Cybersecurity: Weekly Summary (September 22-28, 2025)

This week’s cybersecurity chatter felt like a crowded street market. Lots of noise. But if you lean in, you catch the good bits. Phones got tighter belts, supply chains got poked again, robots got humbled, and AI agents… they started stepping on each other’s toes like a sloppy dance. I’d say the mood was restless. To me, it feels like the field is trying to patch twenty holes with ten fingers.

Everyday life security: phone pockets and small choices

Privacy on phones came up early, but not with the usual “install this app” vibe. Chris Wiegman reminded folks to actually open their iOS settings and flick the switches. That’s it. No fancy toolkit. He called out carrier settings too, with T-Mobile getting a nudge. I would describe the post as a neighbor telling you to check your front door lock after a windy night. Not flashy. Useful. And a bit revealing—new options keep popping up in iOS and at your provider, and they don’t exactly wave a flag. If you haven’t peeked since your last phone upgrade, you’re leaving your wallet on the table.

Then there’s the other side of phone life. The controls you didn’t pick. Joshua Rogers went hands-on with a guide for removing Zscaler, Kandji MDM, and Apple Business Manager from macOS. It reads like a jailbreak for your corporate Mac. He goes deep into terminal commands, profile blocks, and timing your network connection just right. The tone is playful—“for fun and lulz”—but the stakes are real. To me, it feels like that eternal tug-of-war: admin control vs. personal autonomy. If you’ve ever felt your machine was working for someone else, you’ll get the itch. And if you’re on the blue team, you’ll probably clench your jaw. Go skim it if you want to understand how these things fall apart in the wild.

Over in chip land, Schneier on Security flagged Apple’s new “Memory Integrity Enforcement” for the iPhone 17. That name sounds like a stern librarian, but the goal is sharp: make memory safety a default, and make spyware like Pegasus have a much worse day. It’s based on Arm’s MTE, but Apple apparently dug it into the silicon so it runs continually without the usual slowdown tax. I’d say it’s like putting guards on every aisle in the store instead of just watching the front door. If this holds up, it chips away at a huge class of bugs we’ve been tripping over for decades. The post is short, but the implication is big: memory-unsafe code may finally start losing its home-field advantage on mainstream devices.

There’s one more personal angle that’s less corporate and more garage tinkerer. Nacho Morató introduced CapibaraZero—a DIY, open-source alternative to the Flipper Zero. It runs on ESP32-S3, speaks NFC, Sub-GHz, IR, WiFi, Bluetooth, and even plays BadUSB. I’d describe it like a pocket toolbox you build yourself from a hardware store kit. Half the price, lots of community energy, and a clear “be responsible, folks” note. If you like knowing what your gadgets are saying and hearing, it’s tempting. And yeah, this kind of thing always sparks the ethics debate. But learning how radios work and how signals get spoofed? That’s how people get better at defending their own gear. I’m seeing a slow, quiet wave of curious makers here.

Supply chain drama: repos, packages, and secrets you didn’t mean to share

I can’t shake the feeling that software supply chain attacks are becoming as common as coffee shop Wi‑Fi. Brian Fagioli covered a campaign that abuses GitHub repos to spread the Atomic Stealer (AMOS) malware to Mac users. The playbook is aggressive SEO, big brand impersonations—LastPass, 1Password—and then the “copy these terminal commands” trick on a fake landing page. It’s a con as old as the internet: make it look official, ride the brand, and let muscle memory do the rest. The campaign’s been running since 2023, which feels like forever in internet time, and it aims at passwords and crypto keys. The advice is predictable but right—only download from official sources. But I’d say the more uncomfortable lesson is this: SEO can be a weapon, and people click what’s on top. If you want the gritty details, check the post. It’s not hand-wavy.

Same week, different aisle. Jim Nielsen wrote about the Qix incident on NPM. The twist here isn’t just “you ran npm install and got pwned.” The real scare is downstream: malicious code hitting end users through websites that embed these packages. So not just dev machines or build servers, but browsers. Your visitors’ browsers. That line should make anyone who runs a site breathe slow. I would describe it as the difference between a kitchen fire and smoke in the dining room. One you can contain. The other gets into everyone’s clothes. He walks through the chain—devs, servers, users—and the ugly reality that risk doesn’t stop at deployment. If you build with NPM, give it a read. Even if you think you’ve got package pinning nailed, these are sneaky edges.

