Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [27 Sep 2025]

admin
Cybersecurity News | Daily Recap [27 Sep 2025]

Daily Recap, State-linked espionage and ransomware incidents dominate the latest security headlines, highlighting China-linked campaigns leveraging PlugX and Bookworm to target telecoms and manufacturing, alongside Salt Typhoon infiltrations via MSS-backed operators. The week also brings data breaches in Union County, Ohio, notable LockBit 5.0 activity, a OnePlus vulnerability, SVG-based phishing targeting Ukraine and Vietnam, BAS as a defense validation tool, and various Microsoft security enhancements and policy moves impacting user data control and extension integrity. #PlugX #Bookworm #SaltTyphoon #UnionCounty #LockBit5.0 #OnePlus #SVG #PureRAT #CountLoader

State-Linked Espionage

  • China-linked campaigns deploy modular backdoors like PlugX and Bookworm to target Asian telecoms and manufacturing while the state-backed group Salt Typhoon has infiltrated global telecoms since 2019 via MSS-backed operators – PlugX Campaign, Salt Typhoon

Ransomware & Breaches

  • A ransomware incident in Union County, Ohio exposed sensitive data (SSNs, credit cards, medical records) of about 45,487 residents and employees – Union County, Union County
  • Weekly security roundup highlights new LockBit 5.0 activity, a South Korean credit-card breach and OnePlus vulnerabilities affecting millions – Weekly Roundup

Phishing & Malware

  • Sophisticated phishing using malicious SVG files delivers loaders and backdoors such as CountLoader and PureRAT to target government agencies in Ukraine and Vietnam via multi-stage, in-memory infection chains – SVG Phishing

Security Tools & Frameworks

  • Breach-and-attack simulation (BAS) acts as a β€œcrash test” to validate security controls and complements emerging cybersecurity frameworks for defense organizations – BAS Crash Test, Weekly Roundup

Microsoft

  • Microsoft is testing AI auto-categorization in Windows 11 Photos to automatically organize images like receipts and documents – AI Photos
  • Microsoft shared a temporary workaround for Outlook errors opening encrypted emailsβ€”enable cross-tenant access while a fix is investigated – Outlook Fix
  • Edge will gain protections to detect and revoke malicious sideloaded extensions to curb extension-based malware campaigns – Edge Extensions

Policy & Platforms

  • The United States approved a plan for US investors to take over TikTok operations to ensure local control of user data, algorithms, and moderation for national security reasons – TikTok US

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint