Infosec bits for 2025 week 37

Zoya Vilakazi | Sept. 12, 2025, 2:41 p.m.

Cybersecurity News:

Apple Warns Of Series Mercenary Spyware Attacks Targeting Users’ Devices [Guru Baran, Cybersecurity News]

K2 Think' AI Model Jailbroken Mere Hours After Release [Nate Nelson, Dark Reading]

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts [Ravie Lakshmanan, The Hacker News]

Africa Launches First Monthly Cybersecurity Subscription Service [News Ghana, News Ghana]

Keeper Security Launches Back-to-School Cybersecurity Guide To Strengthen Digital Safety [Keeper Security, PR Newswire]

Vulnerabilities and Patches:

New Phishing Attack Mimics Google AppSheet to Steal Login Credentials [Tushar Subhra Dutta, Cybersecurity News]

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers [Ravie Lakshmanan, The Hacker News]

ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access [Mayura Kathir, GB Hackers]

ChillyHell macOS Malware Profiles Compromised Machines and Maintain Persistence with 3 Methods [Tushar Subhra Dutta, Cybersecurity News]

Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS [Guru Baran, Cybersecurity News]

New VMScape Spectre-BTI Attack Targets Isolation Flaws in AMD and Intel CPUs [Divya, GB Hackers]

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit [Ravie Lakshmanan, The Hacker News]

Data breaches and Attacks:

Jaguar Land Rover Confirms Data Theft in Major Cyber Attack [Maya Derrick, Cyber Magazine]

Pupils behind more than half of ‘insider’ school cyber attacks [Ruth Lucas, Schools Week]

Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study [Guru Baran, Cybersecurity News]