WEEKLY TOP TEN: August 25, 2025, 16:00 GMT
- COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware
Between June and August 2025, researchers at CrowdStrike discovered that the threat group “COOKIE SPIDER” deployed malvertising campaigns to spread SHAMOS—a new variant of the AMOS infostealer—on macOS systems. The group purchased ads targeting benign-sounding queries like “macOS flush resolver cache.” These ads led to fake help websites instructing users to run a single Terminal command. That command bypassed Gatekeeper checks and deployed SHAMOS via a Bash script, which harvested data such as Keychain content, browser credentials, Apple Notes, and crypto wallets. The malware then zipped this data for exfiltration and could also drop a fake Ledger Live app or a botnet module.
Researchers observed that the attackers also created counterfeit GitHub repositories—mocking legitimate software like iTerm2—to trick more technical users into executing the malicious payload. Although enterprise environments may use privileged account management to block such activity, Trey Ford of Bugcrowd pointed out that this campaign typically targeted less technical users looking for routine fixes. - Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have uncovered a novel malware technique targeting Linux systems. Phishing emails carried RAR archives containing filenames engineered with embedded Base64‑encoded Bash commands. When parsed by shell scripts—due to weak filename sanitization—these crafted names triggered automatic execution, evading antivirus tools that generally ignore metadata like filenames.
The technique relies on injecting shell code directly into the filename, which, when processed using commands like eval, decodes and executes payloads—rather than the file content itself. After decoding, the script fetches an ELF binary appropriate for the host architecture (e.g., x86_64, ARM) and runs a backdoor called VShell, which activates encrypted C2 communications and full remote control over the system. Advanced Chinese-affiliated actors like UNC5174 are known to use VShell, a Go-written backdoor. - 15,000 Jenkins Servers at Risk from RCE Vulnerability
A vulnerability (CVE‑2025‑53652) in the Jenkins Git Parameter plugin has been flagged as far more severe than initially rated. Originally considered of medium severity, researchers at VulnCheck revealed that this flaw exposes Jenkins servers to command injection attacks, enabling remote code execution (RCE).
The plugin improperly passes unvalidated input to system commands, allowing attackers to exploit this vulnerability to run arbitrary code, including accessing master keys. Approximately 15,000 publicly accessible Jenkins instances lack authentication, which makes them high-risk targets across the internet.
Even though a mitigation has been released, administrators may inadvertently disable it, leaving servers vulnerable. VulnCheck has issued detection rules to identify exploitation attempts—but organizations must ensure the patch is active and not disabled by default. - Apple Fixes New Zero-Day Flaw Exploited in Targeted Attacks
Apple issued emergency patches for CVE‑2025‑43300, an out‑of‑bounds write flaw in the Image I/O framework, reportedly exploited in highly sophisticated, targeted attacks on August 20, 2025. The vulnerability could allow remote code execution via crafted image files.
Apple patched the issue across iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. The company confirmed that this zero‑day was likely used against specific individuals. This marks Apple’s sixth zero‑day fix in 2025, following CVEs patched earlier in January, February, March, and two in April. Users are strongly advised to install updates promptly, as Apple has not yet disclosed details on the exploitation timeline or attribution. - Cybercriminals Abuse AI Website Creation App for Phishing
Proofpoint researchers have revealed that cybercriminals are exploiting AI-powered website creation tools to rapidly generate phishing domains that mimic legitimate brands. These platforms enable attackers to clone or spin up fraudulent sites within minutes, drastically lowering the barrier for scalable phishing campaigns. Attackers use the sites to harvest credentials or deliver malware, often incorporating CAPTCHA to filter out suspicious bots and posting stolen credentials to Telegram channels.
