Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [10 Oct 2025]

admin
Cybersecurity News | Daily Recap [10 Oct 2025]

Daily Recap, A PoC titled fenrir breaches secure boot on MediaTek-powered devices including the Nothing Phone (2a), enabling arbitrary firmware/OS installs and trust-chain compromise; Android spyware ClayRAT masquerades as popular apps to spy on Russian users and exfiltrate data. #Fenrir #ClayRat

Mobile & Firmware

  • A new PoC called fenrir can break secure boot on MediaTek-powered devices including the Nothing Phone (2a), enabling arbitrary firmware/OS installs and trust-chain compromise – Fenrir PoC
  • Android spyware ClayRat is masquerading as apps like WhatsApp/TikTok to spy on Russian users and exfiltrate data via malicious links and C2 servers – ClayRat Spyware, ClayRat Spyware

Payroll Fraud

  • Threat actor Storm-2657 has run “payroll pirate” campaigns since March 2025, using phishing, MFA bypass and HR cloud access changes to divert university salaries – Payroll Pirate, Payroll Pirate, Payroll Pirate

Network Devices & Botnets

  • Coordinated campaigns from shared subnets are scanning, brute-forcing and exploiting recent flaws in Cisco, Palo Alto and Fortinet devices, signaling organized intrusion activity against network gear – Device Campaign
  • New RondoDox botnet uses an “exploit shotgun” to target over 50–56 n-day flaws across routers, DVRs and servers for DDoS and crypto-mining, rapidly expanding its footprint – RondoDox Botnet, RondoDox Botnet
  • Juniper released patches addressing nearly 220 vulnerabilities across Junos OS/Space/Security Director — including 9 critical Junos Space flaws — urging immediate updates as few workarounds exist – Junos Patches

Enterprise Software Exploits

  • Attackers including Cl0p and likely FIN11 exploited a zero-day in Oracle E-Business Suite (CVE-2025-61882) to deploy extortion malware and steal data across dozens of orgs – Oracle EBS, Oracle EBS
  • Fortra disclosed active exploitation of CVE-2025-10035 in GoAnywhere MFT since September 2025, with actors like Storm-1175 deploying ransomware and data theft — patch and restrict access now – GoAnywhere MFT

Ransomware & Malicious Tools

  • Operators are abusing the Velociraptor DFIR tool to stage intrusions that deploy LockBit and Babuk ransomware with privilege escalation and persistent access, possibly linked to Storm-2603Velociraptor Abuse

Law Enforcement & Data Leaks

  • The FBI and international partners seized the BreachForums domain used by ShinyHunters, disrupting extortion operations tied to Salesforce data while investigations continue – BreachForums Takedown
  • About 70,000 Discord users had government ID images exposed in a third‑party breach, with attackers claiming >2M age-verification photos and other PII were accessed – Discord Leak
  • Two teenagers were arrested after a cyberattack on Kido nurseries leaked data on ~8,000 children and led to extortion demands, highlighting threats to minors’ data – Kido Arrests

Nation-State & Espionage

  • China-aligned actor UTA0388 evolved to use LLMs like ChatGPT for multilingual spear-phishing and to deploy backdoors such as GOVERSHELL, targeting Asia and Europe with covert campaigns – UTA0388 APT, UTA0388 APT
  • A zero-day intrusion, likely by a Chinese state-sponsored group, breached law firm Williams & Connolly, compromising attorney email accounts though client data loss is unconfirmed – Williams Connolly
  • Finland paused the trial of crew allegedly tied to the Eagle S tanker over jurisdictional issues after suspected Baltic Sea cable sabotage, underscoring hybrid-warfare prosecution challenges – Eagle S Trial

Policy & National Cybersecurity

  • Senators Peters and Rounds introduced the bipartisan Protecting America from Cyber Threats Act to renew CISA-era information-sharing and liability protections for another decade – CISA Renewal, CISA Renewal
  • India is expanding cybersecurity efforts against a rise in online fraud, combining legal, technical and awareness measures to secure its fast-growing digital footprint – India Cybercrime

Product Security & Supply-Chain

  • GitHub Copilot Chat had a CSP bypass and prompt‑injection flaw that could leak private-repo secrets and AWS keys; GitHub has restricted Camo URL use to mitigate the issue – Copilot Flaw
  • Microsoft fixed a Defender for Endpoint bug that mistakenly flagged SQL Server 2017/2019 as end‑of‑life after a code change; a correction has been deployed – Defender Bug
  • Microsoft released Windows Backup for organizations to securely store user settings/apps in the cloud for Windows 10/11 to aid device recovery and continuity – Windows Backup

Supply-Chain & Phishing Campaigns

  • Researchers found 175 malicious npm packages with ~26,000 downloads used in a credential-phishing campaign that abused npm/UNPKG to host redirects and HTML payloads targeting 135+ organizations – Malicious npm

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint