![Cybersecurity News | Daily Recap [11 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Oct 2025]")
Daily Recap, Open-source supply-chain attacks from a North Korean APT targeting npm and Node.js SEA/Electron installers to deliver RATs and ransomware, alongside a Gladinet zero-day being actively exploited. The summary also notes polymorphic RATs, ClayRat Android spyware, BreachForums takedown, and notable data-theft incidents including Sugar Land outage and PowerSchool breach, with updates on Windows 11 EOS and GDPR findings. #Stealit #Contagious npm #ClayRat #PowerSchool #Sugar_Land #Windows11_23H2 #GNU
Supply‑chain & Open Source
- Open‑source attacks: a North Korean APT flooded npm with 338 malicious packages to steal crypto and a separate campaign abused Node.js SEA/Electron installers to deliver RATs and ransomware – Contagious npm, Stealit Malware
Vulnerabilities & Exploits
- Zero‑day exploitation: attackers are actively exploiting a remote‑code execution flaw (CVE‑2025‑11371) in Gladinet CentreStack/Triofox, with mitigations advised until a patch is released – Gladinet Zero-day, Gladinet Roundup
Malware & Spyware
- Undetected RAT: a polymorphic Python remote access trojan (including self‑modifying code and 40+ capabilities) is evading detection with only two VirusTotal hits so far – Polymorphic RAT
- Mobile espionage: researchers flagged ClayRat Android spyware and other targeted espionage tools in recent incident roundups – ClayRat Spyware
Law Enforcement & Crime Forums
- Forum takedown: U.S. and French authorities seized the latest BreachForums instance while threat actors on Tor continue to promise leaks and extortion, disrupting but not ending the group’s campaigns – BreachForums Seized, BreachForums Banner
Financial & Data Theft
- Municipal outage: a cyberattack disrupted online services in Sugar Land, Texas, affecting bill pay, permits and the 311 contact center while critical systems remain operational – Sugar Land Attack
- School breach sentencing: prosecutors seek a 7‑year term for a 19‑year‑old who hacked PowerSchool, exposing data on about 60 million students and 9 million teachers – PowerSchool Sentence
- Payroll fraud: Microsoft warns of the Storm‑2657 “Payroll Pirates” group hijacking HR SaaS accounts to redirect employee salaries via social engineering and weak MFA protections – Payroll Pirates
Microsoft & Privacy
- End of support: Windows 11 23H2 Home and Pro will stop receiving security updates after November 2025, with users urged to upgrade to 24H2 to stay supported – Win11 EOS
- GDPR breach: Austria’s regulator found Microsoft illegally tracked students via its education software, ruling the practice violated EU privacy law – Microsoft Ruling
Industry, Policy & Events
- Big bounty: Apple revamped its bug bounty program, offering up to $2 million for zero‑click RCE findings to discourage advanced spyware abuses – Apple Bounty
- Free resources: “Cybersecurity For Dummies (3rd Ed.)” is temporarily available as a free eBook to help users defend against modern threats like ransomware and social engineering – Free eBook
- Talent win: Italy topped the 2025 European Cybersecurity Challenge in Warsaw, highlighting growing youth talent and inclusion efforts like the Female+ Bootcamp – Italy Wins
- Gender parity push: UN Women and the Global Cybersecurity Forum partnered to increase female participation in cyber amid a workforce that’s only 24% women today – Women in Cyber