Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [15 Sep 2025]

admin
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, The week covers ShinyHunters exploiting an unpatched system to steal data from Vietnam’s National Credit Information Center, along with ongoing Salesforce breaches by UNC6040 and UNC6395 using social engineering, OAuth theft, and abuse. The roundup also notes China tightening incident reporting and Hive0154-aligned malware, a SEO poisoning campaign with HiddenGh0st/Winos/kkRAT, WhiteCobra’s crypto-stealer extensions, VoidProxy phishing, a record L7 DDoS driven by a 5.76M IoT botnet, Windows 10 end-of-life, and persistent double-extortion ransomware trends.
#ShinyHunters #UNC6040 #UNC6395 #GreatFirewall #Hive0154 #Toneshell9 #SnakeDisk #HiddenGh0st #Winos #kkRAT #WhiteCobra #LummaStealer #VoidProxy #DDoS #IoT #Windows10

Data Breaches & Extortion

  • The cybercrime group ShinyHunters exploited an unpatched system to steal and sell personal data from Vietnam’s National Credit Information Center, raising risks of identity theft and fraud – Vietnam Breach

Salesforce Attacks

  • The FBI and partners warn that threat actors UNC6040 and UNC6395 are actively compromising Salesforce via social engineering, OAuth token theft, vishing and API abuse to exfiltrate and extort data – Salesforce Alert, Salesforce Alert, Salesforce Alert

China-related

  • A massive publication of nearly 600 GB of internal source code and communications tied to the Great Firewall exposes development and export details of Chinese censorship technology – Great Firewall Leak
  • China will require network operators to report major cybersecurity incidents within one hour starting 1 Nov 2025, tightening rules for critical infrastructure and breach response – China Reporting
  • IBM X‑Force links a China‑aligned group (Hive0154) to upgraded malware like Toneshell9 and region‑aware USB worms such as SnakeDisk, showing targeted, persistent operations in Southeast Asia – Hive0154 Malware

Malicious Distribution

  • A Chinese-language SEO poisoning campaign and GitHub Pages abuse is pushing RATs (including HiddenGh0st, Winos and kkRAT) via lookalike download sites to infect users — campaign leverages search manipulation and fake installers – SEO Malware
  • Threat actor WhiteCobra is flooding extension marketplaces (VS Code, Cursor, Windsurf) with malicious extensions that deliver stealers like LummaStealer to drain crypto wallets and credentials – VSCode Extensions

Phishing & Account Takeover

  • A new phishing‑as‑a‑service called VoidProxy uses Cloudflare‑protected sites and adversary‑in‑the‑middle techniques to capture Microsoft 365 and Google credentials, MFA codes and session cookies for account takeover – VoidProxy Phish

DDoS & Botnets

    <li<qrator Labs mitigated a record L7 DDoS driven by an estimated 5.76M-device IoT botnet that flooded a government target, highlighting massive IoT compromise and increasingly large traffic floods – Record L7 DDoS

Policy & End-of-Life

  • Microsoft warns that Windows 10 support ends on 14 Oct 2025 and urges upgrades to Windows 11 or use of Extended Security Updates as adoption of Windows 11 tops 53% of systems – Windows 10 End

Threat Trends & Recap

  • This week’s industry recap highlights persistent double‑extortion ransomware, copycat families (e.g., Yurei), rapid RATs, supply‑chain compromises and AI‑assisted tactics across healthcare and other sectors with mitigation guidance – Weekly Recap

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint