No. 55, August 21, 2025

Welcome back to the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — UK abandons Apple encryption demand, telecoms face $92M fine, and key cybersecurity sharing law expires soon.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

UK drops demand for Apple to create backdoor to encrypted iCloud data after US pressure

The UK has dropped its demand for Apple to create a backdoor to encrypted iCloud data after US diplomatic pressure. The move protects Americans’ digital privacy and marks a win for privacy advocates, highlighting ongoing global tensions over government access to encrypted communications. techcrunch.com therecord.media cyberscoop.com

News

Federal appeals court upholds FCC authority to require breach notifications

A federal appeals court upheld the FCC’s authority to require telecoms to notify customers of data breaches exposing personal information. The ruling affirms the FCC’s expanded oversight amid rising cyber threats, but signals future privacy regulations will face stricter legal scrutiny after recent Supreme Court decisions. Appeals are possible. cyberscoop.com

Federal court upholds $92M FCC fine against T-Mobile and Sprint for selling customer location data

A federal court upheld a $92M FCC fine against T-Mobile and Sprint for selling customer location data to third parties without proper safeguards. The ruling affirms that carriers must protect sensitive data, marking a major privacy win and reinforcing stricter oversight of telecom data practices. cyberscoop.com

Congress races to extend Cybersecurity Information Sharing Act before September expiration

The Cybersecurity Information Sharing Act (CISA 2015) expires in September, threatening an 80–90% drop in cyber threat data sharing between companies and government. Legal uncertainty could halt most private sector info exchange. Congress is racing to extend the law, but its future remains uncertain. cyberscoop.com

AI & Security

NIST releases concept paper proposing AI-specific cybersecurity controls

NIST released a concept paper proposing AI-specific cybersecurity controls based on SP 800-53, aiming to tailor protections for various AI systems. The framework seeks public feedback to address diverse AI risks and data sensitivities, signaling a collaborative push for adaptable, comprehensive AI security standards. hackread.com

OpenAI considers end-to-end encryption for ChatGPT to protect user privacy

OpenAI is considering end-to-end encryption for ChatGPT, starting with temporary chats, to better protect user privacy. CEO Sam Altman cites growing concerns over sensitive data shared with AI. Encryption could complicate features and legal compliance, but Altman urges stronger confidentiality protections for AI conversations. No launch timeline yet. axios.com

AI-assisted vibe coding boosts productivity but raises security risks

AI-assisted "vibe coding" boosts productivity but often introduces security risks, 45% of AI-generated code has vulnerabilities. Experts stress human oversight, secure-by-design practices, and real-time code scanning tools. Bottom line: AI can help, but humans must verify and remediate code to ensure application security. darkreading.com

Cybercriminals abuse AI website builder Lovable to create phishing and scam sites

Cybercriminals are increasingly abusing AI website builder Lovable to create phishing, malware, and scam sites impersonating major brands. Despite new security measures, tens of thousands of malicious Lovable URLs have been detected since February, lowering the barrier for cybercrime and prompting ongoing efforts to strengthen platform safeguards. scworld.com bleepingcomputer.com darkreading.com hackread.com

Cybersecurity Incidents

Workday discloses data breach after ShinyHunters exploit third-party CRM

Workday disclosed a data breach after attackers exploited its third-party CRM, likely Salesforce, via social engineering tied to the ShinyHunters group. Only business contact info (names, emails, phone numbers) was exposed. No sensitive customer data was accessed. darkreading.com scworld.com therecord.media

Russian hacktivists hit Polish hydropower plant in Tczew for second time

Russian hacktivists hit a Polish hydropower plant in Tczew for the second time, disrupting its control systems and turbines. The attack was more damaging than the previous one. darkreading.com

UK telecom Colt hit by cyberattack, $200,000 ransom demand from WarLock group

UK telecom Colt suffered a cyberattack, forcing key support systems offline amid a $200,000 ransom demand by the WarLock ransomware group. Sensitive data is allegedly for sale. The attack likely caused by exploiting a SharePoint vulnerability. csoonline.com

Allianz Life suffers July 2025 data breach exposing 1.1 million customers and employees

Allianz Life suffered a July 2025 data breach exposing personal info of 1.1 million customers and employees via a compromised Salesforce cloud database. The ShinyHunters hacking group is behind the attack. bleepingcomputer.com darkreading.com techcrunch.com

Cyberattack exposes data of 144,000 at Manpower Michigan office, Workday suffers breach

A cyberattack on Manpower’s Michigan office exposed data of 144,000+ people; RansomHub claimed responsibility. hackread.com

South Yorkshire Police lose 96,000 bodycam videos in data transfer error

South Yorkshire Police lost 96,000 bodycam videos in a 2023 data transfer error, impacting 126 cases. Poor IT systems and backups were blamed. The UK’s data regulator reprimanded the force, urging better data security. Only three cases were directly affected; new safeguards have since been implemented. hackread.com

Hackers breach Business Council of New York State, steal data of 47,329 people

Hackers breached the Business Council of New York State in February, stealing personal, financial, and health data of 47,329 people. The breach, detected six months later, exposed sensitive info including Social Security and medical records. bleepingcomputer.com therecord.media

Hacking group UAT-7237 breaches multiple Taiwanese web servers using open-source tools

