Cybersecurity News | Daily Recap [03 Sep 2025]

In this daily recap, multiple vulnerabilities and patches were issued for WhatsApp, TP-Link, FreePBX, MobSF, and Android, with active exploitation prompting immediate updates. The report also covers supply-chain-OAuth breaches, Lazarus Group’s cross-platform tool expansion, and notable incidents affecting Cloudflare, Palo Alto Networks, Disney, and Jaguar Land Rover. #WhatsApp #TP-Link #FreePBX #MobSF #Android #Salesloft #Drift #LazarusGroup #PondRAT #ThemeForestRAT #RemotePE #APT29 #Disney #Cloudflare #PaloAltoNetworks #JaguarLandRover

U.S. cybersecurity agency adds critical flaws in WhatsApp and TP-Link devices to its Known Exploited Vulnerabilities catalog, warning of active exploitation that threatens users and agencies – CISA KEV, CISA KEV
Sangoma issues emergency patches for a critical zero-day CVE-2025-57819 in FreePBX after active exploitation that enabled remote access and DB manipulation – FreePBX Patch
Security flaws in the security-testing tool MobSF (v4.4.0) allowed path traversal and arbitrary file writes and have been fixed in v4.4.1—update immediately – MobSF Fix
Google’s September Android update patches 84 vulnerabilities, including two actively exploited flaws impacting Android 13–16 and chipset vendors like Qualcomm—apply updates promptly – Android Patch

A widespread supply-chain campaign abusing OAuth tokens via the Salesloft/Drift compromise has impacted hundreds of organizations (including Palo Alto Networks, Zscaler, and Cloudflare), exposing support data and API tokens and forcing services offline as remediation continues – Salesloft Breach, Cloudflare Hit, Palo Alto Breach, Salesloft Breach

The North Korea-linked Lazarus Group expanded its toolkit with cross-platform implants like PondRAT, ThemeForestRAT, and RemotePE in a social-engineering campaign against a DeFi firm—highlighting evolving attack chains and credential theft – Advanced Malware
Researchers uncovered the stealthy MystRodX backdoor that uses DNS/ICMP triggers, encryption, and dynamic configs for covert control, likely tied to espionage groups such as Liminal Panda – MystRodX Backdoor
Amazon disrupted a watering-hole campaign attributed to APT29 (Russia) that hijacked legitimate sites to inject malicious JavaScript targeting Microsoft authentication—only a small share of visitors were redirected to attacker-controlled domains – APT29 Hole
Hackers breached a fintech supply chain in Brazil targeting Pix payments—an attempted $130M heist at Evertec’s Sinqia unit used stolen credentials and halted real-time transactions while recovery efforts continue – Bank Heist

The Pennsylvania Attorney General office is recovering after a ransomware attack that encrypted systems (refusing to pay ransom) and restored services amid ongoing investigations, mirroring broader government targeting trends – PA Recovery, PA Recovery
Jaguar Land Rover reports a cyberattack that “severely disrupted” production and retail operations after core systems were shut down; customer data appears unaffected as restoration continues – JLR Outage

Disney agreed to pay a $10M settlement with the FTC for mislabeled YouTube content that enabled collection of children’s data without parental consent, prompting stronger compliance and labeling controls under COPPA – Disney COPPA, Disney COPPA, Disney COPPA

A new social-engineering scam abusing WhatsApp’s device-linking can fully hijack chats and propagate malicious links—users should enable two-step verification and monitor linked devices – WhatsApp Scam
The hacker collective “Scattered LapSus Hunters” threatened Google staff and data leaks (no breach evidence disclosed), underscoring persistent targeting and extortion tactics against major tech firms – Google Threat

Cloudflare mitigated the largest recorded volumetric DDoS attack peaking at 11.5 Tbps, largely sourced from Google Cloud infrastructure, highlighting escalating DDoS scale and mitigation challenges – Record DDoS

CISA appointed Nicholas Andersen as Executive Assistant Director for Cybersecurity to help steer defenses for critical infrastructure amid agency growth and restructuring – CISA Hire, CISA Hire

Google denied reports that it warned 2.5 billion Gmail users to reset passwords, clarifying there was no mass breach notification and reiterating protections like passkeys—avoid panic-driven resets unless directly instructed – Gmail False

SHARE THIS STORY