Cybersecurity News | Daily Recap [17 Sep 2025]

hendryadrian.com

hendryadrian.com

Daily Cybersecurity Recap

Phishing Takedown

• Microsoft and Cloudflare disrupted the RaccoonO365 phishing service, seizing 338 domains, identifying leader Joshua Ogundipe, and tying the scheme to thousands of stolen Microsoft 365 credentials and over $100,000 in crypto – RaccoonO365 Takedown, RaccoonO365 Takedown, RaccoonO365 Takedown, RaccoonO365 Takedown

Supply-Chain Attacks

• The self-propagating Shai-Hulud campaign compromised roughly 180–187 npm packages and ~40 developer accounts to exfiltrate secrets and spread malware, with downstream impacts including packages tied to vendors like CrowdStrike – Shai-Hulud Worm, Shai-Hulud Worm, Shai-Hulud Worm

Cybercrime Forums

• Former BreachForums admin Conor “Pompompurin” Fitzpatrick was resentenced to 3 years for cybercrime and possession of CSAM as enforcement continues against stolen-data markets – BreachForums Sentencing, BreachForums Sentencing, BreachForums Sentencing

Vulnerabilities & Patches

• Apple backported fixes for actively exploited CVE-2025-43300 to block memory-corruption via malicious images and protect targeted users – Apple CVE
• Critical unauthenticated GraphQL flaws in Chaos Mesh could enable RCE and full Kubernetes cluster takeover if not patched—researchers urge immediate mitigations – Chaos Mesh Flaws

Malware Delivery & Fraud

• Google removed 224 Play Store apps linked to the SlopAds ad-fraud campaign that generated about 2.3 billion ad requests per day using steganography and evasion tricks – SlopAds Takedown
• Attackers increasingly weaponize trusted formats and SEO to deliver malware—examples include Chinese-targeted SEO poisoning and misuse of old file types to hide threats like XWorm and LummaStealer—calling for behavior-based defenses – SEO Poisoning, Delivery Trends

Espionage & APTs

• APT28 (BeardShell) ran a persistent espionage campaign against Ukrainian military networks in 2025 using steganography, cloud-based C2, and multistage infection chains to evade detection – BeardShell Campaign

AI Security & Industry Moves

• CrowdStrike will acquire Pangea to launch an AI Detection and Response (AIDR) capability for enterprise AI risks—part of growing vendor focus on protecting LLMs and autonomous agents – CrowdStrike Acquires Pangea
• Check Point plans to buy Lakera to bolster AI security for agentic applications as vendors race to secure generative AI workloads – Check Point Acquires Lakera
• Startups raise AI/security bets: Israeli firm Vega emerges with $65M for AI-driven security analytics and Ray Security raised $11M for real-time AI data protection—signals of investor interest in AI-native defenses – Vega Funding, Ray Security Funding
• Microsoft rolled out Copilot Chat across Microsoft 365 apps to bring context-aware AI assistance to business users—raising both productivity and data governance considerations – Copilot Chat, Black Hat CISO Podcast

Regulation & Business Impact

• House lawmakers passed a short-term bill to extend key cyber programs including CISA 2015 and the State and Local Cybersecurity Grant Program until November 21 to buy time for longer-term decisions – Short-term Extension
• Jaguar Land Rover‘s global operations remain halted by a cyberattack and are expected to be down for at least another week, disrupting employees and supply chains and raising continuity concerns – JLR Outage

Data Breaches & Threat Actor Claims

• Threat actor ShinyHunters stole millions of customer records from luxury brands (Gucci, Balenciaga, Alexander McQueen) with personal data exposed but no payment data reported compromised; industry warns attackers often rebrand rather than retire – Luxury Breach, Actor Retirement Skepticism

Cybersecurity News | Daily Recap – hendryadrian.com