Episode 16 (9/16/2025)

Show Notes

Today’s episode covers Apple's extensive backports and new OS releases to patch over 50 vulnerabilities, including a critical ImageIO flaw (CVE-2025-43300) exploited in targeted spyware attacks against WhatsApp users. Another significant concern is the "FileFix" social engineering campaign, which leverages deceptive Facebook security alerts to trick victims worldwide into executing StealC information-stealing malware via malicious images downloaded from legitimate platforms like BitBucket. Furthermore, researchers have demonstrated "Phoenix," a novel Rowhammer attack (CVE-2025-6202) capable of achieving root access on DDR5 memory systems in under two minutes, despite advanced in-DRAM refresh mechanisms. Finally, an emerging threat involves ChatGPT's calendar integration, which can be exploited with specially crafted invites to exfiltrate sensitive emails, highlighting broader vulnerabilities in AI assistant integrations with enterprise tools. China's new cybersecurity regulations, demanding incident reporting within one hour, underscore a global trend towards stricter disclosure requirements in the face of these escalating cyber threats.