CISA added a critical Git vulnerability (CVE-2025-48384) to its Known Exploited Vulnerabilities catalog Monday, warning that attackers are actively exploiting the flaw. The bug allows hackers to manipulate Git repositories with malicious .gitmodules files, potentially achieving remote code execution when developers clone infected repos.

The vulnerability affects macOS and Linux systems but not Windows. It stems from Git's handling of carriage return characters in submodule paths, letting attackers write files to unexpected locations. Git patched the issue in July across multiple versions, but CISA now requires federal agencies to update by September 15. Software developers and CI/CD systems remain primary targets.

Source: Security Week

Cybercriminals are exploiting over 100 compromised WordPress sites in a campaign called ShadowCaptcha, first detected in August 2025 by Israel's National Digital Agency. The attack redirects visitors to fake CAPTCHA pages that trick users into downloading ransomware, cryptocurrency miners, and data-stealing malware.

The scam uses social engineering tactics called ClickFix, automatically copying malicious commands to users' clipboards and instructing them to paste and run the code. Victims end up infected with Lumma and Rhadamanthys stealers, Epsilon Red ransomware, or XMRig cryptocurrency miners.

Most targeted sites are in Australia, Brazil, Italy, Canada, Colombia, and Israel across various industries. The campaign demonstrates how attackers now combine multiple attack methods for maximum profit.

Source: The Hacker News

French retail chain Auchan announced on August 21, 2025, that hackers breached their customer loyalty database, exposing personal information from "several hundred thousand" accounts. The stolen data includes names, email addresses, phone numbers, postal addresses, and loyalty card numbers.

Fortunately, financial data, passwords, and reward balances remained secure thanks to the company's segmented database architecture. Auchan immediately notified customers and France's data protection authority (CNIL), warning about potential phishing attacks using the stolen contact information.

This marks Auchan's second major breach in nine months, suggesting persistent vulnerabilities in their systems that need urgent attention.

Source: Cybersecurity News

Cybercriminals are selling access to a massive trove of scraped Discord data, including 1.8 billion messages from 35 million users across 6,000 servers.

This follows Discord's 2024 shutdown of similar service Spy.Pet, which had scraped data from 620 million users. The new operation targets people willing to pay for others' private conversations and those who'll pay to have their data removed.

Researchers warn the service is designed to facilitate online harassment and stalking, making it easier for bad actors to dig up personal information for malicious purposes.

Source: Cybernews

Cybercriminals have discovered a clever way to weaponize AI tools against users. According to CloudSEK researchers, attackers hide malicious Windows commands in documents using invisible CSS tricks like white-on-white text and zero-width characters.

When AI summarization tools process this content, they get overwhelmed by repeated hidden instructions and include the malicious commands in their summaries. Users then see what appears to be legitimate advice but are actually being tricked into running ransomware.

This "ClickFix" attack turns helpful AI assistants into unwitting accomplices. The malicious content can spread through search engines, forums, and emails, making detection difficult.

Source: Cybernews

Security researcher Felix Boulet discovered a critical vulnerability in Docker Desktop that allows hackers to escape container isolation and gain complete control of Windows systems. The flaw, rated 9.3 out of 10 in severity, requires just two simple HTTP requests from any running container to exploit.

Attackers can mount the entire C: drive into a privileged container, essentially giving them full access to the host system. The vulnerability works regardless of security settings and affects both Windows and macOS systems, though Linux remains unaffected.

Docker has released a patch in version 4.44.3. Users should update immediately to protect their systems from potential attacks.

Source: Cybernews

Researchers at Adversa AI discovered a major flaw in GPT-5's internal routing system that creates serious security risks. When users ask GPT-5 questions, an internal router decides which model actually responds – it might be GPT-5 Pro, but could equally be older versions like GPT-3.5 or GPT-4o.

Hackers can manipulate this router using specific trigger phrases, forcing queries to weaker, less secure models that are easier to jailbreak. This "PROMISQROUTE" vulnerability means GPT-5 is only as secure as its weakest predecessor.

While the routing saves costs and improves speed, it allows old jailbreaks to work again by targeting vulnerable older models instead of GPT-5's stronger safeguards.

Source: Security Week

Researchers at George Mason University have discovered a cyberattack called "OneFlip" that can hijack AI systems by flipping just one bit in their neural networks. The attack could make autonomous vehicles misread stop signs as speed limit signs or trick facial recognition into identifying anyone wearing glasses as a CEO.

The technique uses Rowhammer attacks to target specific memory locations, then plants dormant triggers that activate when certain inputs are detected. While currently requiring white-box access to AI models and physical proximity to target systems, researchers warn the threat could grow as more companies open-source their AI models and attackers exploit shared cloud infrastructure.

Source: SecurityWeek

Aspire Rural Health System, which operates over 70 healthcare facilities across Michigan, disclosed a massive data breach that compromised personal information of 138,386 people. Hackers accessed the network from November 4, 2024, to January 6, 2025, stealing files containing patient data, financial records, HR documents, and email communications.

The BianLian ransomware group claimed responsibility for the attack in mid-February, but the gang went silent in late March, leaving the fate of the stolen data unclear. An investigation wrapped up in mid-July, prompting notifications to affected individuals and state authorities including Maine's Attorney General.

Source: Security Week

China is demanding Nvidia prove its H20 AI chips don't contain backdoors or security flaws, escalating tensions in the global chip trade. Chinese state media warned that backdoor risks could become Nvidia's "self-dug grave," potentially driving away customers worldwide who fear remote shutdowns or data theft.

This comes after the Trump administration recently allowed less sophisticated AI chip exports to China with a 15% fee, reversing stricter 2022 restrictions. Nvidia's chief security officer firmly denied any backdoors exist in their chips, calling such claims harmful to global digital infrastructure.

The dispute reflects deeper US-China tensions over AI technology and national security, with China working to build its own chip ecosystem while reportedly obtaining 140,000 AI chips despite previous US bans.

Source: Dark Reading