There’s a practical vein here too, and Miloslav Homer dug into it with two linked topics: secret detection and a case study on cheap phishing playbooks. His Secret Detection piece is a grounded tour of what “secrets” even means (context really matters), why catching them is hard, and which tools can help both offense and defense. He name-drops OWASP WrongSecrets, plus tools like Yelp-secrets and Trufflehog, and keeps it real: no silver bullets, just better habits and better detection. I’d say it’s like learning to keep flour in a sealed bin. Not glamorous. But it keeps the ants away.

Then his phishing case study hits a different nerve. A compromised server sends emails. A Telegram bot slurps credentials. It’s clunky, but it works enough. Free tiers do a lot of the heavy lifting for the attacker. The targeting is sloppy, the craft’s a bit off, but the economics are brutal. Almost zero cost. If spam filters trip, you try again. It’s a bummer, but it’s also a nudge: tune your email security and maybe stop trusting glossy-looking emails just because they look glossy. The write-up goes into the weeds on headers and transport, without getting lost. Worth a peek if you want to see how these crews cut corners and still get bites.

He rounded out the tooling arc with “ASN Check.” That’s a nerdy, useful tool that lets you map IPs to ASNs fast, offline, with binary trees under the hood. You use it when a breach happens and you want to know, “Who runs this block?” or “Do these attackers hop across related networks?” It’s the kind of boring capability that suddenly feels like magic when you’re on a clock. I’d call it a pocket map for bad neighborhoods.

Put those four together—fake repos, tainted NPM, secret leaks, and phishing on free tiers—and a pattern forms. We’re still trying to secure our pantry while leaving the back door cracked open. It’s not one big hack. It’s small gaps that line up.

AI eats the SOC’s lunch, then asks for dessert

This one’s a bit spicy. Simon Willison unpacked a new trick called Cross‑Agent Privilege Escalation. In plain words: if you run multiple coding agents in the same sandbox—say, GitHub Copilot and Claude Code—they can be nudged to reconfigure each other and climb the ladder. It’s like two toddlers teaching each other how to reach the cookie jar. Individually, each agent stays in its lane. Together, with the right indirect prompt injections, they become a loop. To me, it feels like we’ve reproduced cross‑site scripting, but with APIs and plugin permissions. The fix isn’t cute either: isolation strategies, secure defaults, assume hostile input, treat agent output as untrusted until proven otherwise. If you’re building with agents, I’d read this twice.

There’s a governance note in the mix too. Miles Brundage summarized a stack of recent work on AI verification, international agreements, and compliance reviews for frontier models. Buried in there is a proposal to use AI to harden cyberdefense. Almost a judo move—turn the strength of these systems to guard the house. It’s not starry‑eyed. He’s talking about verification and rules of the road, not just slapping more models into production. If you want the policy side along with technical hints, it’s a good catch‑up before he goes quiet for a bit.

The weekly pulse on the industry side showed up as well. Darwin Salazar laid out a mix: a ransomware hit on Collins Aerospace that rippled through EU airports, arrests tied to Scattered Spider, and product news like RiskRubric.ai’s model security scoring and Netskope heading for an IPO. It’s a snapshot of how AI keeps slipping into the security stack—scoring models, analyzing risk, automating response—while real‑world punches, like airport downtime, keep landing. It’s the normal weirdness of 2025. I’d say read it like a weather report. Not every cloud means rain, but you don’t leave without an umbrella.

Kevin Kuipers tossed in a broader tech digest with a nod to 5G security, new open-source AI models, and GitHub Copilot CLI updates. The link to security is subtle but steady: every new interface becomes an attack surface, and every AI convenience needs a threat model. It’s a reminder that convenience has a bill. It just arrives later.

Robots, cars, and industrial stuff that breaks in silly ways

Cyber‑physical stories hit hard this week. Not because the hacks were cinematic. Mostly because they were… embarrassingly simple.

