Category: Daily Recap

Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, Forum Troll APT hijacks scholars’ systems using fake plagiarism reports to deliver malware and gain access to academic networks, while a Russian APT conducts high‑pressure phishing campaigns targeting Transnistria and NATO personnel to harvest credentials and access. The report also highlights critical vulnerabilities and exploits—ASUS Live Update, AsyncOS, and React2Shell—as well as a ZeroDay Cloud event, breached platforms like PornHub and SoundCloud, and privacy concerns involving TikTok and Grindr, with FBI and France taking enforcement actions.
#ForumTrollAPT #AcademicAmbush #BlurredDeception #Transnistria #NATO #InkDragon #ASUSLiveUpdate #AsyncOS #React2Shell #ZeroDayCloud #PornHub #SoundCloud #TikTok #Grindr #FBI #France

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, state-sponsored GRU-linked groups such as Sandworm and APT44 have pivoted from zero-days to weaponizing misconfigured edge devices, persistently targeting energy, telecom and cloud infrastructure across 2021–2025, with some operations disrupted by private defenders. The recap also highlights a range of threats, from Android RaaS Cellik and GhostPoster campaigns to credential phishing by APT28 and ForumTroll, notable incidents at PDVSA, KT, Askul and Hama Film, and ongoing supply-chain and vulnerability activities involving Fortinet flaws and AWS IAM abuse. #GRU #Sandworm #APT44 #APT28 #ForumTroll #GhostPoster #Cellik #TracerFody #PDVSA #KT #Askul #HamaFilm

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, Fortinet flaws are being actively exploited to bypass SAML/SSO and steal configurations, while the critical React2Shell (CVE-2025-55182) is used to deploy backdoors like KSwapDoor and ZnDoor in campaigns linked to China, and patched FreePBX vulnerabilities require urgent updates. The threat landscape also features SantaStealer and PyStoreRAT campaigns, massive data breaches affecting Prosper, 700Credit, SoundCloud, PornHub, Jaguar LandRover, and Askul, plus state-backed espionage by Sandworm (APT44) and Salt Typhoon, alongside privacy/regulation concerns and AI-enabled phishing and scams. #Fortinet #FortiGate #React2Shell #KSwapDoor #ZnDoor #FreePBX #SantaStealer #PyStoreRAT #Prosper #700Credit #SoundCloud #PornHub #JaguarLandRover #Askul #SaltTyphoon #Sandworm #MI6 #UrbanVPNProxy #GoogleDarkweb #Texas #Soverli #WSL

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, A relaunch of CyberVolk’s RaaS VolkLocker targets Windows and Linux but carries a hard-coded master key and cryptographic flaws in AES256 that can enable free decryption, with operators distributing the toolkit via Telegram. Other highlights include SHADOW-VOID-042 impersonating Trend Micro in a spear-phishing campaign tied to Void Rabisu, PayPal subscription-billing abuse, Hamas-affiliated Ashen Lepus revealing the AshTag malware suite, and the Asahi Group ransomware incident prompting a shift to a zero-trust security model. #VolkLocker #SHADOWVOID042 #TrendMicro #VoidRabisu #PayPal #AshTag #AshenLepus #AsahiGroup #ZeroTrust #Telegram

Read More
Threat Research | Weekly Recap [14 Dec 2025]

Cybersecurity Threat Research ‘Weekly’ Recap: A critical unauthenticated deserialization RCE in React Server Components (React2Shell, CVE-2025-55182) is being weaponized for mass scanning and arbitrary code execution, prompting patches and WAF/runtime protections while defenders hunt for indicators (MINOCAT, SNOWLIGHT, HISONIC, XMRig). A broad surge of activity across loaders, backdoors, info stealers, phishing, ransomware, and APTs—featuring EtherRAT, GhostPenguin, NANOREMOTE, CastleRAT, ValleyRAT, GrayBravo, AshTag, AshenLepus, Group123, APT31, Salt Typhoon, GOLD_SALEM, Warlock, Makop, 01flip, Storm-0249, and others—underscores supply-chain abuse, credential theft, and geopolitical intrusions.
#React2Shell #CVE-2025-55182 #MINOCAT #SNOWLIGHT #HISONIC #XMRig #EtherRAT #GhostPenguin #NANOREMOTE #CastleRAT #ValleyRAT #GrayBravo #AshTag #AshenLepus #Group123 #APT31 #SaltTyphoon #GOLD_SALEM #Warlock #Makop #01flip #Storm_0249 #FrostBeacon #Shai_Hulud_2_0 #NexusRoute #RTO_Challan #DroidLock #PhantomStealer #AMOSStealer #Banshee #LummaStealer #JSCEAL #NoteGPT #MoneyMount #VSCodeExtensions

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, the security landscape today spans zero-day exploits patched in Apple WebKit and active Gogs exploitation affecting hundreds of self-hosted instances, along with critical flaws in Varex Imaging, GDCM, and Johnson Controls iSTAR Ultra impacting medical and industrial systems. The report also highlights Lazarus Group and Ashen Lepus espionage campaigns, major data breaches at Coupang and Pierce County Library, and a surge of malware kits and phishing tools including PyStoreRAT, Agent Tesla, BlackForce, GhostFrame, InboxPrime AI, and DroidLock. #LazarusGroup #AshenLepus #Coupang #PierceCountyLibrary #PyStoreRAT #AgentTesla #BlackForce #GhostFrame #InboxPrimeAI #DroidLock #AppleWebKit #Gogs #VarexImaging #GDCM #JohnsonControls #AshTag

