Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [23 Sep 2025]

admin
Cybersecurity News | Daily Recap [23 Sep 2025]

Daily Recap, Several notable vulnerabilities were disclosed, including FlatPress v1.4.1 and libelf gmo2msg, with patches released for SolarWinds Web Help Desk RCE and SonicWall SMA100 rootkit removal, alongside various incidents such as JLR shutdowns and Stellantis data exposure. Researchers also highlighted actor tokens in Azure Entra enabling silent compromise, and campaigns from ComicForm, Subtle Snail, and ShadowV2; governance and defense updates followed across GitHub, Mozilla, and Tenfold, with disinformation activity noted in Moldova. #FlatPress #libelf #SolarWindsRCE #SonicWall #AzureEntra #ComicForm #SubtleSnail #ShadowV2 #Atomic #JLRShutdown #Stellantis #MoldovaDisinfo

Vulnerabilities & Patches

  • A flaw in FlatPress v1.4.1 lets attackers change passwords without verifying the current password, enabling unauthorized account takeover – FlatPress Bug
  • A stack-based buffer overflow in libelf‘s gmo2msg via unbounded sprintf of the lang/filename argument could cause crashes or potential code execution in privileged contexts – libelf Overflow
  • SolarWinds released hotfixes to address a critical unauthenticated RCE in Web Help Desk (CVE-2025-26399) tied to AjaxProxy deserialization and issued follow-up patches for the latest 12.8.7 release – SolarWinds RCE, SolarWinds Patch
  • SonicWall issued an SMA100 firmware update that removes the OVERSTEP rootkit linked to threat actor UNC6148, urging immediate device updates – SonicWall Update
  • CERT/CC published a note on a XSS vulnerability in certain Lectora e‑learning versions and recommends updates and republishing to mitigate risk – Lectora XSS
  • An IDOR flaw that exposed restricted media on the American Archive of Public Broadcasting site has been fixed after years of unauthorized access to private files – AAPB IDOR
  • Research revealed undocumented Actor tokens in Azure Entra that allowed silent tenant compromise beyond conventional privilege escalation, prompting vendor fixes – Entra Tokens

Incidents & Breaches

  • Jaguar Land Rover extended plant shutdowns after a disruptive cyberattack that continues to impact production and the supply chain – JLR Shutdown
  • A ransomware incident impacting Collins Aerospace systems caused widespread flight delays and cancellations at European airports including Heathrow, Brussels, and Berlin – Airport Ransomware
  • Automaker Stellantis confirmed unauthorized access to a third‑party platform exposed North American customer contact data (no financial data reported), in breaches linked to the ShinyHunters Salesforce campaign — ongoing investigations continue – Stellantis Notice, Stellantis Report, Stellantis Probe, Stellantis Details

Threat Campaigns & Malware

  • The threat group ComicForm (aka SectorJ149) deployed Formbook via targeted phishing across Belarus, Kazakhstan, and Russia to harvest credentials and deliver obfuscated loaders – Formbook Campaign
  • An Iran‑linked espionage actor dubbed Subtle Snail targeted European telecoms, aerospace, and defense with staged LinkedIn lures, DLL sideloading, signed malware, and cloud C2 to exfiltrate sensitive data – Subtle Snail
  • Researchers uncovered the ShadowV2 containerized botnet offering DDoS‑for‑hire via misconfigured AWS Docker instances and an attack-management API that evades protections like Cloudflare UAM – ShadowV2 Botnet
  • Mac users were targeted by fake password managers pushed via malicious GitHub repos that install the Atomic (AMOS) info‑stealer (now with backdoor features) — exercise caution with downloads – Atomic Malware

Law Enforcement & Intelligence

  • Threat‑intel firm Unit 221B raised $5 million to expand its eWitness platform after contributing to arrests of cybercriminals including Ethan Foltz – Unit 221B Raise
  • European authorities dismantled a crypto investment fraud ring responsible for over €100 million in losses across 100+ victims, seizing tied bank accounts and arresting suspects – Crypto Fraud Bust
  • An alleged juvenile member of Scattered Spider turned himself in to Las Vegas police amid probes into ransomware and intrusion incidents at major casinos, with FBI involvement ongoing – Scattered Spider Surrender

Platform, Identity & Governance

  • GitHub tightened npm publishing security by requiring two‑factor authentication and access tokens to curb supply‑chain abuse after widespread account compromises – GitHub 2FA
  • Mozilla added a rollback feature letting Firefox add‑on developers revert problematic updates quickly to reduce risky extension incidents, aiding protection against malicious crypto‑wallet extensions – Firefox Rollback
  • Tenfold launched a free Community Edition IGA tool for organizations up to 150 users to automate onboarding, permissions oversight, and simplify identity governance for small/mid teams – Tenfold IGA

Research, Risk & Techniques

  • Adversa’s analysis of the Model Context Protocol (MCP) revealed the top 25 vulnerabilities (including prompt injection) that could be abused to compromise agentic AI systems and recommends mitigations for safe AI agents – MCP Vulnerabilities
  • Security research introduced EDR‑Freeze, a user‑mode technique leveraging Windows Error Reporting to suspend endpoint protection without vulnerable drivers, and outlined possible defenses – EDR-Freeze
  • As security teams shrink, firms face higher remediation stakes from breaches involving stolen credentials and hardcoded secrets, prompting calls for precise, strategic incident response and tooling – Lean Teams Risk

Disinformation

  • Russia has ramped up disinformation campaigns aimed at influencing Moldova‘s parliamentary vote, deploying fake news networks and propaganda to undermine pro‑Western integration efforts – Moldova Disinfo

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint