Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [29 Sep 2025]

admin
Cybersecurity News | Daily Recap [29 Sep 2025]

The daily recap covers nation-state espionage, ransomware, data breaches, AI-driven security trends, and notable campaigns, including a SonicWall SSL VPN MFA bypass tied to CVE-2024-40766 and a Harrods breach via a third-party supplier. It also highlights AI-enabled phishing with obfuscated SVG payloads, malvertising campaigns distributing spyware, Medusa exfiltration from Comcast, and broader activity from RedNovember and COLDRIVER, with impacts on multiple sectors. #SonicWall #Harrods #Medusa #RedNovember #COLDRIVER #TradingView

Nation-state Espionage

  • Two teenage boys in the Netherlands were arrested for allegedly assisting pro-Russian hackers using Wi‑Fi sniffer devices, underlining minor involvement in state-linked espionage – Dutch Teens
  • Reports show Chinese APT RedNovember expanding espionage against U.S. defense, aerospace and tech via internet-facing exploits, while Russia-linked COLDRIVER deploys new malware in the ClickFix campaign targeting journalists and civil society – RedNovember APT, COLDRIVER Campaign

Ransomware & Exploitation

  • Ransomware group Medusa claims exfiltrating over 834 GB from Comcast and demands $1.2M, posting screenshots and extensive file listings tied to actuarial and financial data – Medusa Claim
  • Akira ransomware actors continue breaching MFA‑protected SonicWall SSL VPN accounts by exploiting access-control flaws (CVE‑2024‑40766), likely using stolen OTP seeds or bypass techniques – Akira MFA

Data Breaches & Corporate Impact

  • British department store Harrods disclosed a breach affecting about 430,000 customer records via a third‑party supplier (no payment or password data exposed), with links to prior activity from groups like ScatteredSpider/DragonForceHarrods Breach, Harrods Breach, Harrods Breach
  • The UK government will act as guarantor for a loan to Jaguar Land Rover to aid recovery after a disruptive cyberattack, aiming to stabilise supply chains and protect jobs – JLR Loan

AI & ML in Cyber

  • Microsoft warns of AI-driven phishing using LLM-crafted obfuscated SVG payloads that evade email security by mimicking business terminology and advanced obfuscation – SVG Phishing
  • From Ukraine’s push for an AI‑first “agentic state” to SOCs adopting AI to cut alert volumes, law enforcement using platforms like TimePilot, and experiments on AI-authored vulnerability checks, organizations are rapidly integrating AI—raising efficiency gains and concerns about bias, civil‑rights and security – Ukraine AI, SOC AI, AI Evidence, AI Checks

Malvertising & Distribution

  • Malicious Google and YouTube ads abused verified accounts to lure users with fake free TradingView Premium offers and distribute spyware such as Trojan.Agent.GOSL via hidden videos and fake ads – TradingView Scam

Threat Intelligence

  • Weekly threat recap reports widespread activity—information stealers, supply‑chain abuse, botnets, ransomware, state‑aligned APTs and AI/LLM risks (e.g., MCP backdoors, AI‑obfuscated phishing)—and stresses defensive controls and incident response best practices – Weekly Recap

Regulatory & Legal

  • The European Commission has opened a probe into SAP for alleged anti‑competitive ERP support practices that may restrict third‑party support providers and distort EU markets – SAP Probe

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint