Daily Recap, Major vendors including Splunk, Zoom, F5, Trend Micro, Tanium, ESET, Tenable, Firefox, Chrome, Adobe, and VMware shipped patches for multiple critical issues such as account takeover and code-execution vulnerabilities, while CISA ordered U.S. federal agencies to remediate an actively exploited Oracle flaw and addressed exploited SharePoint weaknesses. Active campaigns also made headlines as Russian actors pushed Starland by trojanizing WebEx and Zoom installers, and Spirals ransomware reportedly encrypted a victim network in under 24 hours. #Splunk #Zoom #F5 #TrendMicro #Tanium #ESET #Tenable #Firefox #Chrome #Adobe #VMware #CISA #Oracle #SharePoint #Starland #WebEx #Spirals #SonicWall #UEFI #SecureBoot #LegacyHive #OkoBot #Ledger #Trezor #GoogleGeminiCLI #TuxBot #AsyncAPI #npm #23andMe #ScatteredSpider #TransportforLondon #ChromeSync
Major Patches
- Splunk, Zoom, F5, Trend Micro, Tanium, ESET, Tenable, Firefox, Chrome, Adobe, and VMware released fixes for multiple severe and critical flaws, including account takeover and code-execution bugs. – Critical Fixes, F5 Patches, Severe Patches, Browser & Adobe, Zoom ATO, Cursor RCE
- CISA ordered U.S. federal agencies to patch an actively exploited Oracle flaw by Saturday and separately urged immediate remediation of exploited SharePoint vulnerabilities. – Oracle Order, SharePoint Alert
Active Exploitation
- Russian threat actors trojanized WebEx and Zoom installers to spread Starland malware, while a new Spirals ransomware campaign encrypted a victim network in under 24 hours. – Starland Push, Spirals Ransomware
- SonicWall customers are under threat after attackers began exploiting 2 zero-days, and researchers also warned that old UEFI shims can enable Secure Boot bypasses. – SonicWall Zero-Days, UEFI Bypass
- Nightmare Eclipse dropped LegacyHive, a Windows zero-day, adding to the day’s crop of high-risk exploitation news. – LegacyHive Zero-Day
Malware & Botnets
- OkoBot is injecting seed-phrase phishing into Ledger and Trezor apps to steal crypto wallet credentials. – OkoBot Phishing
- Google Gemini CLI was abused as a hacking agent and botnet operator, while TuxBot v3 showed signs of LLM-assisted IoT botnet development. – Gemini Abuse, TuxBot v3
- AsyncAPI npm packages were infected with credential-stealing malware, exposing developers to supply-chain compromise. – AsyncAPI Malware
Fraud & Enforcement
- 23andMe agreed to an additional $18 million settlement over its genetics data breach, underscoring the long tail of breach litigation. – 23andMe Settlement
- Dutch police dismantled an investment fraud ring accused of stealing over €100 million. – Fraud Bust
- Scattered Spider members behind the Transport for London hack were sentenced to five years in prison. – TfL Sentencing
Policy & Industry
- The Trump administration unveiled an AI-supported clearinghouse to coordinate cybersecurity vulnerability reporting and response. – AI Clearinghouse
- Oak emerged from stealth with $60 million in funding, signaling continued investor interest in cybersecurity startups. – Oak Funding
- Windows 11 24H2 Home and Pro editions will reach end of support in 90 days. – Win11 EoS
Abuse & Surveillance
- Researchers found stalkers abusing Chrome Sync features for cyberstalking, highlighting a misuse of legitimate cloud services. – Chrome Sync Abuse