WhatsAppened to Samsung?

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students.

Today is Friday September 12th. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Samsung patches a critical Android zero-day vulnerability. 

Samsung has patched a critical zero-day vulnerability, tracked as CVE-2025-21043, that was actively exploited against its Android devices. The flaw, affecting devices running Android 13 or later, was reported by Meta and WhatsApp on August 13. It stems from an out-of-bounds write in libimagecodec.quram.so, a closed-source image parsing library from Quramsoft. Attackers could exploit it remotely to execute arbitrary code. Samsung confirmed the bug had been used in the wild, though it’s unclear if attacks targeted only WhatsApp users or other messaging apps using the same library. The disclosure follows another WhatsApp patch in late August, where the company fixed a zero-click bug (CVE-2025-55177) exploited alongside an Apple zero-day (CVE-2025-43300) in sophisticated spyware campaigns. Experts urge users to update devices promptly.

Microsoft resolves a global Exchange Online outage. 

Microsoft has resolved a global Exchange Online outage that blocked access to emails and calendars for many users. The disruption, which began early Thursday, caused login and server connection issues across Outlook, Teams, and Hotmail. Microsoft traced the problem to a faulty software build that triggered repeated database dismounts and failovers, leading to high CPU usage and message queue backlogs. After applying configuration changes and restoring infrastructure, the company announced service recovery early Friday, though it continues monitoring to ensure stability.

CISA reaffirms its commitment to the CVE program. 

The US Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its long-term commitment to the Common Vulnerabilities and Exposures (CVE) program, a critical global system for cataloging security flaws. After recent uncertainty, CISA confirmed it will fund the program through March 2026 and maintain CVE data as a free, open public good. CISA outlined plans to modernize the program, expand international and multi-sector participation, and ensure transparent, vendor-neutral governance. It also aims to diversify funding and strengthen vulnerability data enrichment through initiatives like Vulnrichment and Authorized Data Publisher (ADP) capabilities. By incorporating community feedback and exploring automation, AI, and machine learning, CISA hopes to improve the accuracy, timeliness, and scalability of CVE records, ensuring defenders worldwide share a common foundation against cyber threats.

California passes a bill requiring web browsers to let users automatically send opt-out signals. 

California lawmakers have passed a bill requiring web browsers to include a setting that lets users automatically send opt-out signals, stopping third-party data sharing. While the California Consumer Privacy Act already grants this right, most browsers haven’t provided the needed functionality. The bill now awaits Gov. Gavin Newsom’s signature—he vetoed a broader version last year. If enacted, browsers must let users enable a universal opt-out request. Privacy advocates say the measure makes exercising digital rights far easier for consumers.

Apple issues spyware attack warnings. 

Apple has issued multiple spyware attack warnings this year, according to France’s CERT-FR, which confirmed at least four alerts sent since March. The highly targeted attacks, often using zero-day exploits and requiring no user interaction, focused on journalists, activists, politicians, and other high-profile individuals. Notifications are delivered via email, SMS, and Apple account logins. Apple urges affected users to enable Lockdown Mode and seek emergency help. Since 2021, Apple has sent such warnings worldwide, covering users in over 150 countries.

The FTC opens an investigation into AI chatbots on how they protect children and teens. 

The Federal Trade Commission (FTC) has opened an investigation into AI chatbots from seven companies, including Alphabet, Meta, OpenAI, Snap, Character.ai, Instagram, and X.ai, focusing on how they protect children and teens. A recent survey found that over 70% of teens use AI companions, with more than half engaging monthly. Experts warn these tools can provide harmful advice, ignore concerning statements, and blur boundaries between fiction and reality. The FTC wants details on how companies test for risks, handle user data, monetize engagement, and enforce safeguards. While some firms like Character.ai and Snap have rolled out parental controls and teen-specific features, critics say stronger protections are needed. Companies must respond to FTC orders by September 25.

And, jumping over to Europe, we hear from our T-Minus Space Daily host, Maria Varmazis, as The European Space Agency’s Director General Josef Aschbacher delivered the opening remarks at the ‘General Assembly Defence, Space and Cybersecurity’. <Pull in T-Minus top story from today>

“The European Parliament and the European Commission, in collaboration with ESA, organised the assembly to promote dialogue between European and national decision-makers, and industry representatives in the context of the unprecedented challenges that the European Union is facing in an increasingly complex geopolitical situation.

Josef Aschbacher pushed for a stronger alliance on space and defense-

<Insert soundbite> "Today, let us be audacious and not shy away from what has been a discreet albeit clear driving force for space efforts, of its technology breakthroughs, of pushing the boundaries of collective will: our security and defence.  And why do I say “discreet”? Because Europe has been shy in coming to terms with the legitimate role cooperative space plays in our security, and in our geostrategic independence.  And it is now fact: Europe’s space and defence autonomy has become one of our Continent’s foremost priorities,"

Aschbacher also warned that Europe is not just trailing behind its counterparts in the US and China in terms of space-based intelligence, he said that they’re not playing the same game at all. At least not yet. He also pushed for European sovereignty over data collection referring to Europe’s reliance on American space data, particularly with the current conflict in Ukraine. The consensus from the assembly is that Europe will be shifting towards control of its own defense, space and cybersecurity assets. It’ll certainly be interesting to see how that plays out in the coming years.”

Thanks, Maria. We will keep an eye on the developments coming out of that. 

A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. 

Finnish hacker Aleksanteri Kivimäki, convicted of attempting to extort more than 20,000 psychotherapy patients after the Vastaamo data breach, has been released from custody pending appeal. Kivimäki, arrested in France in 2023 and extradited to Finland, was sentenced to six years and three months but remains legally innocent while appealing. The 2018 hack, revealed in 2020, led to mass extortion attempts against patients, including children, making it one of Europe’s largest criminal privacy cases. Victims continue to suffer from leaked records, described as a “watershed event” for Finnish society. Prosecutors link Kivimäki to the crime via server logs, cryptocurrency transactions, and personal files, though he disputes the evidence. The appeals trial runs through November, with a ruling expected later this year.

 

 

Schools face insider threats from students. 

Britain’s schools are apparently raising the next generation of hackers, though not quite in the way they hoped. The Information Commissioner’s Office (ICO) says 57% of cyber incidents in education since 2022 have been carried out by children—some barely out of primary school. One seven-year-old even landed on the radar of the National Crime Agency after dabbling in mischief better suited to a Bond villain than a Year 2 pupil. Teenagers, meanwhile, have been breaking into databases of thousands, claiming it’s all “for practice.” The ICO warns teachers not to overlook the “insider threat” posed by their own students, who are guessing passwords and downloading hacking tools like they’re cheat codes. 

Teachers, it seems, might want to lock down their digital gradebooks before their pupils do it for them.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.