Cybersecurity News | Daily Recap [03 Oct 2025]

hendryadrian.com

hendryadrian.com

Extortion & Leaks

• Hackers are sending extortion demands tied to alleged Oracle E‑Business Suite data theft with links to groups like Clop/FIN11, while Oracle investigates possible exploitation of known flaws – Oracle Extortion, Clop Claims, Oracle Emails
• Cyber extortion group claiming ties to ShinyHunters/Lapsus$ launched a Salesforce data‑leak site extorting ~39 victims and threatening brand data exposure – Salesforce Leak
• Hackers calling themselves the Crimson Collective claim to have exfiltrated ~28,000 Red Hat GitLab repositories; Red Hat confirms unauthorized access and is notifying affected customers – Red Hat Breach

Malware & APTs

• New self‑propagating WhatsApp malware SORVEPOTEL is spreading quickly among Brazil Windows users, prioritizing rapid propagation over data theft – WhatsApp Worm
• Long‑running Confucius APT resumed operations in South Asia (including Pakistan), shifting from WooperStealer to the Python backdoor AnonDoor using phishing, DLL side‑loading and obfuscation – Confucius APT, Confucius Pakistan
• Threat actor dubbed Cavalry Werewolf is targeting Russian and Central Asian agencies with RATs like FoalShell and StallionRAT via sophisticated phishing campaigns – Cavalry Werewolf

Ransomware & Disruption

• Japanese brewer Asahi suffered a ransomware attack that disrupted production of Asahi Super Dry, caused data theft and created supply shortages across Japan – Asahi Ransomware, Asahi Shortage

Vulnerabilities & ICS

• CVE‑2025‑4008 in Meteobridge is being actively exploited for unauthenticated command injection and has been added to CISA’s KEV list – Meteobridge CVE, CISA KEV
• Festo control devices contain a vulnerability allowing unauthenticated remote access and potential DoS; mitigations include limiting network access and updating affected products – Festo Flaw
• DrayTek warns of CVE‑2025‑10547 remote code execution in multiple Vigor routers; users should apply firmware updates promptly – DrayTek RCE

Privacy, Policy & Legal

• LinkedIn sued ProAPIs for operating fake accounts that scraped and sold data from millions of profiles, spotlighting automated large‑scale scraping – LinkedIn Lawsuit
• A Dutch court ruled Meta violated the Digital Services Act by profiling users to customize feeds and ordered changes within two weeks – Meta Ruling
• European parliamentarians urged the EU to stop funding spyware vendors like Intellexa Alliance and Cy4Gate over unlawful surveillance concerns and democratic harms – Spyware Funding

Defenses, Tools & Guidance

• Passwork 7 upgrades on‑premises secrets management with flexible hierarchies, RBAC and APIs to simplify enterprise secrets handling – Passwork 7
• French startup MokN raised ~€2.6M (~$3M) to expand deception‑based “phish‑back” honeypots that help recover stolen credentials before abuse – MokN Funding
• HackerOne paid out $81M in bounties last year and reports a rise in AI‑related vulnerabilities, notably prompt‑injection flaws – Bug Bounties
• Microsoft will stop rendering inline SVG images in Outlook to reduce XSS/phishing risks, affecting less than 0.1% of images – Outlook SVG
• Guidance for CISOs offers a template to present generative AI risks to boards, recommending frameworks, monitoring and policy enforcement – AI Board Template
• Cybersecurity Awareness Month guidance stresses the “3 golden rules” for passwords and adoption of password managers to counter advancing AI threats – Password Rules
• Researchers warn of “CometJacking” prompt‑injection attacks that can trick the Comet AI browser into exfiltrating emails and other data, highlighting prompt‑injection risks – CometJacking

Smishing & Infrastructure

• Analysis shows large‑scale smishing campaigns use cheap, small‑box infrastructure and misconfigured routers to send mass SMS phishing and evade detection, raising concerns about exposed network devices – Smishing Infrastructure

Cybersecurity News | Daily Recap – hendryadrian.com