![Cybersecurity News | Daily Recap [13 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [13 Sep 2025]")
Daily Recap, researchers warn the VoidProxy phishing-as-a-service is actively bypassing MFA to steal Google and Microsoft session tokens and enable account takeovers, urging stronger auth like passkeys. The recap highlights threats from bootkits like HybridPetya bypassing UEFI Secure Boot, Akira ransomware affiliates exploiting patched SonicWall CVE-2024-40766, critical patches for Chrome, Cisco IOS XR, and Samsung, and ongoing espionage, data theft, and state-backed campaigns affecting governments and enterprises. #VoidProxy #HybridPetya #Akira #Pegasus #Predator #EggStreme #SonicWall #Chrome #Windows11 #Salesforce #ShinyHunters #INC #DELMIA
Phishing & Account Takeover
- Researchers warn the VoidProxy phishing-as-a-service is actively bypassing MFA to steal Google and Microsoft session tokens and enable account takeovers, urging stronger auth like passkeys – VoidProxy Phish, VoidProxy Report
Bootkits & Ransomware
- Researchers disclosed proof-of-concept HybridPetya can bypass UEFI Secure Boot via CVE-2024-7344, highlighting risks from EFI-targeting bootkits though no in-the-wild cases have been seen – HybridPetya Report, HybridPetya Deep
- Affiliates of the Akira ransomware group continue exploiting patched SonicWallCVE-2024-40766) to breach organizations, underscoring persistent exploitation of unpatched firewalls – Akira / SonicWall
Vulnerabilities & Patches
- Google patched a critical Chrome ServiceWorker flaw (CVE-2025-10200) after a researcher earned $43,000, with users urged to update promptly – Chrome Patch
- Cisco released fixes for high-severity IOS XR vulnerabilities that could enable image verification bypasses and DoS, and administrators should apply updates – Cisco IOSXR
- Samsung issued patches for an exploited Android zero-day CVE-2025-21043 (libimagecodec.quram.so) after in-the-wild attacks, so affected device updates are critical – Samsung Zero-Day
- New Spectre-class flaw VMSCAPE can leak hypervisor/cloud secrets across AMD Zen and Intel Coffee Lake CPUs, with software mitigations recommended – VMSCAPE Spectre
Industrial & Manufacturing
- CISA added a critical RCE in Dassault Systèmes’ DELMIA Apriso (CVE-2025-5086) to its Known Exploited Vulnerabilities list after observed attack attempts, urging immediate patching in manufacturing environments – DELMIA Alert, DELMIA Exploit
Espionage & State-backed Malware
- Apple issued multiple alerts and CERT‑FR confirmed targeted spyware campaigns (including Pegasus/Predator) using zero-day vectors against high‑risk users like journalists and officials – Apple Spyware, France Warn
- A China‑linked advanced framework called EggStreme was used to spy on a Philippine military contractor, providing multi-stage espionage capabilities and evasion techniques – EggStreme Malware
Data Theft & Breaches
- The FBI warned groups UNC6040 and UNC6395 are targeting Salesforce ecosystems via OAuth abuse and vishing to steal data for extortion, advising tighter controls and monitoring – Salesforce Threats
- Government agencies in Vietnam and Panama suffered significant incidents leaking citizen data and infection by threat actors including ShinyHunters and the INC ransomware gang, stressing improved defenses for public-sector systems – Govt Data Leaks
Policy & Ops
- The DHS inspector general found CISA mismanaged its Cybersecurity Retention Incentive program, potentially wasting over $138 million due to poor targeting and record-keeping – CISA Incentives
- Microsoft warned that Windows 11 23H2 Home and Pro support ends in 60 days, urging upgrades to 24H2 as updates cease in November 2025 for those editions – Windows EoS
Guidance & Response
- Incident response guidance emphasizes having clarity, control, and a reliable recovery lifeline prepared in advance to reduce damage during cyberattacks—key steps for MSPs and IT teams – Response Basics