Cybersecurity Weekly Update: 26 August – 2 September 2025

1. Apple Urgent Zero-Day: CVE-2025‑43300 (ImageIO)

Apple released emergency patches for an out-of-bounds write vulnerability (CVE‑2025‑43300) in the ImageIO framework. The flaw was exploited in “extremely sophisticated” targeted attacks. Affected systems include iOS, iPadOS, and macOS platforms. Users and organisations—especially in healthcare, education, and finance—should update to the following:

• iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10

• macOS Sequoia 15.6.1, Sonoma 14.7.8, Ventura 13.7.8Federal agencies must update by 11 September 2025.Why it matters: Zero-click vulnerabilities can be exploited without user interaction. Immediate patching is critical.
  

2. Citrix NetScaler Zero-Day & Git RCE

Citrix patched a critical zero-day in NetScaler devices (CVE‑2025‑7775), already being exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog.Meanwhile, CISA also alerted federal agencies to an exploited arbitrary file-write vulnerability in Git—exploitable for remote code execution.Action: Organisations using Citrix appliances or Git must patch urgently.

3. Docker Desktop Critical Vulnerability (CVE‑2025‑9074)

A critical container escape flaw affects Docker Desktop on Windows/macOS, allowing a malicious container to bypass protections and access the Docker Engine without mounting the socket.Advice: Apply the patch immediately to avoid container-level privilege escalation.

4. MadeYouReset: HTTP/2 DDoS Exploit (CVE‑2025‑8671)

Researchers uncovered a new DDoS vulnerability in HTTP/2, dubbed "MadeYouReset," affecting implementations like Netty and F5 BIG‑IP. Unlike Rapid Reset, this exploits invalid control messages, forcing stream cancellations on servers while back-end processes continue.Mitigation: Apply patches where available. Expect trade-offs between performance and security.

5. Quishing—Evolving QR Code Phishing Tactics

Barracuda Networks uncovered novel QR‑code phishing (quishing) methods that evade email defenses:

• Split QR codes across images

• Nested codes where one is malicious and one benignThese tricks bypass scanners and trick users into entering Microsoft credentials.Recommendation: Train staff to treat QR codes with caution—even in trusted formats.
  

6. PayPal Credentials Leak Claim

Hackers are offering what they claim to be 15.8 million PayPal credentials (email, plaintext passwords, URLs) on a dark‑web forum. Though unverified, users should act proactively.Best practices: Change passwords, enable MFA, use strong password managers.

7. Workday Data Exposure via Third‑Party CRM Breach

Workday suffered a social engineering-driven breach of a third-party CRM, exposing employee contact details. No customer data was accessed—but the incident underscores third-party risk.Takeaway: Conduct regular vendor security audits and reinforce staff training.

8. Nevada Cyberattack Shuts Down State Offices

A cyberattack forced Nevada state offices offline—including websites and phone lines—for two days. Though emergency services were unaffected, the incident highlights major operational vulnerabilities.Lessons: Government and public sector systems remain high-value targets—ensure resilient incident recovery plans.

9. "Gayfemboy" Malware Campaign Emerges

Fortinet identified a new Mirai‑derived malware, Gayfemboy, targeting XMRig miners and vulnerable routers across multiple countries (including EU and South Africa). It features advanced evasion like file renaming and dormancy behaviours.Countermeasures: Update router firmware and monitor connected edge devices closely.

10. AI Challenges: Autonomous Exploits & App Threats

• At DEFCON, experts warned AI is evolving beyond defensive tools into autonomous exploit platforms.

• Adversaries are leveraging AI-generated malware to reverse-engineer and attack applications, with low barriers and evasion capabilities. Security must be embedded directly into DevOps via RASP, crypto, threat monitoring.
  

Key Recommendations for This Week