This content originally appeared on DEV Community and was authored by Habdul Hazeez
Vulnerabilities and cybercrime. Two threats that can affect you and me. At the time of writing, there is no single antidote that can prevent both. Meanwhile, human intervention can go a long way to mitigate their risks to individuals and affected organizations around the world.
These two are also what we're about to review, aiming they serve as a wake-up call to us all.
Welcome and let's get started.
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
I just heard about this Ramp and Dump scheme from this article and that's why we're taking a close look—and you should, too. Still, you can ask: Any other reason for the inclusion? Thanks for asking.
The scheme involves phishing, stolen cards, weakness in MFA implementation, and vibe coding using Large Language Models (LLMs).
The following is a key lesson from the article:
This so-called ‘ramp and dump‘ scheme borrows its name from age-old “pump and dump” scams, wherein fraudsters purchase a large number of shares in some penny stock, and then promote the company in a frenzied social media blitz to build up interest from other investors.
With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media. Rather, they will preposition themselves in the stock that they wish to inflate, using compromised accounts to purchase large volumes of it and then dumping the shares after the stock price reaches a certain value.
Oregon Man Charged in ‘Rapper Bot’ DDoS Service
When it comes to cybersecurity news research, Brian Krebs rarely disappoints. And this one is one of such cases. Investigative journalism at its best.
From the article:
According to the government, Rapper Bot borrows much of its code from fBot, a DDoS malware strain also known as Satori.
In 2020, authorities in Northern Ireland charged a then 20-year-old man named Aaron “Vamp” Sterritt with operating fBot with a co-conspirator. U.S. prosecutors are still seeking Sterritt’s extradition to the United States.
fBot is itself a variation of the Mirai IoT botnet that has ravaged the Internet with DDoS attacks since its source code was leaked back in 2016.
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
I am not surprised. At the time of writing, people still say that it's still Day 1 when it comes to AI. Therefore, security incidents like this one are expected. Hopefully, we can learn from them and ensure that future models are safe from such issues.
From the article:
The reasoning behind this variability in the source of the response is probably to balance the LLM’s efficiency (by using faster, lighter and possibly more focused models on the simpler queries) and cost (GPT-5’s strong reasoning capabilities make it very expensive to run).
Researchers at Adversa AI have estimated that this re-routing could be saving OpenAI up to $1.86 billion per year. But the process is opaque.
Password Managers Vulnerable to Data Theft via Clickjacking
It gets scary when tools that are charged with protecting your "digital keys" are vulnerable to an attack that can allow the theft of those keys. At the time of writing, the affected password managers are rolling out fixes and safeguards to address the issue.
From the article:
The research was conducted by Marek Tóth and it was presented earlier this month at the DEF CON conference. Tóth showed how an attacker can use DOM-based extension clickjacking and the autofill functionality of password managers to exfiltrate sensitive data stored by these applications, including personal data, usernames and passwords, passkeys, and payment card information.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
This content originally appeared on DEV Community and was authored by Habdul Hazeez
Habdul Hazeez | Sciencx (2025-08-22T21:29:15+00:00) Security news weekly round-up – 22nd August 2025. Retrieved from https://www.scien.cx/2025/08/22/security-news-weekly-round-up-22nd-august-2025/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.