Week in Review: Discreetly linked and vulnerable Android VPN applications; Apple addresses exploited zero-day vulnerabilities to enhance SEO.

Last week, significant cybersecurity news emerged, highlighting various vulnerabilities and threats. Researchers from Arizona State University and Citizen Lab revealed that three families of Android VPN apps, with over 700 million downloads on Google Play, are covertly interconnected and insecure. In another development, Apple addressed a zero-day vulnerability (CVE-2025-43300) that had been exploited in a highly sophisticated attack targeting specific individuals. Meanwhile, researchers from the University of Melbourne and Imperial College London introduced a method using lightweight LLMs to enhance incident response planning while minimising the risk of hallucinations.

Additionally, the FBI and Cisco warned that a Russian threat group linked to the Federal Security Service’s (FSB) Center 16 unit is exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure organisations. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool, which could misreport publicly exposed S3 storage buckets. As AI technology becomes integral to security operations, it is now being used to reduce alert noise and expedite incident response. In other news, US federal prosecutors charged an individual for operating the Rapper Bot DDoS botnet, while Commvault patched four vulnerabilities in its backup suite that could allow unauthenticated access. Lastly, Jacob Ideskog, CTO of Curity, discussed the unpreparedness for the AI security crisis in a recent interview. 

Categories: Cybersecurity Vulnerabilities, AI in Security Operations, VPN Security Issues 

Tags: Android, VPN, Vulnerability, Incident Response, Cybersecurity, Cisco, AI, DDoS, Commvault, SAP