🚨Week 35: WhatsApp Zero Click Use By Spies, Trump Digital Taxes, UK Afghan Security Leak, Google Previews cyber "Disruption Unit", Anonymous energy sector hacker...

WhatsApp Security Brief

WhatsApp recently patched a critical zero-click vulnerability (CVE-2025-55177); used in conjunction with an Apple vulnerability, to deliver Graphite spyware to Apple device users without any interaction required. The exploit was disclosed and mitigated thanks to forensic insights from Citizen Lab, whose intelligence was pivotal in triggering WhatsApp’s rapid response. Link

Findings

• Discovery and attribution: Citizen Lab’s forensic research identified that Paragon Solutions' Graphite spyware was exploiting WhatsApp’s zero-click flaw. Their findings, shared with WhatsApp, enabled swift action.

• Victim profile: About 90 individuals, journalists and civil society members across over 20 countries, including in Europe, were targeted. In related Apple messaging attacks, specific journalists (e.g., Italian investigative journalist Ciro Pellegrino and another prominent European journalist) were implanted with Graphite spyware through zero-click iMessage exploits.

Impact

• High-value targets: The campaigns demonstrate that commercial spyware is increasingly misused against press and civil society—even when marketed to democratic governments.

• No user interaction needed: Zero-click vulnerabilities drastically lower attack barriers and heighten risk.

• Proactive defense model: Citizen Lab’s proactive disclosure underscores the critical role of independent research in identifying sophisticated threats.

• Urgent update imperative: WhatsApp and Apple synced timelines for patches; affected users (< 200) were notified—highlighting vigilance in applying updates.

💻 Malware and Vulnerabilities

WhatsApp fixes ‘zero-click’ bug that targeted Apple users with spyware: WhatsApp patched a critical vulnerability; CVE-2025-55177; that, alongside an Apple flaw (CVE-2025-43300), was exploited to deploy spyware on iOS and Mac devices in highly sophisticated attacks against specific individuals. (TechCrunch)

Passwordstate urges immediate patch for auth-bypass flaw: Developers behind Passwordstate issued an urgent advisory after discovering an authentication bypass vulnerability. Users are strongly encouraged to apply the patch promptly to prevent potential exploitation. (BleepingComputer)

📈 Breaches and Incidents

TransUnion discloses breach impacting 4.4 million customers: Credit bureau TransUnion revealed that hackers accessed a third-party app used in its U.S. consumer support operations, compromising personal data for 4.4 million individuals. The firm claimed no credit data was taken but provided limited details on the types of information breached. (TechCrunch)

Ransomware cripples Swedish municipalities for a modest ransom: A ransomware assault on IT provider Miljödata left 200 Swedish local authorities offline. Attackers sought a relatively low ransom of $168,000, yet the disruption stretched public services across numerous municipalities. (The Register)

Salesloft ‘Drift’ OAuth incident hits Salesforce customers; tokens revoked: After detecting malicious OAuth activity via the Drift app, Salesforce disabled the integration and Salesloft revoked tokens; Google later warned the campaign targeted Drift integrations beyond Salesforce. Link

🚨 Threat Intel & Info Sharing

The rise of the ‘agentic’ AI threat hunter in cybersecurity: A new paradigm in threat hunting is emerging; agentic AI systems that don’t just assist analysts but actively think, hypothesise, investigate, triage, and self-evolve, marking a shift from traditional reactive tactics to scalable, adaptive security. (Thor Collective)

Google previews cyber “disruption unit” amid debate over active defence: Google is laying the groundwork for a cyber “disruption unit” as U.S. government and industry stakeholders weigh the pros and cons of offensive cyber operations, though legal and commercial hurdles remain. (CyberScoop)

Ukrainian cyber-partisans hijack Russian TV to reveal wartime realities: On Ukraine’s Independence Day (August 24), hackers linked to “cyber partisans” reportedly infiltrated Russian television networks to expose battlefield losses, infrastructure crises, and shortages—broadcasting “truthful” footage across 116 channels and digital platforms. (Kyiv Independent)

Berlin prosecutor indicts suspected ‘Anonymous’ hacker over 2022 energy-sector attack: Berlin’s public prosecutor has charged a 30-year-old German believed to be part of the “Anonymous” collective for allegedly conducting cyber espionage and sabotage against Rosneft Germany, a firm tied to critical energy infrastructure, in March 2022. (Berlin.de)

Andalusia tightens security of ‘Séneca’ school platform after hacks: Following arrests over unauthorized grade changes, authorities hardened the education portal’s defenses and moved to close exposed weaknesses across affected centers. Link

Taiwan arrests suspect tied to China-linked ‘CrazyHunter’ ransomware group: Investigators detained a Taiwanese national alleged to assist a China-based crew blamed for cyberattacks and data sales, underscoring cross-border cooperation on ransomware. Link

⚖️ Laws, Policies and Regulations

UK government dragged for incomplete security reforms after Afghan leak fallout: Senior officials were summoned to the UK’s science and technology committee following criticism over lagging cybersecurity reform in the wake of an Afghan intelligence data leak, with calls growing for more robust protective measures. (The Register)

AG Wilson leads 44 attorneys general demanding end to AI-driven targeting of kids: South Carolina’s Attorney General Alan Wilson spearheads a coalition of 44 state attorneys general urging major tech firms to halt predatory AI practices aimed at children’s behavioral targeting and exploitation. (SCAG)

Kremlin app masquerades as WhatsApp rival to spy on users: A new messaging app, promoted as a Russian alternative to WhatsApp, has drawn scrutiny for built-in spyware capabilities that enable extensive surveillance of its users. (Forbes)

St. Petersburg deploys cameras that recognize nationality: Authorities in St. Petersburg have introduced surveillance cameras capable of identifying individuals’ nationality; among six categories; as part of efforts linked to monitoring migration and public safety. (78.ru)

ENISA to manage €36 million EU Cybersecurity Reserve: ENISA has been tasked with launching and overseeing the EU Cybersecurity Reserve, backed by a €36 million fund, to bolster incident response and cyber resilience across member states. (ENISA)

Trump threatens tariffs over UK/EU digital taxes: The White House warned it could impose tariffs and export curbs on countries with “discriminatory” digital rules and taxes—explicitly citing the UK’s DST and EU measures—escalating transatlantic tech tensions. Link

US sanctions fraud network funding North Korea’s weapons programs: Treasury blacklisted individuals and entities accused of running an identity-fraud and shell-company scheme that siphoned funds to DPRK WMD development, urging stronger KYC controls across platforms. Link.

📊 Trends, Reports, Analysis

Anthropic releases August 2025 report on AI-enabled cyber misuse: Anthropic reveals that AI, particularly agentic systems, is being weaponised; used in extortion, fraudulent schemes, and automated ransomware creation’ necessitating advanced detection and mitigation strategies. (Anthropic)

📅 Upcoming Events

Virtual Event: Generative AI & Cybersecurity: Risks and Opportunities

Generative AI is reshaping the cybersecurity landscape, empowering Security Operations Centers (SOCs) with intelligent automation, predictive analytics, and faster incident response. However, with this innovation comes a new class of threats: AI-generated phishing campaigns, polymorphic malware, and code exploits crafted by LLMs.

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.