Cybersecurity News | Daily Recap [19 Sep 2025]

Daily Recap, Critical vulnerabilities and patches were issued for WatchGuard Firebox (CVE-2025-9242, CVSS 9.3) affecting IKEv2 VPNs and for Entra ID (CVE-2025-55241) risking tenant takeovers, with guidance to patch or migrate to Microsoft Graph. Ivanti EPMM campaigns exploit CVEs 2025-4427/4428, ShadowLeak targets Gmail via ChatGPT research agents, Raven Stealer steals passwords via Telegram, Qilin leads ransomware activity with new entrants Sinobi and The Gentlemen, MuddyWater shifts to targeted malware, and notable breaches include NY Blood Center and SonicWall incidents, plus KrasAvia disruptions.
#WatchGuard #CVE-2025-9242 #CVE-2025-55241 #Ivanti #ShadowLeak #RavenStealer #Qilin #Sinobi #TheGentlemen #MuddyWater #NYBloodCenter #SonicWall #KrasAvia

Critical Vulnerabilities & Patches

WatchGuard patched a critical Firebox flaw (CVE-2025-9242, CVSS 9.3) impacting IKEv2 VPNs that could allow RCE — upgrade Fireware or apply workarounds. – WatchGuard Patch
Microsoft fixed a severe Entra ID bug (CVE-2025-55241) that could enable complete tenant takeovers and urged audits of legacy apps and migration to Microsoft Graph. – EntraID Bug

Ivanti Mobile Threats

CISA warns of active campaigns exploiting Ivanti EPMM (CVE-2025-4427, CVE-2025-4428) that deploy custom loaders and malware for persistence and remote code execution — patch affected versions. – Ivanti Campaign, Ivanti Details

AI / LLM Attacks

Researchers demonstrated the ShadowLeak prompt-injection zero-click attack that exfiltrated Gmail secrets via ChatGPT research agents, and OpenAI patched the flaw in its Deep Research agent. – ShadowLeak Attack, OpenAI Fix

Malware & Ransomware

New Raven Stealer info-stealer targets browsers for passwords and payment data using techniques like process hollowing and exfiltration via Telegram. – Raven Stealer
Ransomware tracking shows Qilin remains top in August while newcomers (Sinobi, The Gentlemen) and the return of LockBit raise supply-chain and U.S. targeting concerns. – Qilin Ransomware
Iranian APT MuddyWater has shifted from broad RMM-based intrusions to targeted campaigns using custom malware and cloud-hosted infrastructure. – MuddyWater Shift

Breaches & Incidents

The New York Blood Center notified nearly 194,000 people after a breach exposed personal, health, and banking information; credit monitoring offered. – NY Blood Center
SonicWall confirmed an incident exposing customer firewall configuration backups on MySonicWall.com after attackers used brute-force tactics against stored backups. – SonicWall Breach
Russian regional airline KrasAvia experienced a suspected cyber disruption amid a rise in attacks on Russia’s aviation sector since the Ukraine conflict. – KrasAvia Disruption

OT / ICS Risks

Unpatched vulnerabilities in Novakon HMIs could allow unauthenticated remote code execution and remain unresolved, posing risks to industrial control systems. – Novakon HMIs

Arrests & Law Enforcement

UK authorities arrested two teenagers linked to Scattered Spider over the August 2024 TfL attack; the group is also tied to U.S. healthcare targeting. – Scattered Spider
UK police arrested Thalha Jubair over ties to LAPSUS$ and Scattered Spider, charging him with offenses that carry up to 95 years in prison. – LAPSUS Arrest

Policy & Product Updates

Brazil enacted a sweeping law requiring online age verification, strict safeguards for children’s data, limits on invasive processing, and parental controls. – Brazil Child Law
The Senate confirmed Katherine Sutton as the Pentagon’s cyber policy chief to help steer U.S. cyber strategy amid tensions with China and other threats. – Pentagon Cyber Chief
Valve will end support for Windows 32-bit on Steam in January 2026, urging the small 0.01% of users on 32-bit Windows 10 to upgrade to 64-bit. – Steam EOL

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print