![Cybersecurity News | Daily Recap [29 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [29 Oct 2025]")
Daily Recap, Russian-linked actors used living-off-the-land techniques to breach Ukrainian organizations, while BlueNoroff leveraged AI-enhanced espionage on macOS to social-engineer victims. Major vulnerabilities and breaches, from Tomcat flaws to DELMIA alarms, underscore rapid attack surface expansion across industries. #RussianBreaches #BlueNoroffAI #TomcatFlaws #DELMIAWarning #ConduentBreach #DentsuMerkle #RavinAcademy #UKAfghanLeak
Nationāstate Activity
- Russian-linked attackers used stealthy livingāoffātheāland tactics to breach Ukrainian organizations this summer, exploiting legitimate tools rather than deploying heavy malware ā Russian Breaches, Russian Breaches
- BlueNoroff APT launched AIāenhanced espionage on macOS using fake GhostCall/GhostHire meetings and GPTā4o images to socialāengineer victims ā BlueNoroff AI, BlueNoroff AI
Vulnerabilities & Active Exploits
- Multiple production flaws are under active attack, including critical Apache Tomcat issues (9/10/11), two actively exploited Dassault vulnerabilities and XWiki flaws, and recent ASP.NET Core impact on QNAP NetBak ā Tomcat Flaws, Dassault/XWiki, QNAP NetBak
- Proofāofāconcept code and disclosures surfaced for highārisk bugs including BIND 9 (CVEā2025ā40778), stored XSS reports and Struts2 framework issues ā defenders should patch and monitor PoC activity ā BIND PoC, Stored XSS, Struts2 Disclosure
- CISA warns of exploited DELMIA Apriso/factory software vulnerabilities affecting industrial environments ā patches and mitigations are urgently recommended ā DELMIA Warning, DELMIA Warning
Hardware & SideāChannel Research
- Researchers disclosed TEE.Fail, a DDR5 sideāchannel attack that can extract keys from Intel and AMD TEEs (SGX/TDX/SEVāSNP) by observing DDR5 memory traffic, risking enclave secrecy and VM integrity ā TEE.Fail DDR5, TEE.Fail DDR5
Ransomware & Malware
- The Qilin ransomware gang has hit hundreds of organizations this year and now abuses WSL to run Linux encryptors on Windows hosts, complicating detection and response ā Qilin Threat, Qilin Threat
- Android threats surge: a new Herodotus banking trojan and other strains mimic human typing/delays to bypass antiāfraud systems, while HyperRat is being sold as an offātheāshelf spy tool and infostealers hide in free videoāgame cheats ā users and banks targeted in multiple regions including Italy and Brazil ā Herodotus Trojan, HyperRat, Android Evasion, Infostealers
- New macOS and crossāplatform espionage chains (GhostCall/GhostHire) leverage AI imagery and social engineering to deliver advanced infoāstealers and implants ā GhostCall Chains
Data Breaches & Leaks
- Major breaches and data exposures announced this week: Conduent says the incident began in 2024, advertising giant Dentsu reported a Merkle subsidiary breach, and leaks exposed Capitol Hill applicants and other sensitive datasets ā impacted parties urged to monitor notices ā Conduent Breach, Dentsu/Merkle, DomeWatch Leak
- An Iranian organization tied to MOIS (Ravin Academy) and a UKāAfghan data leak linked to 49 deaths highlight risks from stateālinked breaches and exposed humanitarian records ā Ravin Academy, UK Afghan Leak
Policy, Telecom & Fraud
- European and US authorities spotlight callerāID spoofing and robocalls: Europol warns of rising spoofing threats and the FCC adopted new rules targeting robocalls as regulators press telecoms for fixes ā Caller ID Spoofing, FCC Robocall Rule
- Scammers increasingly target vulnerable groups, with campaigns threatening international studentsā visa statuses and crossāborder scamācenter raids tied to criminal networks in Myanmar and Thailand ā vigilance advised ā Student Scams, Myanmar Scams
Industry, Standards & AI Risk
- MITRE released ATT&CK v18 with updates improving detections and expanding coverage for Mobile and ICS, offering defenders refreshed mappings and controls ā ATT&CK v18
- AI safety and tooling headlines: Polygraf raised $9.5M to harden AI adoption, CyberRidge secured $26M for photonic encryption to resist quantum interception, and SimSpace raised $39M for cyber range training ā funding signals growth in AI/security startups ā Polygraf $9.5M, CyberRidge $26M, SimSpace $39M
- AI product risks: OpenAIās Atlas Browser was tripped by malformed URLs (promptāinjection risk), while the Python core rejected a $1.5M U.S. grant over ethics concerns ā oversight debates continue ā Atlas Bug, Python Grant
Products & Updates
- Microsoft pushed Windows 11 KB5067036 introducing an Administrator Protection feature, and also expanded Copilot to let users build apps and automate workflows amid a lawsuit alleging misleading Copilot M365 subscription practices ā Win11 KB5067036, Copilot Build, Copilot Lawsuit
Events & Analysis
- Security professionals can join a free webinar on practical AI tactics for GRC to learn adoption and risk mitigation strategies for governance, risk and compliance ā AI GRC
- Analysts warn of the coming 2026 digital battlefield ā trends include ghost identities, poisoned accounts and rogue AI agents changing adversary tradecraft and defense priorities ā Digital Battlefield