Apple’s MIE, Fake Chrome Ext, and C2PA Content Credentials in Google Pixel
Notable security news for the week of Sept 7-13th, 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news covering Apple's new built-in memory safety system called Memory Integrity Enforcement, the emergence of fake Chrome extensions used to hijack Meta business accounts, Google's introduction of Trusted Photography with C2PA Content Credentials in Google Pixel a significant step towards digital media transparency and CISA's alert regarding the actively exploited Dassault DELMIA Apriso RCE vulnerabilityPost-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack
This week in security: PQC by default, and a supply-chain gut check. At F5, we are publishing a forward‑looking series of blog posts which help security and IT leaders anticipate tomorrow’s risks and capitalize on emerging tech. Think of it as a field guide to future threats—and how to stay resilient as they arrive. We are about half way through the series, here are some of the highlights from my point of view.OpenSource Hacking Tools, Budget Constraints Drive AI Use, and New CISA OT Guidelines
A Chinese-speaking advanced persistent threat (APT) group, UAT-7237, has been targeting web infrastructure in Taiwan using customized open-source hacking tools. This group is believed to be a sub-group of UAT-5918, which has been active against Taiwan's critical infrastructure since at least 2023.Blackhat 2025 Wrap up
Hello ! Jordan_Zebor is your editor this time for the F5 SIRT This Week in Security, covering Blackhat 2025. The Black Hat 2025 security conference proved once again why it’s the global epicenter for unveiling cutting-edge cybersecurity research and innovative attack methodologies. Here are a few of this year’s highlights. Unicode as a Double-Edged Sword: Exploiting Normalization Pitfalls Unicode underpins the Internet, but as researchers revealed in Lost in Translation: Exploiting Unicode Normalization, it also presents an alarmingly rich attack surface. This talk, notably the first-ever father-daughter presentation at Black Hat, demonstrated how flaws in Unicode normalization processes can bypass security mechanisms, enabling attackers to execute several web application attacks. During the session, the team detailed how techniques like visual confusables, overlong encodings, truncations, and improper case mappings can undermine common defenses, such as web application firewalls (WAFs) and backend validation. Attacks leveraging these flaws were showcased using fuzzing tools like Shazzer and Recollapse, as well as contributions to the Burp Suite extension ActiveScan ++, which help pinpoint how Unicode quirks can create security blind spots. The slides can be found here. Reckoning with the Limits of Machine Intelligence In the session Cybersecurity, AI, and Our Brains: A Fireside Chat with Gary Marcus, the renowned cognitive scientist and AI expert delivered a much-needed critique of the growing hype surrounding generative AI systems. Marcus dissected the risks and limitations of relying too heavily on tools like ChatGPT, warning against a phenomenon he referred to as "ChatGPT psychosis," where users overestimate the decision-making capabilities and reliability of these systems. Marcus also emphasized the potential of neuro-symbolic AI, which was a new term for me. If I'm correct in understanding this, neuro-symbolic AI is a hybrid approach combining neural networks with symbolic reasoning, to address the abstraction and reasoning challenges current systems cannot handle. The audience was urged to treat AI as a tool, not an oracle, and deploy it with a full understanding of its limitations. HTTP/1.1 Must Die! The Desync Endgame HTTP request smuggling, a decades-old attack method, is still alive and kicking—thanks to lingering weaknesses in HTTP/1.1 implementations, as the researcher revealed in HTTP/1.1 Must Die! The Desync Endgame. He demonstrated how desync attacks continue to be used to exploit weak request/response isolation and server behavioral quirks with Expect request headers. The session wasn’t just about exposing vulnerabilities—it also introduced updates to the popular HTTP Request Smuggler Burp Extension. This makes it easier for security teams to identify and explore multiple desync risks within their own environments. The talk title says it all, but the researcher did reinforce the urgent need to transition to HTTP/2, which due to different request semantics will help prevent these types of attacks. Read more about the research here. A brief note on DEF CON DEF CON, held alongside Black Hat, shifts the focus to core hacking and hands-on exploration. In an era dominated by AI and cutting-edge tech, I chose to spend my time in the Tamper Evidence Village, diving into the fundamentals of physical security. This is an often-overlooked yet critical area in the modern threat landscape. Along the way, I also caught a few technical talks, reinforcing the reminder that both the simplest physical vulnerabilities and sophisticated exploits can have massive impacts. That's it for this week. Hope you enjoyed the content!Phishing, Malware, Breach and Open-Source Security
Notable security news for the week of July 20th-26th July 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about an attacker who compromised an executive's Microsoft 365 account, accessed invoice from the emails, altered it and send a fraudulent request from a newly identical domain, Malware which was embedded into the Steam early access game Chemia, US Nuclear Weapons agency breached using SharePoint vulnerability, and OSS Rebuild a new initiative to enhance open-source software security.Malware using LLM and law enforcement getting the hackers
This week is rich with incidents, from critical vulnerabilities being actively exploited to new ransomware operations using AI-driven tactics, cybersecurity threats continue to evolve at a rapid pace. Recent vulnerabilities, including the Citrix NetScaler and NVIDIA Container Toolkit flaws, highlight the pressing need for immediate patches and enhanced security measures. Meanwhile, the emergence of the GLOBAL GROUP ransomware-as-a-service (RaaS) operation and significant data breaches emphasize the growing threat landscape. Law enforcement actions against notorious cybercrime groups further underscore the ongoing efforts to combat these threats across borders. Until next time, keep is safe , LiorF5 BIG-IP Advanced WAF – "dos profile" reporting
Web application Distributed Denial of Service (DDoS) attacks exploit Layer 7 requests to overwhelm backend resources like memory, CPU, and disk space. With easy-to-use tools and services available, attackers can flood web applications while remaining undetected. While noisy attacks are easier to mitigate, stealthier "low-and-slow" techniques pose significant challenges, requiring advanced defenses to ensure service resilience.
