
This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, vp, CISO, Tampa General Hospital
Here are the stories we plan to cover TODAY, time permitting. Please join us live at 12:30pm PT/3:30pm ET by registering for the open discussion on YouTube Live
ChatGPT prone to recommending wrong URLs, creating a new phishing opportunity
Threat researchers at Netcraft are warning of the propensity of LLMs to offer the wrong information when asked questions like, “can you help me find the official website to log in to my account” at such-and-such a brand?” They found that “the AI would produce the correct web address just 66 percent of the time. 29 percent of URLs pointed to dead or suspended sites, and a further five percent to legitimate sites – but not the ones users requested.” The Netcraft team points out that “phishers could ask for a URL and if the top result is a site that’s unregistered, they could buy it and set up a phishing site.” This is because LLMs look for words and associations, and do not evaluate a site’s reputation.
(The Register and Netcraft)
U.S. military gets cybersecurity boost
Congress has passed—and President Trump has signed—a sweeping tax and spending bill that includes hundreds of millions in cybersecurity funding, largely focused on military priorities. Key allocations include $250 million for U.S. Cyber Command’s AI initiatives, $20 million for DARPA cybersecurity programs, and $1 million for Indo-Pacific Command’s cyber offensive operations. Democrats criticized the package for excluding funding for CISA, arguing it overlooks key threats and weakens federal cybersecurity infrastructure. On the opposite side, republicans argue national defense and military readiness are core drivers of the bill’s cybersecurity spending.
McDonald’s AI hiring bot exposes applicant data with 123456 password
McDonald’s has a new AI powered job application bot named Olivia, who is responsible for screening and instructing job applicants. But security researchers Ian Carroll and Sam Curry discovered that the bot, built by AI software firm Paradox.ai, contained simple web-based vulnerabilities, including the use of the 123456 password, which allowed them to “query the company’s databases that held every applicants’ chats with Olivia – this means 64 million records, including applicants’ names, email addresses, and phone numbers. McDonalds brass are clearly not lovin’ this. Paradox has admitted the fault and but said he information “was not accessed by any third party” other than the researchers.
(Wired)
Huge thanks to our sponsor, Vanta

We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC.
Get started at Vanta.com/headlines
Google’s Gemini – where off doesn’t actually mean “off”
As of July 7, 2025, Google’s Gemini AI will be able to access Android apps like Phone, Messages, WhatsApp, and more—even if you previously turned off “Gemini Apps Activity.” That setting only stopped the AI from using your data for training, not from tapping into your apps. These permissions allow Gemini to interact with other apps on your behalf, send messages and make calls (I guess I don’t have to have that awkward break-up conversation afterall).To fully block Gemini’s access, users must go into settings and manually revoke permissions for each app. Google says conversations won’t be used for AI training if activity is disabled, but they’ll still be stored for up to 72 hours. Privacy advocates are raising concerns about the vague rollout and the fact that “off” doesn’t really mean off.
PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda vehicles
This flaw comprises four vulnerabilities and affects the BlueSDK Bluetooth stack from OpenSynergy, used in vehicles from the vendors mentioned, as well as others, since it is widely used in the automotive industry. The flaw can be exploited to “achieve remote code execution and potentially allow access to critical elements.” The security issues can be “chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring “at most 1-click from a user.” The flaw was discovered by pentesters at PCA Cyber Security, an automotive security firm known as regular participants at Pwn2Own Automotive, and who have uncovered more than over 50 vulnerabilities in car systems in the last year alone. Interestingly, OpenSynergy “confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the firmware updates. At least one major OEM learned only recently about the security risks.”
Google Cloud offers partial AI data sovereignty for UK customers
Google Cloud is taking steps to address data sovereignty concerns around AI data by offering UK-based organizations “the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK.” This will be presented as an option in which “a customer can select Google Cloud’s UK region (europe-west2) when using Gemini 2.5 Flash to store data in that region.” This means that machine learning computations, in other words, the processing of Gemini 2.5 Flash “can be limited to within the UK region,” However the same cannot be sid for Gemini tech support, which will be shared by Google’s global facilities, which may remain a complicating factor in complete data sovereignty.
Botnet software disguised as Minecraft
Security researchers from Fortinet have identified a stealthy new botnet called RondoDox, which is actively targeting internet-connected surveillance systems, routers, and other Linux-based devices in industries like utilities, transportation, and telecom. Once inside, RondoDox disables security tools, hides deep within the system to survive reboots, and renames key files to avoid detection. Its most distinctive trick? It disguises its malicious network traffic to look like common VPN connections or online gaming activity—like Fortnite, Minecraft, and Roblox—allowing it to bypass firewalls and blend in with normal internet use. Infected devices are quietly added to a growing botnet used for launching denial-of-service attacks. There’s no confirmed attribution yet.
(TechNadu)