Android VPN Apps Expose Users, Apple Patches Zero-Day Exploit
▼ Summary
– Three Android VPN app families with over 700 million downloads are secretly linked and insecure, as found by researchers.
– Apple patched a zero-day vulnerability (CVE-2025-43300) exploited in a sophisticated attack against targeted individuals.
– Russian threat actors are using an old Cisco bug (CVE-2018-0171) to compromise critical infrastructure devices, per FBI and Cisco warnings.
– AWS Trusted Advisor had a flaw that could incorrectly report S3 buckets as secure when they were publicly exposed, according to Fog Security.
– A man was arrested and charged for operating the Rapper Bot botnet, which launched large-scale DDoS attacks worldwide.
Recent cybersecurity developments highlight critical vulnerabilities affecting millions of users and major platforms. Three popular Android VPN applications, with over 700 million combined downloads, have been found to share hidden connections and serious security flaws, according to research from Arizona State University and Citizen Lab. These apps, widely trusted by consumers, may expose sensitive user data due to undisclosed linkages and inadequate protection measures.
In a separate incident, Apple addressed a serious zero-day exploit tracked as CVE-2025-43300, which was leveraged in what the company described as an “extremely sophisticated attack” aimed at specific high-value targets. The patch is now available, and users are urged to update their devices immediately.
Researchers from the University of Melbourne and Imperial College London introduced a novel method using lightweight large language models to enhance incident response. This approach aims to reduce response times and minimize AI-generated inaccuracies during cybersecurity incidents.
A Russian threat group associated with the FSB’s Center 16 has been actively targeting critical infrastructure by exploiting an old Cisco vulnerability, CVE-2018-0171, affecting unpatched and end-of-life devices. The FBI and Cisco issued a joint advisory urging organizations to apply available patches or replace outdated hardware.
Innovations in cybersecurity training are emerging through the use of digital twins and AI coaching, creating more realistic penetration testing environments. Meanwhile, a flaw in AWS Trusted Advisor was uncovered, allowing publicly exposed S3 buckets to remain undetected, potentially leaving sensitive cloud data accessible to unauthorized parties.
Artificial intelligence is increasingly integrated into security operations, helping analysts cut through alert noise and accelerate investigations. In enforcement news, US authorities arrested an individual alleged to operate the “Rapper Bot” botnet, known for launching large-scale DDoS attacks worldwide.
Organizations are also rethinking security leadership roles. An interview with Mandos’ fractional CISO Nikoloz Kokhreidze explored why some companies hire full-time chief information security officers earlier than necessary, while others benefit from part-time expertise.
Several software vulnerabilities were recently patched, including four flaws in Commvault’s backup suite that could allow remote code execution. Additionally, working exploits for two critical SAP Netweaver vulnerabilities (CVE-2025-31324 and CVE-2025-42999) have been publicly released, raising concerns among enterprises using affected systems.
The healthcare sector continues to grapple with password security challenges, particularly around HIPAA compliance. A new infostealer dubbed “Noodlophile” is being distributed via phishing emails that falsely allege copyright infringement, pressuring recipients to interact with malicious content.
Financial institutions are turning to open-source intelligence (OSINT) to combat money laundering, employing five key strategies to identify and track illicit activities. In cloud DevOps environments, experts warn that misconfigurations and lax access controls are among the top risks to data security.
NIST released new guidance on detecting morphed images used in identity fraud, providing organizations with tools to identify digitally altered media. Companies adopting machine learning security operations (MLSecOps) will likely encounter six significant challenges, from model transparency to adversarial attacks.
Aviation systems remain particularly vulnerable due to their complexity and interconnectedness, a topic explored in a recent video interview. Google announced several AI and cloud security enhancements during its 2025 Security Summit, aiming to help enterprises safeguard AI-driven innovations.
Common cybersecurity myths persist despite ongoing education efforts, often resurfacing in new forms. New open-source tools like LudusHound and Buttercup are gaining attention for their ability to simulate Active Directory environments and automatically detect and patch vulnerabilities in open-source software.
A recent book titled Data Engineering for Cybersecurity offers guidance on managing the overwhelming volume of security data generated by modern systems. For those seeking new opportunities, a weekly roundup of cybersecurity job listings is available, featuring roles across various experience levels.
Upcoming webinars will address the convergence of AI and SaaS security, highlighting how AI agents now interact with software services in ways that introduce novel risks. Product highlights include the iStorage datAshur PRO+C, an encrypted USB drive with AES-256 hardware encryption, and new releases from Doppel, Druva, LastPass, and StackHawk.
(Source: HelpNet Security)