Cyber Briefing: 2025.09.04

Lazarus exploits zero-day with RATs, TP-Link flaws flagged, Google patches 120 bugs, Salesloft and JLR hit, Grok abused for malware, Google fined, YouTube curbs sharing, Moscow hires hackers.

Sep 04, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Lazarus Hackers Exploit ZeroDay To Deploy Rats

For the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup using three distinct remote access trojans—PondRAT, ThemeForestRAT, and RemotePE—to target financial and cryptocurrency firms. This group, which overlaps with the AppleJeus and Citrine Sleet campaigns, executes multi-stage intrusions by initially tricking employees with social engineering tactics before deploying its malware.

2. CISA Flags TP Link Router Flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, indicating they are being actively exploited. Despite the affected routers reaching end-of-life status, TP-Link has released firmware updates to address these flaws due to their exploitation by a botnet linked to a China-based threat actor.

3. Google Patches 120 Flaws In Android

In its September 2025 security updates, Google addressed 120 Android vulnerabilities, including two critical flaws in the Linux Kernel and Android Runtime that have been exploited in targeted attacks. The company released two security patch levels to provide partners with flexibility in deploying these fixes, which also include patches for other issues like remote code execution and information disclosure.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Salesloft Drift Attacks Hits Vendors

Following a widespread cyberattack, Salesloft has announced it will take its AI chat agent, Drift, offline to investigate and secure the platform. The breach has affected numerous companies, with many victims still coming forward as the investigation uncovers the full scope of the compromise.

5. Jaguar Land Rover Hit By Cyber Incident

Jaguar Land Rover experienced a severe cybersecurity incident that has disrupted its global IT systems, affecting both car production and retail operations. The company is actively working to restore its systems and has stated there is no evidence of customer data theft at this time, though the nature of the attack remains undisclosed.

6. Hackers Use Grok Ai To Spread Malware

Cybersecurity researchers have uncovered a new technique called "Grokking" where cybercriminals exploit X's AI assistant, Grok, to bypass the platform's malvertising protections. This method involves hiding malicious links in promoted posts and then using Grok to visibly display them, reaching a wide audience through paid amplification.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Google Fined For Cookie Violations

The French data protection authority has fined Google and Shein for violating cookie rules by setting advertising cookies on users' browsers without their explicit consent. Google was also penalized for its ad practices in Gmail, with both companies facing substantial fines and orders to comply with regulations.

8. Youtube Cracks Down On Password Sharing

YouTube has reportedly begun to crack down on password-sharing for its Premium Family plans, suspending accounts that appear to be in violation of its policy requiring all members to reside in the same household. This move mirrors the actions taken by Netflix two years ago, signaling an end to the era of unofficial password tolerance on major streaming platforms.

9. Moscow Hires Hackers Behind School Breach

Moscow authorities have hired several hackers who previously targeted the city's digital education platform to now work for them, a move that is part of a broader, global trend of recruiting cyber specialists, rather than prosecuting them. This decision comes after the Moscow Electronic School (MES) platform faced repeated cyber incidents, including a significant ransomware attack and an alleged data leak.

For more news, click here!

Check Events

📈Cyber Stocks

As markets opened on Thursday, September 4, 2025, cybersecurity stocks exhibited modest moves as investors weighed ongoing macro risks, strategic updates, and firm fundamentals.

Radware (RDWR) closed at $24.82, advancing slightly as technical indicators showed a short-term stabilization following prior consolidation.
Rapid7 (RPD) ended at $20.42, inching higher as investor sentiment remained buoyed by an upbeat consensus analyst target pointing to roughly 32% upside
SentinelOne (S) finished at $18.02, gaining as the stock continued to benefit from AI momentum and leadership recognition, including being named a Leader in the 2025 Magic Quadrant for Endpoint Protection Platforms
Check Point Software Technologies (CHKP) settled at $191.47, rising on the back of shareholder approval of all 2025 AGM proposals, reinforcing confidence in its governance and strategic path forward
CrowdStrike (CRWD) closed at $413.20, marginally lower as investors remained cautious following mixed recent guidance, though the firm’s strong ARR growth and acquisition pipeline continue to provide longer-term confidence

💡 Cyber Tip

📡 Update or Replace Vulnerable TP-Link Routers Now

CISA has added two serious TP-Link router flaws to its Known Exploited Vulnerabilities list, warning they are already being used in attacks linked to a China-based botnet. The bugs affect older models like the TL-WR841N/ND and Archer C7, allowing attackers to bypass authentication or run remote code for full takeover. Although these routers are end-of-life, TP-Link released special firmware updates to reduce risk.

✅ What you should do

Update your router firmware immediately using TP-Link’s official advisory
If using an older, end-of-life router, plan to replace it with supported hardware
Disable remote administration and unnecessary services on home and office routers
Monitor network logs for unusual traffic that could indicate botnet activity
Apply strong passwords and MFA on router management interfaces

🔒 Why this matters

Exploited routers can give attackers a foothold inside your network and be used in larger botnet operations. Even old hardware can be targeted, so patching or upgrading is essential to staying secure.