Cybersecurity News | Daily Recap [02 Oct 2025]

hendryadrian.com

hendryadrian.com

Data breaches & extortion

• Scattered Spider-linked incidents exposed personal data of ~1.2M WestJet customers and ~1.5M Allianz Life customers in separate breaches – WestJet breach, Allianz breach
• A ransomware attack on dealership software provider Motility compromised over 766,000 records including SSNs and driver’s licenses – Motility breach, Motility report
• Hack of US surveillance vendor RemoteCOM leaked court monitoring data and law-enforcement contact details for nearly 14,000 people – RemoteCOM leak
• Extortion group claiming a GitHub theft pressured Red Hat with a public data posting while the company investigates the scope – Red Hat incident
• Ongoing coverage notes “millions impacted” across insurance and dealership breaches highlighting industry-wide risks – Breaches roundup

Mobile malware & spyware

• Two Android spyware campaigns, ProSpy and ToSpy, impersonating Signal/ToTok and distributed via fake sites and stores target users in the UAE with persistent data-exfiltration trojans – ProSpy/ToSpy (BC), ProSpy/ToSpy (Record), ProSpy/ToSpy (THN)
• New Android banking & RAT trojan Klopatra uses anti-debugging and a VNC remote-access mode to control and steal from > 3,000 European devices – Klopatra
• A global Facebook scam campaign distributing Android malware Datzbro targets seniors, enabling device takeover and financial fraud via social engineering – Datzbro

Vulnerabilities & supply chain

• Malicious PyPI package soopsocks disguised as a SOCKS5 proxy infected ~2,653 systems before takedown, exfiltrating via Discord webhooks and installing persistent backdoors – soopsocks (PyPI)
• An Adobe Analytics ingestion bug briefly mixed tenant tracking data, prompting remediation and data-deletion guidance for impacted customers – Adobe Analytics bug
• OpenSSL released patches for three vulnerabilities that could enable private-key recovery, remote code execution, or DoS and require urgent upgrades – OpenSSL CVEs
• A OneLogin IAM flaw allowed API keys to access OIDC client secrets and impersonate apps but has been fixed; no active exploitation reported – OneLogin bug
• Critical Red Hat OpenShift AI vulnerability allows authenticated attackers to escalate to full cluster takeover, underscoring least-privilege needs – OpenShift AI flaw
• Researchers demonstrated a physical interposer attack called WireTap that extracts Intel SGX ECDSA keys from DDR4 memory buses, undermining SGX attestation guarantees – WireTap SGX
• F‑Droid warns Google’s new developer identity rules could force the open-source app store to shut down, raising distribution and supply-chain concerns – F‑Droid vs Google

Nation-state & EU threat trends

• ENISA’s 2025 Threat Landscape notes growing attacks on operational technology, with ~18.2% of threats aimed at OT and groups like Z-Pentest Alliance, Rippersec, and Infrastructure Destruction Squad targeting EU critical systems – ENISA OT report
• The broader ENISA landscape shows hacktivism, DDoS and ransomware dominating EU threats alongside rising supply-chain attacks and evolving actor tactics – ENISA overview
• China-linked APT Phantom Taurus (aka Net‑Star/Specter families) is targeting embassies, foreign ministries and telcos across Africa, the Middle East and Asia to steal geopolitical and military intel – Phantom Taurus (Record), Phantom Taurus (SecurityWeek)

Ransomware & extortion incidents

• Clop-related extortion emails claim theft from Oracle E‑Business Suite systems with ongoing investigations by Mandiant and Google into the campaign’s veracity – Clop extortion
• Japanese brewer Asahi halted deliveries and delayed product launches after a cyberattack forced factory shutdowns, causing domestic supply-chain disruption – Asahi ransomware
• Google Drive for desktop gains an AI-powered ransomware detection feature that pauses syncing during suspected attacks to protect backups and accelerate recovery – Google Drive detection

Automotive & connected device security

• Tesla patched a TCU USB vulnerability that allowed physical attackers to gain root access via a USB exploit with an OTA update, highlighting vehicle attack surfaces – Tesla TCU fix
• ThreatsDay bulletin highlights car-related flaws (including a CarPlay exploit), SQL C2 attacks, BYOVD tactics and cloud/iCloud backdoor extortion, underscoring broad IoT and vehicle risks – ThreatsDay bulletin

Product, market & research

• Brave browser surpassed 101 million monthly active users as Brave Search and new AI tools gain traction amid regulatory shifts like the EU DMA – Brave milestone
• AI‑GRC startup Zania raised $18M Series A to expand autonomous AI agents across risk and compliance workflows – Zania funding
• Guides and webinars show security teams automating pentest delivery and blending AI + human workflows to speed remediation and avoid over-reliance on automation – Pentest automation, AI + human webinar
• Microsoft plans to auto-install Microsoft 365 companion apps on Windows in October for Copilot integrations while also patching a Defender bug that misflags Dell BIOS updates and other platform issues – MS companion apps, Defender bug

Compliance, legal & research

• Georgia Tech agreed to pay $875,000 to settle DOJ allegations over lax cybersecurity in federal research contracts, underscoring contractor compliance risks – Georgia Tech settlement
• Academic teams demonstrated the hardware-based WireTap attack against Intel SGX on DDR4 platforms, raising concerns for trusted execution environments in research and industry deployments – WireTap research

Human risk & SOC operations

• Security analysts warn the service desk is a prime social‑engineering vector and recommend NIST-aligned, role-based verification workflows to reduce takeover risk from groups like Scattered Spider and ScatteredSpider-style operators – Service desk defense

Cybersecurity News | Daily Recap – hendryadrian.com