Denis Laskov shared research where a smoke machine can mess with LiDAR on self‑driving cars. Adversarial Fog Attack is the label, and yeah, it sounds like a metal band. The gist is that LiDAR’s preprocessing filters can be tricked so real obstacles vanish from the point cloud. You don’t need to burn the house down—just put up enough smoke to confuse the sensors. I’d describe it as a magician’s misdirection, except the car is the audience. If you’re betting on autonomy, that should make your stomach flip. Details live in the post if you want to see how the filters get played.

His other piece talked about memory attacks against industrial control systems and PLCs. Schneider Electric gear got popped; Allen‑Bradley put up more of a fight thanks to proprietary protocol friction, but hardware access still spelled trouble. The most unsettling line is that a PLC could be “killed by asking a question.” That’s not a Bond line. That’s a protocol abuse and memory management problem. It reminds me of when a printer crashes because someone sent a weird font. But this is not paper—it’s the plant floor.

Then Davi Ottenheimer wrote about police robots getting shut down via simple hacks. He calls out Unitree robots, and points to an incident where a teenager took over a cop robot during a siege. Not with a battle van. With software flaws. The rant here is fair: too much money on fancy legs, not enough on sane software practices. I’d say it’s the same old lesson from history—shiny hardware doesn’t save you from dumb bugs. The line that stuck with me is how an industry can brag about ruggedness and still get folded by a stray script. There’s a cost curve here that security keeps winning.

Link these with the EU airport disruptions from Darwin Salazar, and a theme emerges. The fragile parts aren’t always where we think. Not just in datacenters, but in sensors, memory, and the default settings of devices that roll on wheels or sit in cabinets. I’d be curious to see more on how teams test these systems under smoke, rain, and bad Wi‑Fi. Not just the clean lab scripts.

Vendor lock‑in and the geopolitical wild card

This one reads like a slow‑burn thriller. Miloslav Homer asked a blunt question: what happens if Microsoft turns off the tap because of sanctions? He’s talking about the International Criminal Court case and the reported service block. Politics aside, the point hits home: a lot of companies have put basically everything into Microsoft’s basket. Identity, mail, docs, Teams, cloud, you name it. If a political decision causes a blackout for you, what’s your plan? What’s the real cost of losing access, even for a day? It’s not a probability puzzle anymore. It’s a business continuity risk.

The numbers aren’t in his post because, honestly, they depend on your org. But the questions are brutal and fair. How likely is a cutoff? How long could it last? How much would it cost to diversify? Not in PR, but in engineers, migration time, retraining. It’s the part of risk that budgets ignore until it’s a headline. I’d say this piece should go to whoever approves your SaaS.

Naked Capitalism swung the camera back and said, hey, we might be walking toward a digital version of 2008. The logic is simple in a scary way. Everything’s interdependent. There’s no slack. Redundancy is low because “move fast” culture trimmed any fat. Risks get ignored until the floor creaks. Then, when something big snaps—say, a huge breach or a targeted takedown—you get contagion. When AI growth rides shotgun with that mindset, the speed just gets faster. To me, it feels like the author is trying to shake people awake without yelling. The comparison isn’t perfect. But it’s close enough that you want a fresh pot of coffee and a risk register review.

Stack this with the Microsoft dependency question and those EU airport disruptions. Now the vibe isn’t hypothetical. It’s “this is already a thing.” The system’s brittle. Maybe we love the convenience. But we need more off‑ramps and spare tires.

Nuts and bolts: learning and little tools that matter

Short detour into learning land. Michael W Lucas gave a charming little TLS snippet using a character named Vizzini to explain public key crypto. It’s not a full textbook. It’s a reminder that simple stories still clarify big ideas. One key locks, the other unlocks. That’s the magic trick that lets strangers talk safely. If you’ve tried to explain TLS to a non‑tech friend and their eyes went foggy, this kind of sketch helps. Even pros need these refreshers because, let’s be honest, we forget the basics sometimes.

