Infosec bits for 2025 week 35

Anele Siwela | Aug. 29, 2025, 3:36 p.m.

Cybersecurity News:

AI firm says its technology weaponised by hackers [Imran Rahman-Jones, BBC]

Cyber Insight, Sophos host strategic event on ransomware trends, future of cyber security [Cyber Insight, ItWeb]

CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits [Divay, Gbhackers]

Credential harvesting campaign targets ScreenConnect cloud administrators [David Jones, Cybersecurity Dive]

Vulnerabilities & Patches:

CISA Warns of Citrix Netscaler 0-day RCE Vulnerability Exploited in Attacks [Florence Nightingale, Cybersecurity News]

Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review [Diksha Ojha, Qualys Community]

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git [Ravie Lakshmanan, The hackernews]

Global Ethics Day colloquium exposes vulnerabilities in research [Wits University, Wits University]

Malware:

A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off [Sead Fadilpašić, techradar]

Malware-ridden apps made it into Google's Play Store, scored 19 million downloads [Iain Thomson, The Register]

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection [Ravie Lakshmanan, The Hacker News]

DripDropper Linux malware cleans up after itself - how it works [Steven Vaughan-Nichols, ZD Net]

Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware [Kevin Poireault, Infosecurity Magazine]

New framework aims to outsmart malware evasion tricks [Mirko Zorz, Helpnet Security]

First known AI-powered ransomware uncovered by ESET Research [Anton Cherepanov, Welive Security]

Microsoft Teams Abused in Cyberattack Delivering PowerShell-Based Remote Access Malware [Mayura Kathir, Gbhackers]