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, active exploitation of GeoServer CVE-2025-58360 enables file reads, SSRF, and DoS alongside multiple React Server Component flaws (CVE-2025-55182 / React2Shell) that trigger RCE and prompt emergency patching by federal agencies. The round-up also notes a RasMan zero-day with unofficial 0Patch fixes, plus incidents such as Gladinet RCE, Notepad++ update-flaw, malicious VSCode extensions, Fieldtex data breach, ICO fines for LastPass, CodeRED outage, and other breaches and takedowns like MKVCinemas. #GeoServer #RasMan

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, authorities pursue a broad set of cybercrime actions—from Myanmar digital arrest-fraud charges and Accenture fraud to FedRAMP-related contractor concerns and indictments targeting Russian-linked hacktivists. The recap also flags data breaches and privacy risks at Pierce County Library, LastPass fines, Petco Vetco exposure, doorbell and camera privacy debates, and widespread vulnerabilities and malware activity including NANOREMOTE, BRICKSTORM, Mirai, CastleLoader, Spiderman Phishing, DroidLock, and large Docker Hub credential leaks.
#NANOREMOTE #BRICKSTORM #WarpPanda #LastPass #PierceLibrary #Petco #Vetco #DroidLock #CastleLoader #SpidermanPhishing #DockerHub #Mirai

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, Microsoft released its December security updates addressing 56–57 flaws, including 3 zero-days and active exploits, while Adobe patched nearly 140 vulnerabilities and SAP and other vendors issued urgent fixes. Threat actors and incidents highlighted include North Korea-linked React2Shell operators exploiting to deploy new EtherRAT variants, CastleLoader/CastleRAT under GrayBravo expanding its infrastructure targeting logistics and transport, Storm-0249’s stealthy ransomware tactics, and high-profile breaches and investigations involving Coupang, HSE, and the Khashoggi spyware allegations. #EtherRAT #CastleLoader

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, AI and browser security dominate this edition as NCSC warns about prompt injection and Google layers defenses in Chrome/Gemini to curb indirect prompts and agentic browsing, while Zero Trust guidance promotes safer AI integrations via the Shared Signals Framework.
Meanwhile, the threat landscape features a high-severity XXE in Apache Tika raising CVE risk to 10.0, new CSS/SVG clickjacking bypass techniques, ValleyRAT deliveries by Silver Fox APT, JS#SMUGGLER-driven NetSupport RAT and malicious VSCode extensions, Shanya EXE packing for stealthy payloads, Broadside botnet activity, STAC6565 targeting Canada, a multi-billion ransomware extortion wave with billions paid and a US bounty on Iranian hackers, plus regulatory and industry shifts impacting AI, data sharing, and outsourced security.
#ValleyRAT #JS#Smuggler #NetSupportRAT #ShanyaEXE #BroadsideBotnet #STAC6565 #Canada #IranianHackers #Chrome #Gemini

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, Researchers link three hacking groups exploiting two vulnerabilities to campaigns with ties to China, highlighting widespread exploitation paths and potential state involvement. UTA0355 stole Microsoft 365 OAuth tokens via fake security-conference lures and WhatsApp support social engineering, while Android families FvncBot, SeedSnatcher, and an upgraded ClayRat add stronger data-theft features, alongside NFCGate-based banking malware and breaches at Cl0p and Tri-Century Eye Care. #China #UTA0355

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, Active exploitation of the critical React2Shell flaw pushed it onto the CISA KEV list, with Chinese actors and Amazon researchers reporting widespread abuse that even triggered a Cloudflare outage. The report also highlights CVE-2025-66516 in Apache Tika enabling XXE and possible RCE, a Barts Health NHS data breach caused by an Oracle zero-day, a resurgence of LockBit activity, EU penalties on X under the Digital Services Act, and the Agentic Wiper threat capable of auto-deleting Google Drive.
#React2Shell #CISAKEV #CloudflareOutage #ApacheTika #CVE-2025-66516 #BartsHealthNHS #LockBit #AgenticWiper #GoogleDrive #X #DigitalServicesAct

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, exploits ranging from React2Shell flaws in React/Next.js being actively exploited by China-linked groups to a Cloudflare outage caused by emergency patches highlight persistent risks across web infrastructure. BRICKSTORM activity by PRC-linked actors targeting VMware vSphere in U.S. networks, alongside campaigns such as Array Networks gateway exploitation, Sha1-Hulud supply-chain worm, and Intellexa and Predator surveillance tools, illustrate a broad threat landscape. #React2Shell #BRICKSTORM

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, regulatory moves span India withdrawing the Sanchar Saathi mandate and the UK’s cookie-enforcement push, with broader state activity highlighting Russia’s connected-car vulnerabilities and sanctions related to cyber espionage. The week also features critical RSC bugs in React/Next.js, LNK flaws, Elementor/King Addons WordPress exploits, a record AISURU DDoS with up to 4 million bots, Predator spyware activity, and data breaches at Freedom Mobile and Marquis alongside Rhysida ransomware pressure on local governments. #SancharSaathi #PredatorSpyware #AISURU #Rhysida #KingAddons #LNK #FreedomMobile #Marquis

Read More
Cybersecurity News | Daily Recap [18 Dec 2025]

Daily Recap, this edition highlights regulatory actions shaping cybersecurity—from Temu being sued for customer data misuse and the EU’s online marketplace data-processing ruling to the FTC’s Illuminate order and India’s SIM-mandate as a cyber-safety push. Incidents and threats include an Oracle breach disclosure, the Shai-Hulud 2.0 NPM campaign exposing up to 400,000 developer secrets, persistent browser extensions backdoors, and Iran-linked phishing against critical infrastructure, alongside AI safety initiatives and major security funding.
#Temu #Illuminate #ShaiHulud #Oracle #Iran #Israel #Egypt #SIMMandate #EUSingaporePact #AustraliaAIInstitute #IPCamera

Read More