Infosec bits for 2025 week 34

Heloise Meyer | Aug. 25, 2025, 7:35 a.m.

Cybersecurity News:

The cybersecurity myths companies can’t seem to shake [Sinisa Markovic, Help Net Security]

How Evolving RATs Are Redefining Enterprise Security Threats [Aditya K. Sood, DarkReading]

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems [Pierluigi Paganini, Security Affairs]

South African businesses hit by 2,113 cyber attacks a week [Myles Illidge, MyBroadband]

Vulnerabilities & Patches:

Elastic rejects claims of a zero-day RCE flaw in Defend EDR [Bill Toulas, BleepingComputer]

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks [Ravie Lakshmanan, The Hacker News]

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw [Jai Vijayan, DarkReading]

High-Severity Vulnerabilities Patched in Chrome, Firefox [Ionut Arghire, SecurityWeek]

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft [Ravie Lakshmanan, The Hacker News]

Malware:

Legitimate Chrome VPN Extension Turns to Browser Spyware [Kevin Poireault, Infosecurity Magazine]

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft [Waqas, Hack Read]

New Loader Malware Dubbed ‘QuirkyLoader’ Delivering Infostealers and RATs [Tushar Subhra Dutta, Cyber Security News]

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot [Ravie Lakshmanan, The Hacker News]