Omar shared The Embedded Rustacean newsletter, Issue #55. Rust 1.90 updates, new drivers, jobs, and yes, security concerns for embedded. I’d say Rust keeps surging in places where you can’t afford a null pointer eating your lunch—tiny devices, firmware, safety‑critical loops. The security angle is loud without being loud. Memory safety beats the usual footguns. For folks living on microcontrollers, this is the neighborhood watch sign you want on your lawn.

Swing back to Miloslav Homer with the ASN tool and Secrets post, and you get a nice drawer of essentials: find who owns an IP. Scan code for keys. Understand why a phishing email feels “right” even when it’s wrong. These are not glamorous tasks. But they’re the rails your train runs on. Keep them oiled.

And if you like tinkering on weekends, that CapibaraZero from Nacho Morató sits right at the edge of learning and mischief. It’s not just a toy. It’s a lab. If the Flipper ecosystem felt closed or pricey to you, this looks like the community saying, “Let’s make our own kit and share firmware on GitHub.” Done responsibly, these projects grow future defenders.

What the week felt like, in a few themes

• Supply chains keep biting. Fake GitHub repos with AMOS (from Brian Fagioli). NPM fallout reaching end users (from Jim Nielsen). Secrets detection and better hygiene (from Miloslav Homer). You can squint and see the shape: trust is the target.
• AI is both tool and threat. Agent‑on‑agent escalation (from Simon Willison). Cyberdefense ideas for AI, and governance guardrails (from Miles Brundage). Product news and scoring for model security (from Darwin Salazar). This space is sprinting while tying its shoes.
• The physical world is hackable in dumb ways. Fog breaks LiDAR (from Denis Laskov). Memory queries stun PLCs (also Denis Laskov). Police robots eat pavement because of bad software (from Davi Ottenheimer). You don’t need a zero‑day when a simple bug gets you in.
• Vendor dependency is a silent risk. Microsoft sanctions scenario (from Miloslav Homer). Systemic digital crisis warning (from Naked Capitalism). EU airport disruption in the wild (from Darwin Salazar). You know the line: don’t put all your eggs in one Azure bucket.
• Basics still matter. TLS explained like a bedtime story (from Michael W Lucas). Embedded Rust is getting sharper tools (from Omar). Offline ASN lookups, secret scanners, phishing autopsy (from Miloslav Homer). Plus, privacy settings on your actual phone (from Chris Wiegman).

A few rough edges that stood out

I’d say the AMOS fake repo campaign and the NPM Qix fallout feel like two sides of the same coin. We built tooling for speed. Attackers use the same speed to stampede you. SEO is a supply chain too—just not the one devs think about. It decides who gets seen first. Someone will solve “download only from official sources” in a way that’s actually human‑proof. Maybe browser‑level warnings for terminal copy‑paste? Maybe something inside GitHub that flags weird repo age/SEO mismatch? I don’t know. But we need a “don’t touch the stove” sign that people actually read.

On AI agents, Simon Willison is basically waving a flag for isolation. Treat agents like kitchen knives. Useful. Sharp. Keep them in separate drawers. The real issue is developer ergonomics. If it’s hard to isolate, people won’t. Tooling has to make the safe thing easy. I’d nudge platform teams to read this and then try breaking their own agent stack. If you can get two agents to modify each other’s configs “helpfully,” that’s your bug of the month.

The cyber‑physical posts hit a different nerve. The LiDAR attack reads like a preview of future recalls. Simple environment tricks can trigger complicated failure modes. Car makers know this, but the public doesn’t feel it until there’s a video. Same with PLCs. Asking a device a “question” that bricks it is a software culture problem, not a hacker genius thing. More fuzzing, more protocol hardening, more guardrails around memory. And maybe a few fewer demo stages until the basics get locked down.

The Microsoft sanctions thought exercise might be the quietest big deal. If you rely on a vendor for identity, mail, office, and cloud, your business continuity plan basically has that vendor’s logo on the cover. Sanctions are a blunt tool. You won’t get a courtesy call. If you can’t imagine a world where you lose access for a week, imagine it anyway. It’s like living in an apartment where your landlord can change the lock because your neighbor did something. You don’t have to move tomorrow. But you probably hide a spare key.

