In today’s cybersecurity news…
A patch today keeps the zero-day away
Apple has released emergency security updates after discovering a new zero-day flaw that is already being exploited in targeted attacks. The bug is in Apple’s Image I/O framework, which processes photos and graphics. Hackers can craft a malicious image that, when opened or previewed, causes the system to write data outside the safe boundaries of memory. This can lead to corruption and potentially allow attackers to run their own code on the device. The patch covers iPhones from XS and newer, multiple iPad generations, and Macs running Sequoia, Sonoma, and Ventura.
Jailbreaking Chat GPT-5 Pro
A new report from Adversa AI warns that GPT-5 may not always be the one answering your queries. Instead, an internal router, nicknamed PROMISQROUTE, sometimes diverts prompts to older or smaller models of GPT to save costs. Researchers found that certain words or structures in a prompt can cue the router to hand requests to these weaker models, where old jailbreak tricks still work. That means that output GPT-5 Pro would normally refuse like offensive slurs, malware instructions, or guides for hacking or drug-making could slip through again.
The thing about vulnerabilities is they stay vulnerable
A hacking group known as Static Tundra, tied to the Russian state security service division responsible for hacking and digital espionage, is exploiting the seven-year-old Cisco Smart Install Remote Code Execution vulnerability to break into networks around the world. The flaw affects Cisco IOS and IOS XE devices with the Smart Install feature, and despite patches being available for years, thousands of unpatched or end-of-life systems remain exposed. Investigators say the hackers are targeting telecom, higher education, and manufacturing sectors in North America, Europe, Asia, and Africa, with a special focus on Ukraine and its allies since the war began. Once inside, they harvest configuration files, alter settings to maintain backdoors, and even deploy implants like SYNful Knock for stealthy, long-term access.
I’m beginning to feel like a Rap Bot
In Oregon, a twenty-two-year-old was charged for building a botnet that grew large. He called it Rapper Bot, investigators say, and it blocked network traffic in a disruptive way. Traffic surged steady, two terabits wide, peaking at six and overwhelming the tide. Ninety thousand devices were pulled into play, launching attacks on systems each day. Officials confirmed the scope was vast, from tech firms to government, none held fast. With a warrant to arrest him for his tricks, agents arrived at his house on August sixth. He now faces up to ten years for directing attacks that confirmed the fears. The lesson remains in the warnings supplied: unpatched devices leave doors open wide.
Huge thanks to our sponsor, Conveyor
Most solutions just give you a browser extension to copy and paste answers in, still leaving hours of manual work.
With Conveyor, you don’t have to slog through it yourself.
Just open the portal and Conveyor’s AI will scroll through each page, find the questions, and fill in answers for you—start to finish.
See how at www.conveyor.com
Qilin me softly with ransomware
Indiana-based pharmaceutical research firm Inotiv has confirmed it was hit by a ransomware attack on August 8 that encrypted parts of its IT systems and disrupted operations. The Qilin ransomware group has claimed responsibility, saying it stole about 176 gigabytes of data, including more than 160,000 files, and has already posted samples on its leak site. Inotiv says it has called in outside cybersecurity experts, notified law enforcement, and shifted to offline processes while systems are restored. The company has not yet said how long recovery will take or whether the breach will have a material financial impact.
Sure, Joe Rogan, I’d love to be on your podcast
The Better Business Bureau warns that attackers are using fake podcast invitations to trick executives, often targeting high-profile employees with emails that look legitimate and carry professional branding. Victims are asked to join a “test interview” or technical check, during which AI-generated voices and videos pose as podcast hosts. While the session seems routine, the attackers prompt the target to install software, grant remote access, or share files, giving them the ability to exfiltrate data, harvest credentials, or deploy malware. Researchers note that this method leverages common business practices, since executives are accustomed to media requests and interview preparation.
Vulnerabilities discovered in Wisconsin municipal software – much like this year’s Packers defensive line
Researchers published findings of flaws in Workhorse Software Services accounting software which is used by more than 300 municipalities in Wisconsin. One vulnerability involves storing SQL server credentials in a plaintext file on shared network folders, while the other allows creation of unencrypted database backups directly from the login screen. These issues could let attackers access complete municipal databases containing sensitive data such as Social Security numbers and financial records and also tamper with audit trails and fiscal operations. Threat actors could use these weaknesses to commit identity theft, disrupt municipal functions, or manipulate financial oversight processes.
This new clickjacking is so DOM
A new study shows that browser extension password managers can be tricked into giving up your logins with just one click. Security researcher Marek Tóth calls it a form of clickjacking. It’s the same principle, but instead of tricking you into clicking a malicious button, your click triggers invisible login fields injected into the page’s DOM (document object model). When that happens, the extension may think it’s a real form and autofill your saved username, password, two-factor codes or even credit card details. The trick only works if the attacker is on a domain or subdomain your password manager already trusts. Tests showed that eleven major browser extension managers were vulnerable, including 1Password, Bitwarden, LastPass. So far, vendors haven’t issued fixes, and the flaw affects Chrome, Edge, and other browsers.