Infosec bits for 2025 week 36

Heloise Meyer | Sept. 5, 2025, 2:26 p.m.

Cybersecurity News:

Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation [Robert Lemos, Dark Reading]

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps [Sergiu Gatlan, BleepingComputer]

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider [The Hacker News, The Hacker News]

1,100 Ollama AI Servers Exposed to Internet With 20% of Them are Vulnerable [Tushar Subhra Dutta, Cybersecurity News]

Vulnerabilities & Patches:

Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers [Guru Baran, Cybersecurity News]

New TP-Link zero-day surfaces as CISA warns other flaws are exploited [Bill Toulas, Bleeping Computer]

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack [Ravie Lakshmanan, The Hacker News]

New zero-click exploit allegedly used to hack WhatsApp users [Pierluigi Paganini, Security Affairs]

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) [Zeljka Zorz, Help Net Security]

Data Breaches & Attacks:

Chess.com says 4,500 people had data stolen during June breach [Jonathan Greig, The Record]

Bridgestone Americas Confirms Cyberattack [Kristina Beek, Dark Reading]

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes [Fernando Tavella, ESET]