One more small loop back to phones. Chris Wiegman telling people to check iOS and carrier settings sounds obvious. But most people don’t. Settings pages are like an attic. You only go up there when something smells. Make a calendar reminder. That’s how you beat silent defaults.

Practical hunches worth trying

• If you publish a site with NPM dependencies, assume a user‑targeting risk exists. Not just dev machines. Review your dependency graph like it’s customer‑facing. Because it is.
• If you run multiple AI agents, box them in. Different workspaces, separate permissions, explicit policies. Treat all agent output as untrusted input.
• If you manage devices, assume MDMs can be bypassed with time and patience. Plan for detection and resilience, not just enrollment.
• If you build robots or vehicles, test failure modes with stupid tricks. Fog machines, cheap radios, dirty power. Don’t just do lab‑grade tests.
• If you’re a small shop on Microsoft for everything, make a short list of what you’d do if you lost it for 48 hours. Even a simple pop‑up plan reduces panic.
• Add basic secret detection to your CI. Even if it’s just one tool at first. Aim for fewer false positives over time. Catch the low‑hanging fruit.
• Keep an offline, fast way to map IPs to ASNs handy. Your future self will say thanks during an incident.

These are not heroic moves. More like tightening bolts before a road trip.

Little human notes, sprinkled in

The posts this week had a few charming corners. Michael W Lucas using Vizzini to teach TLS is a reminder that stories beat diagrams, most days. Nacho Morató talking CapibaraZero felt like a community garage night. Solder fumes, half‑finished firmware, someone brings empanadas. Miloslav Homer kept writing like a patient coach, not a scold. That matters. People don’t change habits if they feel dumb. Simon Willison stayed calm while describing a worrying class of AI flaws—no moral panic, just “here’s how it breaks, here’s what to try.” That tone helps fix things.

And Naked Capitalism made a big system point without turning it into a sermon. The 2008 analogy isn’t perfect. But it’s close enough to make you check your dependencies. That’s the kind of writing that pushes decisions, not just clicks.

Threads to pull if you want to go deeper

• Curious how SEO becomes a malware distribution channel? Brian Fagioli has the AMOS campaign path laid out. The redirects and repo tricks are worth seeing.
• Want the end‑user risk angle of package tampering? Jim Nielsen explains how tainted NPM code reaches your visitors.
• Need a starter map for managing secrets the right way? Miloslav Homer has the overview, plus tools that don’t require an IAM wizard.
• Wondering if your AI agent setup can turn into a permission loop? Simon Willison shows how it happens.
• If cyberdefense with AI and governance is your jam, Miles Brundage has a pile of links to keep you busy.
• If you only have time for a “what happened this week” skim, Darwin Salazar did the roundup, with that EU airport hit front and center.
• If your stack says Microsoft everywhere, Miloslav Homer basically hands you the awkward questions you should bring to your next leadership meeting.
• If hardware and autonomy are your thing, Denis Laskov has the smoke and the PLC stories. Wild stuff.
• If you like cautionary tales with robots and budgets, Davi Ottenheimer doesn’t mince words.
• If you prefer to learn through stories, Michael W Lucas brings Vizzini to TLS.
• If you’re embedded‑curious, Omar is your two‑week tour guide to Rust on tiny chips.
• If you want to tinker on a budget, Nacho Morató shows you the CapibaraZero rabbit hole.

The week, like a quick walk after rain

A few things keep echoing. Making memory safety real on iPhones is a big step, even if it reads like a snooze headline. Repo trust is brittle. People still copy commands off shiny pages. AI agents talk too much and listen too well. Robots aren’t brave; they’re brittle with swagger. Airports find out just how tangled the vendor web is. And yes, reviewing your phone privacy settings should sit next to “change your smoke alarm batteries” on your calendar.

To me, it feels like cybersecurity right now is a family kitchen during a holiday. Someone’s cooking. Someone’s yelling about the oven. A kid just let the cat out. But dinner still comes together, somehow. There’s energy in the chaos. If you want a calmer kitchen, go read the posts that made you pause. They’re not doom scrolls. They’re more like notes taped to the fridge. Helpful. A little messy. Worth your time.