Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [24 Oct 2025]

admin
Cybersecurity News | Daily Recap [24 Oct 2025]

Daily Recap, Microsoft patches critical WSUS RCE (CVE-2025-59287) and blocks NTLM hash theft via Preview, while multiple product flaws and active exploits raise supply chain and server risk. The broader landscape covers state and non-state actors deploying drone malware, DeskRAT variants, and ransomware waves, with notable incidents in healthcare, government, and e‑commerce sectors. #CVE-2025-59287 #NTLM #DeskRAT #Medusa #Genesis

Vulnerabilities & Patches

  • Microsoft issues emergency fixes after a remote RCE in WSUS (CVE-2025-59287) was exploited in the wild and a PoC surfaced – WSUS Patch, WSUS Exploit, WSUS Update
  • Microsoft disabled File Explorer download previews to block NTLM hash theft and mitigate related attacks – Preview Block, Preview Block
  • Multiple product flaws under active attack include a Rust library RCE in async-tar, DNS resolver cache-poisoning bugs, a Lanscope Endpoint Manager flaw warned by CISA, and rising SessionReaper exploits against Magento sites – async-tar RCE, DNS Cache, Lanscope Flaw, SessionReaper

Nation‑State & APTs

  • North Korea actors are deploying “drone” malware and ScoringMathTea to target European UAV manufacturers – NK Drone, NK Drone, NK Drone
  • Multiple campaigns are using variants of DeskRAT (including AI-assisted builds) to target Indian government and BOSS Linux systems – APT36 DeskRAT, TransparentTribe DeskRAT
  • Espionage and phishing operations continue—PhantomCaptcha lures Ukraine NGOs, MuddyWater uses compromised mailboxes, and attackers impersonate Kyrgyz officials to target Russian agencies – PhantomCaptcha, MuddyWater, Kyrgyz Impersonation
  • Cyber incidents and analysis indicate the Russian state is actively managing cybercrime groups and a DDoS on Russia’s food-safety agency disrupted shipments – Russia Manage, Russia DDoS

Supply Chain & Distribution

  • A self‑spreading GlassWorm campaign has infected VS Code extensions in a widespread supply‑chain attack while a massive ghost network used 3,000 YouTube videos as malware traps—heightening supply‑chain risk – GlassWorm, YouTube Ghost
  • Guidance and bulletins warn organizations to secure software supply chains as stealer families and open‑source attacks proliferate (Lumma Stealer, Vidar Stealer 2.0) and a $176M crypto penalty highlights systemic risk – Supply Chain Guidance, ThreatsDay

Ransomware & Breaches

  • Medusa ransomware leaked 834 GB of Comcast data after demanding $1.2MMedusa Leak
  • New gang Genesis claims 9 breaches affecting healthcare and retail, adding to ongoing extortion waves – Genesis Claims
  • Toys “R” Us Canada warns customer information was exfiltrated and posted online after a breach – ToysRUs Leak, ToysRUs Notice
  • Indian exchange WazirX plans to resume operations after a cyberattack that halted services for 15 months – WazirX Resume

Zero‑days & Hacking Contests

  • Pwn2Own competitors collected $1,024,750 for 73 zero‑days and a WhatsApp exploit was privately disclosed to Meta by the researcher – Pwn2Own Payouts, WhatsApp Report

Identity & Authentication

  • Scammers used fake death claims to trick victims into revealing LastPass vault data, highlighting credential‑theft risks – LastPass Scam
  • Organizations are urged to adopt self‑service password resets to cut helpdesk costs and reduce authentication friction – SSPR Guidance
  • Product identity incidents and rollbacks include HP pulling an update that broke Microsoft Entra ID auth on some AI PCs, and Tinder expanding face verification to more states – HP Entra Rollback, Tinder Face Check

Browsers & AI Spoofing

  • AI sidebar spoofing threatens browsers including ChatGPT Atlas, Perplexity Comet and others, enabling malicious content injection – AI Sidebar, Perplexity Targeted
  • Mozilla will require new Firefox extensions to disclose data‑collection practices to improve extension transparency and user privacy – Mozilla Extensions

Research & Reports

  • A new analysis explores the cybersecurity perception gap between executives and practitioners and why risk views diverge across organizations – Perception Gap
  • Microsoft’s Digital Defense Report 2025 highlights extortion and ransomware as leading drivers of global cybercrime growth – Digital Defense

Corporate & Legal

  • The U.S. accused a former security‑company official of stealing trade secrets to sell to a Russian buyer in a criminal probe – Trade Secrets
  • Former Binance CEO Changpeng Zhao was pardoned by President Trump after a guilty plea related to laundering cybercrime proceeds through the platform – CZ Pardon
  • A former Polish official was indicted over the purchase of spyware, underscoring legal scrutiny of surveillance tools – Polish Indictment

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint