🔹 Microsoft Tightens Patch Access After Chinese Attacks
Microsoft has restricted MAPP (Microsoft Active Protections Program) access for Chinese firms following a wave of zero-day exploits targeting SharePoint in U.S. federal agencies. Now only vetted partners receive detailed proof-of-concept code; others get limited disclosures. A strong step to reduce misuse. Windows Central
🔹 Top Threats of the Week
WhatsApp 0‑Click Spyware Exploit (CVE‑2025‑55177)
A highly sophisticated zero‑click flaw has been exploited in the wild, targeting iOS (and possibly Android) devices. Victims reportedly didn’t need to interact with anything — just updating to WhatsApp version 2.25.21.73 (iOS) or 2.25.21.78 (macOS) is critical. Consider enabling iOS Lockdown Mode or Android Advanced Protection Mode.Adversarial AI Accelerates App Attacks
Attackers are using AI to reverse-engineer and exploit mobile and client apps at speed — even without code skills. Embedding runtime application self‑protection (RASP) and threat monitoring into your DevOps pipeline is now essential. TechRadarGayfemboy Malware Resurfaces for DDoS
A quirky but dangerous Mirai derivative, “Gayfemboy,” is stalking devices across multiple countries. It disguises itself, uses playful command domains, and reactivates from hibernation to bypass detection. Organizations using XMRig miners or vulnerable routers should prioritize patching.
🔹 Tools & Resources Spotlight
Google’s August Android Patch — Urgent fixes released for Qualcomm GPU vulnerabilities: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038. Patch via Android August updates; delayed rollouts make devices from other manufacturers vulnerable. TechRadar
🔹 Career Edge
Adversarial AI is redefining cybersecurity. Bridging DevOps and security has become a must-have skill. Prioritize learning RASP, threat modeling, and secure coding in DevOps environments — it's rapidly becoming standard.