Cybersecurity News | Daily Recap [25 Sep 2025]

hendryadrian.com

hendryadrian.com

Privacy & Regulation

• Google and Flo Health will pay a combined $56 million to settle claims over illegal sharing of health data, highlighting privacy risks in wellness apps – Google Flo
• US senators introduced a bill directing the FTC to create standards protecting consumers’ sensitive neural data from misuse – Neural Bill

Cisco Zero-day

• CVE-2025-20352, a critical SNMP flaw in Cisco IOS/IOS XE, is being actively exploited for remote code execution or DoS and Cisco has released urgent patches and advisories – Cisco SNMP, Cisco Patches, Cisco Warns

Supply-chain & Malicious Packages

• Malicious Rust crates (impostors of fast_log/async_println) covertly stole Solana/Ethereum keys (confirmed 8,424 downloads) and were removed from crates.io – Rust Crates, Rust Crates 2
• The Shai-Hulud worm compromised 500+ packages in a supply-chain attack prompting a CISA warning to review software dependencies and credentials after widespread credential theft – Shai-Hulud

State-linked Campaigns

• North Korea-linked operators (Lazarus) ran the Contagious Interview campaign using AkdoorTea, BeaverTail and social-engineered job offers to target crypto developers worldwide – AkdoorTea
• China-linked RedNovember targeted governments and organizations using Pantegana and Cobalt Strike for espionage, while Russian-linked Storm-1679 ran a disinformation push against Moldova’s pro‑EU elections – RedNovember, Moldova Disinfo

Ransomware & Major Breaches

• A cyberattack on Co-op caused an estimated £80 million profit loss and exposed data of 6.5 million members; meanwhile Volvo Group employees were notified after a ransomware incident at Miljödata and Boyd Gaming reported an employee-data theft with limited business impact – Co-op Attack, Volvo Ransomware, Boyd Breach
• Transport and casino incidents continue: a ransomware hit on Collins Aerospace’s MUSE system disrupted European airports with a suspect arrested; the Rhysida gang claimed a Maryland Transit attack; and a 17‑year‑old tied to 2023 Vegas casino intrusions was released to parents – Airport Ransom, Maryland Claim, Vegas Teen

Enterprise & Cloud Security

• Salesforce patched a critical ForcedLeak prompt-injection flaw in Agentforce that could exfiltrate CRM data and implemented a Trusted URL allowlist to mitigate the risk – Salesforce ForcedLeak
• Industry guidance evolves: the CSA published the SaaS Security Capability Framework (SSCF) to standardize controls, while CTEM advocates prioritization and adversarial validation (BAS/automated pentesting) to focus on true risks – SSCF, CTEM

Device & Firmware Vulnerabilities

• Critical Supermicro BMC firmware flaws (CVE-2024-10237, CVE-2025-6198) can enable persistent backdoors despite patch availability, prompting urgent remediation for affected servers – Supermicro BMC
• An unpatched OnePlus OxygenOS flaw (CVE-2025-10184) allows rogue apps to read SMS via unsafe exported content providers, risking data exfiltration on multiple models – OnePlus SMS

Threat Trends & Tools

• Gcore’s Radar reports a rise in DDoS volume and sophistication with peak attacks hitting 2.2 Tbps, and the tech sector now surpassing gaming as the top target – Gcore DDoS
• Law enforcement and anti-fraud efforts recovered $439 million in an international Interpol crackdown on scams spanning voice phishing, romance fraud, and BEC – Interpol Recovery
• New tactics and tooling: an EDR-Freeze technique leverages Windows error-reporting to suspend AV/EDR processes, while Kali Linux 2025.3 adds 10 new tools and Wi‑Fi enhancements for penetration testers – EDR Bypass, Kali 2025.3

Authentication

• Passkeys (FIDO-based) are gaining adoption as a phishing-resistant alternative to passwords, being rolled out by major organizations to improve security and reduce support costs – Passkeys

Cybersecurity News | Daily Recap – hendryadrian.com