A hacking group, UAT-7237, breached multiple Taiwanese web servers using customized open-source tools. thehackernews.com

Australian ISP iiNet suffers data breach exposing 280,000 customer emails

Australian ISP iiNet suffered a data breach exposing 280,000 customer email accounts and personal data after hackers used stolen employee credentials. No financial info was leaked, but experts warn of phishing risks. This is TPG’s second breach since 2022. hackread.com

Pakistan-based family cybercrime network exposed after infecting themselves with malware

A Pakistan-based family cybercrime network was exposed after infecting themselves with their own malware. The group used pirated software to spread infostealers, netting $4.67M and impacting over 10 million victims globally. CloudSEK’s investigation revealed their structure, finances, and global reach. hackread.com

Threat actor sells 15.8 million alleged PayPal email and password pairs for $750

A threat actor is selling 15.8 million alleged PayPal email and password pairs for $750 on a cybercrime forum. The data likely comes from infostealer malware, not a PayPal breach. Authenticity is unverified, but risks include credential stuffing and fraud. PayPal has not commented. hackread.com

Ethical hacker uncovers major security flaws in McDonald’s staff and partner portals

Ethical hacker BobdaHacker uncovered major security flaws in McDonald’s staff and partner portals, exposing sensitive data and allowing unauthorized access and changes. Most issues are fixed, McDonald’s lacks a formal vulnerability reporting process, highlighting the need for better security channels and bug bounty programs. scworld.com darkreading.com

Threat Intel

North Korean IT workers infiltrate Fortune 500 companies using fake identities

North Korean IT workers are infiltrating Fortune 500 companies using fake identities to earn salaries and steal data, funneling money to Pyongyang and bypassing sanctions. The scheme is expanding globally, leveraging AI and sophisticated fraud, posing rising risks to corporate security and potentially national defense. axios.com

Cisco patches critical flaw in Secure Firewall Management Center allowing remote code execution

Cisco has patched a critical flaw (CVSS 10.0) in Secure Firewall Management Center (FMC) allowing unauthenticated remote code execution via RADIUS authentication. No exploitation reported, but patching is urgent, attackers could gain full control. Only FMC versions 7.0.7 and 7.7.0 with RADIUS enabled are affected. scworld.com bleepingcomputer.com cyberscoop.com thehackernews.com

Hackers hide Trojans in .svg files on adult sites to exploit Facebook Likes

Hackers are hiding Trojans in .svg files on adult sites to exploit Facebook Likes via obfuscated JavaScript. The attack works if users are logged into Facebook, silently liking posts without consent. Despite Facebook’s security measures, attackers persist, exposing risks in image formats that support embedded scripts. schneier.com

Threat actors exploit WinRAR zero-day as Microsoft patches major Kerberos flaw

Two threat actors exploited a WinRAR zero-day (CVE-2025-8088), while Microsoft patched a major Kerberos flaw. Critical vulnerabilities in N-able, Fortinet, and Citrix products are being actively exploited. Ransomware and targeted attacks are rising, underscoring the urgent need for timely patching and stronger cybersecurity defenses. helpnetsecurity.com

New 'MadeYouReset' vulnerability in HTTP/2 enables large-scale DoS attacks

A new 'MadeYouReset' vulnerability in HTTP/2 lets attackers trigger large-scale DoS attacks by exploiting connection resets, threatening widespread internet services. Experts urge immediate patching, rate limiting, and security reviews. thehackernews.com

Interesting Reads

Cybercriminals use mobile phishing kits to hijack brokerage accounts and execute ramp-and-dump scams

Cybercriminals are using advanced mobile phishing kits to hijack brokerage accounts and execute “ramp-and-dump” stock scams, manipulating prices with coordinated trades. U.S. brokerages’ reliance on phishable multi-factor authentication is a key vulnerability. The schemes, driven by China-based groups, leave investors with major losses and are rapidly evolving. krebsonsecurity.com

Researchers show radar can eavesdrop on phone conversations using device vibrations

Researchers have shown radar can eavesdrop on phone conversations by detecting device vibrations, though accuracy is low and setup is limited. The technique, still experimental, highlights new privacy risks from acoustic side channels and raises ethical concerns about surveillance and the future of mobile security. schneier.com

Data & Research

Enterprise use of custom GenAI apps surges 50% amid rising shadow AI concerns helpnetsecurity.com

Ransomware attacks hit a record high, surging 25% year-over-year, with over 1,000 incidents in February 2025alone, per ThreatDown. Healthcare was hardest hit, including patient deaths and major data breaches. Attacks are spreading globally and evolving, prompting calls for advanced, always-on security measures. siliconangle.com

Only 47% of eligible organizations are insured. Ransomware is the top claim, and most policies now cover ransom payments. Expect premiums and denials to rise, especially for organizations with weak security controls. helpnetsecurity.com

Cyberattack prevention effectiveness dropped from 69% to 62% in 2025, with data theft prevention at just 3% and password cracking success nearly doubling. Detection remains weak, only 14% of attacks trigger alerts. Experts urge CISOs to prioritize continuous validation, targeted defenses, and improved monitoring to counter evolving threats. helpnetsecurity.com

Cybersecurity Mergers, Acquisitions, and Funding

Seemplicity raises $50M to expand AI-driven vulnerability management platform siliconangle.com

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.