![Cybersecurity News | Daily Recap [11 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Sep 2025]")
Daily Recap, A Spectre-like VMScape flaw threatens guest-host isolation on AMD/Intel CPUs, while SonicWall CVE-2024-40766 exploits enable breach and firewall crashes. Other highlights include EggStreme, ChillyHell, AsyncRAT campaigns, and JLR data theft, with notable supply chain and privacy concerns across NPM, browser extensions, and keystroke tracking. #VMScape #SonicWallFlaw #EggStreme #ChillyHell #AsyncRAT #JLRAttack #NPMAttack #KeystrokeTracking
Vulnerabilities & Patches
- A Spectre-like flaw called VMScape can break guest-host isolation in unmodified QEMU on modern AMD and Intel CPUs to leak cryptographic keys and evade mitigations β VMScape Attack
- The Australian Cyber Security Centre warns of active exploitation of CVE-2024-40766 in SonicWall SSL VPNs being abused by actors (including Akira ransomware) to gain access and crash firewalls β SonicWall Flaw
- SAP released critical updates addressing high-severity issues including CVE-2025-42944, which could allow remote command execution β patch now β SAP Patch
- GitLab patched six vulnerabilities that could lead to DoS, SSRF and information disclosure; self-managed instances should upgrade immediately β GitLab Fixes
- Researchers disclosed a remote CarPlay exploit abusing AirPlay/iAP2 that can spy on drivers and induce dangerous distractions in many unpatched vehicles β CarPlay Hack
Malware & Espionage
- A China-linked APT deployed fileless EggStreme with encrypted in-memory payloads, multi-stage backdoors and routing tools to persistently target a Philippine military firm for espionage β EggStreme Malware, EggStreme Malware
- The modular macOS backdoor ChillyHell, signed and notarized by Apple in 2021, remained undetected and offers multiple persistence modules for targeted intrusions β ChillyHell Mac
- Attackers abused legitimate ConnectWise ScreenConnect to deliver a fileless loader that installs AsyncRAT, using layered VBScript/PowerShell to steal credentials and crypto β AsyncRAT Campaign
- U.S. investment in commercial spyware nearly tripled in 2024 as researchers also found FlexiSPY on Kenyan filmmakersβ phones, underscoring rising surveillance and funding risks β Spyware Funding, FlexiSPY Case
Data Breaches & Ransomware
- The town of Vienna, VA disclosed a breach tied to ransomware group Cephalus that exposed SSNs, passport and financial info for 811 residents β investigation ongoing β Vienna Breach
- A ransomware attack on the New York Blood Center led to theft of personal and clinical records for tens of thousands, prompting notifications and protective guidance for victims β Blood Center Rans
- Jaguar Land Rover confirmed a disruptive cyberattack with stolen data that impacted vehicle production; the group Scattered Lapsus$ Hunters claimed responsibility β JLR Attack, JLR Attack
- An unsecured Hello Gym database exposed over 1.6 million audio recordings of members, creating high risk for deepfakes, spear-phishing and identity theft β Hello Gym Leak
Supply Chain & Dev Tools
- The largest NPM supply-chain attack affected popular packages used in roughly 10% of cloud environments but rapid removals left attackers with minimal profit β open-source risk persists β NPM Attack
- Browser extensions continue to pose supply-chain and privilege risks; Keep Awareβs buyerβs guide outlines monitoring and control strategies to limit extension-based attacks β Extension Guide
- A flaw in the Cursor AI editor can cause infected repos to βautorunβ malicious tasks on open, enabling credential theft, malware drops and dev environment takeover β Cursor Flaw
Attacks & Infrastructure
- A massive DDoS peaked at 1.5 billion pps against a European mitigation provider using botnets of compromised IoT devices and MikroTik routers, highlighting the need for ISP-level defenses β 1.5Bpps DDoS
Privacy & AI
- A study found widespread silent web keystroke interception by third-party scriptsβoften capturing input before submission and potentially amounting to wiretapping under California law β Keystroke Tracking
- Googleβs Pixel 10 adds Content Credentials to camera and Photos to help verify authentic images and detect AI alterations, improving media provenance β Pixel Photo Verify
Policy & Industry
- The U.S. House advanced an $848 billion defense bill containing cybersecurity and AI provisions, including NSA briefings, AI transparency and enhanced threat-intel sharing with industry β Defense Bill
- A U.S. senator urged the FTC to probe Microsoft over default support for legacy RC4 and Kerberoasting issues tied to ransomware incidents like Ascension β oversight push grows β FTC Probe
- Microsoft removed registration fees and now offers free hosting, signing and distribution to lower barriers for Windows developers publishing to the Microsoft Store β Store Fees Removed
Social Engineering & Access
- The Scattered Spider incident shows how weak help-desk verification let attackers access Clorox systems in 2023, causing massive financial and operational damage and underscoring strong caller verification needs β Helpdesk Fraud