection that uses AI to scan QR images, decode payloads, test links safely in sandboxes, and analyze suspicious code structures. Awareness training and multifactor authentication remain essential.

Microsoft Releases Emergency Updates to Fix Windows Recovery

Article Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-windows-recovery/

  • Microsoft issued emergency out-of-band updates on August 19, 2025, to fix problems with Windows reset and recovery tools caused by this month’s security patches. The bug impacted Windows 10 and older versions of Windows 11.
  • After installing the August updates, attempts to reset or recover a PC failed, whether users tried “Reset my PC” locally or IT teams used RemoteWipe to reset devices remotely.
  • The glitch complicated efforts for both individual users and IT administrators who rely on reset tools to reinstall systems or fix errors while keeping files and settings intact.
  • Microsoft dropped emergency patches and urges anyone who has not yet applied the August updates to use the new out-of-band patches instead, available through Windows Update or the Microsoft Update Catalog. Those who are not affected do not need to install them.

Casino Tech Outfit Bragg Cops to Intrusion but Says Data Jackpot Untouched

Article Link: https://www.theregister.com/2025/08/19/bragg_attack/

  • Bragg Gaming Group, a Toronto-based casino and sportsbook technology provider, disclosed on August 16 that attackers breached its internal IT systems but claimed no customer data was taken.
  • The company said the intrusion was contained quickly with outside support and followed industry protocols. Services remained online, and no player accounts or gaming operations were disrupted.
  • Gambling firms are frequent targets because they rely on constant uptime and sensitive financial data. While Bragg insists its case is limited, unanswered questions remain about how attackers gained entry and what, if anything, was taken.
  • Bragg stated that cleanup is in progress and operations continue normally. Customers are advised to stay alert until more details are shared, as investigators confirm the full scope of the attack.

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Article Link: https://krebsonsecurity.com/2025/08/oregon-man-charged-in-rapper-bot-ddos-service/

  • On August 6, 2025, federal agents arrested 22-year-old Ethan J. Foltz of Oregon, accusing him of operating “Rapper Bot,” a botnet of 65,000 hacked devices used for massive, distributed denial-of-service (DDoS) attacks, including one in March that knocked Twitter/X offline.
  • The Justice Department reports Foltz and a partner known as “Slaykings” rented out Rapper Bot to extortionists, delivering attacks over six terabits per second, hundreds of times more than a normal server could handle. They deliberately kept the botnet “Goldilocks” sized to stay powerful but avoid detection.
  • Victims ranged across 1,000 networks in countries including China, Japan, the U.S., Ireland, and Hong Kong. Many were gambling businesses, extorted under threat of devastating financial losses from nonstop attacks.
  • Foltz admitted his role and faces up to 10 years in prison for aiding and abetting computer intrusions. Investigators emphasize that DDoS defense is costly, leaving many businesses trapped between paying ransoms or suffering expensive outages.

A Scattered Spider Member Gets 10 Years in Prison

Article Link: https://securityaffairs.com/181383/cyber-crime/a-scattered-spider-member-gets-10-years-in-prison.html

  • On Wednesday, August 2025, 20-year-old Noah Michael Urban of Palm Coast, Florida, was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution for SIM-swapping cryptocurrency thefts.
  • Urban, also known by multiple aliases, such as “Sosa” and “King Bob,” admitted to conspiracy, wire fraud, and identity theft in cases spanning Florida and California. He and co-conspirators stole personal information, reset crypto account passwords, and drained funds.
  • Urban was part of the Scattered Spider group, which has breached hundreds of organizations, including Twilio, LastPass, DoorDash, and Mailchimp. Beyond finance, he also leaked unreleased music from artists like Ariana Grande and Lil Uzi Vert, disrupting album launches and harming reputations.
  • Prosecutors had sought eight years, but surprisingly, the judge imposed 10. Urban, speaking from jail, claimed bias in the ruling, but investigators stress the scale of damage justified the sentence. He will also face three years of supervised release after prison.

Update your iPhone, iPad, and Mac ASAP to Fix This Dangerous Security Flaw – Here’s Why

Article Link: https://www.zdnet.com/article/update-your-iphone-ipad-and-mac-asap-to-fix-this-dangerous-security-flaw-heres-why/

  • Apple released new patches for iPhone, iPad, Mac, and Apple Watch. Hackers found a way to hide spyware inside an image file, so just opening the picture could have put your device at risk.
  • Listed as CVE-2025-43300, it was found in Apple’s Image I/O system. A malicious photo could crash apps or allow attackers to run their own code.
  • Apple confirmed this issue was already used in targeted attacks against high-profile individuals such as journalists and officials. It is the sixth zero-day patched in 2025, and it came only days after an Apple Watch update that adjusted the Blood Oxygen app.
  • Update all devices. The patches cover iPhones from XS onward, iPads across Pro, Air, mini, and seventh generation or later, Apple Watch with the newest watchOS, and Macs on Sequoia, Sonoma, or Ventura.
  • Apple Support: https://support.apple.com/en-us/124925



Reach out to our incident response team for help

More To Explore

Information Security News – 8/25/2025

Staying One Step Ahead Article Link: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/staying-one-step-ahead New USF Program Focused on AI and Cybersecurity Article Link: https://www.fox13news.com/news/new-usf-program-focused-ai-cyber-security Executives Warned About Celebrity Podcast Scams Article

Jo Moldenhauer August 25, 2025

Information Security News – 8/18/2025

DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini

Marcus Cylar August 18, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.