Vyro AI Leak Reveals Poor Cyber Hygiene Summary Vyro AI accidentally exposed around 116GB of sensitive user data across three products: ImagineArt, Chatly and Chatbotx. Cybernews researchers found the dataset had been indexed by IoT search engines in February, suggesting it may have been discoverable for months. The exposed information included user prompts, bearer authentication […]
Apple CarPlay RCE Exploit Left Unaddressed in Most Cars Summary Researchers disclosed a buffer‑overflow vulnerability in Apple CarPlay (CVE-2025-24132) that can lead to root remote code execution (RCE) via the AirPlay SDK. Although Apple released a patch months ago, most carmakers and many vendors have not rolled the fix out to vehicles. The flaw can […]
‘Gentlemen’ Ransomware Abuses Vulnerable Driver to Kill Security Gear Summary The Gentlemen ransomware gang is weaponising a vulnerable, signed kernel driver (ThrottleStop.sys) — renamed in attacks as ThrottleBlood.sys — to disable antivirus and EDR products. Trend Micro analysis shows the group uses a bring-your-own-vulnerable-driver (BYOVD) technique together with AV‑killer binaries (All.exe and customised Allpatch2.exe) and […]
Chinese Hackers Allegedly Pose as US Lawmaker Summary US lawmakers say China-backed threat actors impersonated Representative John Moolenaar in spear-phishing emails aimed at trusted targets involved in high-level US–China trade engagements. The House Select Committee on China published a notice on 8 September describing an ongoing, highly targeted cyberespionage campaign that used impersonation and abused […]
Students Pose Inside Threat to Education Sector Summary K-12 schools face not only external attacks from ransomware gangs but also a steady stream of insider incidents originating from students. Many pupils, raised with devices and easy access to information, experiment with hacking — from changing grades to probing school systems — often out of curiosity […]
AI-Enhanced Malware Sports Super-Stealthy Tactics Summary Security researchers have identified a fast-moving campaign tracked as “EvilAI” that hides malware inside seemingly legitimate AI- and productivity-style apps. The operation has infected hundreds of organisations across multiple sectors and countries by using professionally built interfaces, genuine-feeling features and digitally signed binaries from newly created companies to evade […]
Cyberattack on Kazakhstan’s Largest Oil Company Was ‘Simulation’ Summary Researchers first reported what looked like a Russian APT campaign targeting Kazakhstan’s biggest oil company, KazMunayGas (KMG), and dubbed the actor “Noisy Bear.” Seqrite Labs described a convincing phishing chain: a compromised finance email, a ZIP containing a decoy and a malicious .LNK file, a PowerShell […]
The Quiet Revolution in Kubernetes Security Summary This commentary examines how traditional host operating systems undermine Kubernetes security and highlights Talos Linux as a purpose-built alternative. The article argues that using full-featured, mutable Linux distributions (Ubuntu, CentOS, RHEL) for Kubernetes hosts preserves legacy assumptions — shells, SSH, mutable filesystems — that inflate attack surface and […]
Vidar Infostealer Back With a Vengeance Summary Researchers at Aryaka have uncovered a fresh Vidar campaign showing that the long‑running Vidar infostealer has evolved with stronger stealth and persistence. First seen in 2018, Vidar remains an infostealer-as-a-service used to harvest credentials, cookies, tokens and financial data. The latest strain adds encrypted C2, Living‑off‑the‑Land binaries (LOLBins), […]
‘K2 Think’ AI Model Jailbroken Mere Hours After Release Summary K2 Think, a new 32-billion-parameter reasoning model developed by MBZUAI and G42, was released publicly on 9 September 2025. Within hours a researcher from Adversa AI, Alex Polyakov, demonstrated a jailbreak by exploiting a vulnerability dubbed “Partial Prompt Leaking.” The model purposely exposes rich, plaintext […]
