Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [18 Oct 2025]

admin
Cybersecurity News | Daily Recap [18 Oct 2025]

Daily Recap, North Korea combines BeaverTail and OtterCookie into advanced JavaScript malware to steal data and cryptocurrency, while state-backed actors deploy diverse tooling including a new .NET CAPI backdoor and AI-enabled escalation techniques across Russia, China, and other regions. The update also highlights high-severity ASP.NET Core flaws, widespread data leaks such as Envoy’s Oracle E-Business breach, and SIM farm takedowns—reflecting broad, multi-vector threats and remediation efforts. #BeaverTail #OtterCookie #SilverFox #BulletproofChains #AIEscalation #Envoy #SIMFarmRaid

Nation‑State & APTs

  • North Korea operators combine BeaverTail and OtterCookie into advanced JavaScript malware and use evasive techniques to steal data and cryptocurrencyNK Malware, NK Evasive
  • State-backed actors deploy diverse tooling and techniques— a new .NET CAPI backdoor targeting Russian auto and e‑commerce firms, Silver Fox expands Winos 4.0 to Japan and Malaysia via HoldingHands RAT, malware delivered from “bulletproof” blockchains, and Russia/China leveraging AI to escalate attacks – .NET Backdoor, Silver Fox, Bulletproof Chains, AI Escalation

Vulnerabilities & Patches

  • Microsoft issues emergency fixes for the highest-severity ASP.NET Core flaw ever rated and publishes follow-up coverage – ASP.NET Patch, ASP.NET Coverage
  • Multiple critical flaws disclosed and patched — Apache ActiveMQ RCE, Chrome CVE-2025-11756 in Safe Browsing, actively exploited AEM CVE-2025-54253, plus several Siemens advisories
  • Vendor updates and hotfixes address product-specific flaws: ConnectWise fixes an AiTM update-attack bug in Automate, Microsoft patches a Windows bug breaking localhost HTTP connections and lifts several Windows 11 safeguard holds – ConnectWise Fix, Windows Localhost Fix, Safeguard Lifts

Breaches & Data Leaks

  • Regional airline subsidiary Envoy confirms an Oracle E‑Business Suite data theft/compromise affecting customer records – Envoy Confirmed, Envoy Report
  • Data exposures continue: video‑call app Huddle01 exposed over 600K+ user logs, Grand Traverse County (MI) notifies victims of leaked SSNs, and reporting highlights airline breach risks and other incidents including the Mango data breach – Huddle01 Leak, Grand Traverse, Airline Risk, In Other News

Law, Takedowns & Policy

  • European law enforcement dismantles SIM‑box/SIM‑farm operations renting thousands of numbers for fraud and cybercrime across Latvia, Austria and EstoniaSIM Farm Raid, Europol Takedown
  • A court hands the PowerSchool hacker a four‑year prison term, while industry groups sue to block Texas age‑gating app rules in a wider policy clash – PowerSchool Sentence, Texas Suit

Research, Events & Careers

  • Pwn2Own Automotive 2026 offers over $3 million in prizes to incentivize vehicle security research – Pwn2Own Automotive
  • Career lift: guidance on VMware certification as a strategic skill boost for security and IT professionals – VMware Cert

Cybersecurity News | Daily Recap – hendryadrian.com