The findings underscore the ease with which criminals can weaponize AI tools for efficient and automated operations, despite their benign uses. - Warlock Ransomware Exploits ToolShell SharePoint Zero-Day (CVE-2025-53770) in Widespread Attacks
The Warlock ransomware campaign is a highly impactful exploitation of the SharePoint “ToolShell” vulnerability (CVE‑2025‑53770), originating from unsafe deserialization in on-premises Microsoft SharePoint servers. This flaw allows unauthenticated remote code execution and access to internal contents by attackers.
Initially rooted in the earlier patched CVE‑2025‑49704, the ToolShell variant bypasses prior defenses by allowing attackers to upload malicious ASPX files—such as spinstall0.aspx—via specially crafted HTTP POST requests targeting/layouts/15/ToolPane.aspxand including a manipulatedRefererheader. This enables extraction of cryptographic MachineKeys from the viewstate mechanism, which are then used to generate valid payloads for unauthenticated RCE attacks.
Threat actors—particularly Chinese state-sponsored groups like Linen Typhoon, Violet Typhoon, and Storm‑2603—have weaponized this vulnerability to deploy web shells, move laterally within organizations, steal credentials, and ultimately deploy Warlock ransomware. Victims span government agencies, energy, education, healthcare, telecom, and critical infrastructure sectors. - ChatGPT Downgrade Attack Highlights GPT-5 Security Risks
Researchers have detailed a novel “downgrade attack” against OpenAI’s GPT-5, which manipulates AI model selection in applications to force use of weaker, less secure models. Many enterprise tools that integrate with GPT-5 also maintain access to older models like GPT-3.5 or GPT-4 for cost or compatibility reasons. Attackers can exploit the vulnerability by intercepting or altering API calls, coercing systems into processing sensitive data with outdated models lacking the stricter safeguards present in GPT-5.
The attack is worrying for organizations using LLMs in their processes because it can lead to data leaks, bypassing security measures, and producing incorrect results. Security experts stress that this is not a vulnerability in GPT-5 itself but a supply-chain issue in how applications handle model fallback logic. Mitigations include enforcing strict version pinning, monitoring API calls for model drift, and adopting AI security frameworks that address adversarial manipulation of model selection. - CISA Adds One Known Exploited Vulnerability to Catalog
On August 21, 2025, CISA updated its Known Exploited Vulnerabilities (KEV) Catalog to include CVE‑2025‑43300—the same Apple Image I/O out‑of‑bounds vulnerability patched in targeted attacks. This inclusion obligates Federal Civilian Executive Branch (FCEB) agencies to remediate the issue under Binding Operational Directive 22‑01. CISA also strongly recommends that all organizations prioritize patching KEV-listed vulnerabilities as part of responsible vulnerability management practices. - FBI Warns of Russian Hackers Exploiting 7-Year-Old Cisco Flaw
The FBI alerted that Russian state‑linked hackers—specifically Berserk Bear (FSB Center 16)—are exploiting CVE‑2018‑0171, a longstanding critical Cisco IOS and IOS XE vulnerability in the Smart Install feature. This flaw permits unauthenticated attackers to remotely reload devices, potentially leading to denial‑of‑service or code execution.
Over the past year, the FBI observed compromised devices across various U.S. critical infrastructure sectors, with attackers exfiltrating configuration files and modifying settings to gain persistent access. Cisco urged immediate patching. The actors also deployed custom SNMP tools and the SYNful Knock implant to maintain stealthy persistence - QuirkyLoader: A Stealthy New Malware Loader
A newly identified malware loader dubbed QuirkyLoader has emerged as a sophisticated cyber threat, actively distributing a range of infostealers and RATs, including Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, and others. Recent campaigns have specifically targeted entities in Taiwan and Mexico through spam emails carrying malicious archive attachments. QuirkyLoader packages a legitimate executable, an encrypted hidden payload, and a malicious loader to initiate infection.
Once executed, it leverages DLL side-loading and process hollowing within legitimate Windows processes to deploy its final payloads stealthily. The loader also incorporates techniques that evade traditional .NET runtime detection, complicate analysis, and use cryptographic obfuscation to further conceal malicious activity.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available: