Cybersecurity News | Daily Recap [02 Sep 2025]

hendryadrian.com

hendryadrian.com

Major Incidents & Outages

• Global automaker Jaguar Land Rover suffered a severe cybersecurity incident that disrupted manufacturing and retail IT systems while the company works to restore services and reports no customer data compromise – Jaguar Disruption
• The Pennsylvania Attorney General’s Office endured a two-week outage attributed to a ransomware attack (no ransom paid) as an investigation continues into possible data theft – PA Ransomware

Supply-Chain & OAuth Breaches

• Attackers abused stolen OAuth tokens from the Salesloft/Drift compromise to access Salesforce instances, exposing customer data at both Zscaler and Palo Alto Networks and underscoring third-party app risk – Zscaler Breach, Palo Alto Breach, Zscaler Report

Nation-state & APT Activity

• Amazon disrupted a Russian state-linked APT29 campaign that used compromised sites to redirect Microsoft users to credential-harvesting domains in an intelligence-gathering operation – APT29 Disrupted
• Researchers linked multiple campaigns to state-aligned actors: North Korea’s APT-37 used LNK-based espionage against South Korean institutions, Iranian-aligned operators abused an Omani diplomatic mailbox to spy on diplomats, and a Ukrainian IP network (FDN3) ran large-scale brute-force attacks against SSL VPN/RDP devices — highlighting regional targeting and diverse TTPs – HanKook Phantom, Omani Mailbox, FDN3 Brute-Force
• The Lazarus subgroup deployed three custom RATs in targeted crypto attacks, continuing the group’s focus on financial and cryptocurrency victims using multi-stage social engineering and persistence – Lazarus RATs

Malware & Developer-Ecosystem Abuse

• Threat actors (including Silver Fox) exploited a Microsoft-signed WatchDog driver to disable protections and install ValleyRAT, demonstrating misuse of signed drivers for stealthy persistence and evasion – Driver Exploit
• Supply-chain attacks targeted developer ecosystems and mobile users: a malicious npm package nodejs-smtp mimicked Nodemailer to backdoor Atomic and Exodus wallets, while Android droppers increasingly deliver SMS stealers and spyware rather than just banking trojans – Malicious npm, Android Droppers

High-Impact Attacks on Infrastructure

• Cloudflare mitigated a record-breaking 11.5 Tbps DDoS (UDP flood) lasting ~35 seconds, largely traced to traffic from Google Cloud IPs and illustrating the rising scale of volumetric attacks – 11.5 Tbps DDoS

Vulnerabilities & Zero-Days

• WhatsApp patched a zero-day (CVE-2025-55177) that, combined with an Apple OS flaw (CVE-2025-43300), could enable highly targeted attacks via malicious URLs and incomplete device authorization – WhatsApp Zero-Day
• A critical SQL injection in the WordPress Paid Membership Subscriptions plugin (fixed in v2.15.2) could expose sites using versions ≤ 2.15.1, so administrators are urged to update immediately – WP SQLi

Industry Moves & Governance

• Varonis acquired email-security firm SlashNext to bolster AI-driven protection against spearphishing and social-engineering threats across email and collaboration platforms – Varonis Acquisition
• Security leaders at Black Hat USA 2025 emphasize cost-effective program maturity through prioritization, AI, and automation amid budget constraints, while experts warn about rising Shadow AI use that demands discovery and governance – Black Hat CISO, Shadow AI

Government Policy & Controversies

• The Spanish government canceled a €10m contract to use Huawei kit on the RedIRIS network amid national-security concerns, reflecting ongoing European scrutiny of Chinese vendors – Spain Cancels Huawei
• Moscow reportedly hired hackers who previously breached the city’s school system to work on digital services, a controversial move that swaps prosecution for recruitment of former intruders – Moscow Hires

Cybersecurity News | Daily Recap – hendryadrian.com