Daily Recap, researchers warn of a third GlassWorm wave arriving through malicious VS Code packages and a ShadyPanda browser extension campaign, with the Contagious Interview expansion introducing OtterCookie to the attack surface. The roundup also highlights North Korea’s Lazarus operations, high-profile breaches at Coupang and Brsk, the BOSS/APT36 Linux espionage pivot, and enforcement actions such as Cryptomixer takedowns and Sanchar Saathi regulatory measures. #GlassWorm #ShadyPanda #OtterCookie #Lazarus #Coupang #Brsk #APT36 #ShaiHulud #Cryptomixer #SancharSaathi #IlluminateEducation #EvilTwin
Category: Daily Recap
![Cybersecurity News | Daily Recap [02 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [02 Dec 2025]")
Daily Recap, today’s Cybersecurity News spans Android MaaS campaigns like Albiriox targeting 400+ apps, Tomiris APT’s switch to public-service implants and covert C2, Bloody Wolf expansion into Central Asia with NetSupport RAT, and a North Korea linked npm package flood delivering OtterCookie. It also covers a Coupang data breach affecting ~33.7 million users, ScadaBR vulnerability warnings, Airbus A320 retrofit, Cryptomixer takedown, WiFi attack sentencing, Linux Kernel 6.18 release removing bcachefs, India’s SIM-binding rule, and Agentic AI browser risks in a weekly threat roundup.
#Albiriox #Tomiris #BloodyWolf #OtterCookie #Coupang #ScadaBR #Airbus #Cryptomixer #WiFiAttacks #LinuxKernel618 #SIMBinding #AgenticAI
![Threat Research | Weekly Recap [30 Nov 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [30 Nov 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap: The report highlights a broad wave of risk from supply-chain and developer-ecosystem abuse—including npm worm campaigns like Shai-Hulud 2.0, OtterCookie, and PyPI domain-takeover vectors—alongside ongoing nation-state operations from Lazarus, Kimsuky, Gamaredon, Tomiris, and related actors. It also covers infostealers, loaders, vulnerabilities (CVE-2025-61882, CVE-2025-64446), breaches, and e-commerce fraud, with defensive guidance on threat intelligence integration, automated security validation, phishing simulations, and AI risk mitigation.
#ShaiHulud #OtterCookie #Kimsuky #Lazarus #Gamaredon #Tomiris #WaterGamayun #BerserkBear #ShinySp1d3r #Gainsight
Daily Recap, Japan’s Asahi reports a ransomware-related data breach that may have exposed personal data of about 1.5 million people, while France’s Football Federation disclosed a cyberattack compromising administrative software and stealing member data. In malware and supply chain news, North Korea-linked actors deployed 197 npm packages to distribute the OtterCookie malware, legacy PyPI bootstrap scripts create a domain-takeover risk, public GitLab repositories exposed over 17,000 secrets, Windows updates hid the password login icon on the lock screen, and the in-flight Wi-Fi attacker was sentenced to seven years in prison. #AsahiBreaches #OtterCookie
Daily Recap, OpenAI disclosed that API/customer data was exposed after its vendor Mixpanel was hacked, prompting incident disclosures and investigations. Ransomware and outages were reported across multiple fronts, including Qilin’s data heist via a South Korean MSP breach and an Asahi Group ransomware incident potentially exposing about 2 million records, along with IT outages affecting London councils and the U.S. CodeRED emergency system. #Qilin #AsahiGroup
Daily Recap, London councils experienced a cyber incident that temporarily disrupted services across local authorities, while a widespread US emergency alert outage affected OnSolve’s CodeRED service and related Georgia Clerks Authority court-filing systems. The evolution of threats—from mass account-takeover fraud to Crypto Copilot-driven DeFi siphoning and state-sponsored web implants—highlights ongoing risk across public-sector, financial, and infrastructure targets and the imperative for effective risk management. #GeorgiaClerks #CryptoCopilot
Daily Recap, multiple critical disclosures dominated today’s cybersecurity briefing, including CVE-2025-65998 in Apache Syncope that risks stored passwords and urgent patches for affected deployments, and Fluent Bit RCE flaws that could enable stealthy cloud i……
Daily Recap, today’s cybersecurity news highlights Shai-Hulud’s second wave that steals npm credentials affecting 25,000+ repositories and leaks secrets to GitHub, along with ShadowPad actively exploiting a WSUS flaw and Grafana SCIM (CVE-2025-41115) enabling privilege escalation. The roundup also covers Microsoft and Windows risks—from agentic AI features and Windows 11 24H2 crashes to migration away from SCCM/WSUS—plus insider incidents, APT24/BADAUDIO activity, a Moscow-run postal outage in occupied Ukraine, and notable breaches like Harvard University and Mazda, plus the Passwork 7 launch. #ShaiHulud #ShadowPad #GrafanaSCIM #CVE-2025-41115 #WSUS #SCCM #APT24 #BADAUDIO #HarvardUniversity #Mazda #Passwork7 #DeepSeekR1 #CrowdStrike #CBI #Windows11_24H2
Cybersecurity Threat Research ‘Weekly’ Recap highlights a broad spectrum of activity, from APT and state-backed espionage campaigns to email, banking malware, ransomware, phishing, and supply-chain abuse, along with updates on detection and defensive tooling. Key actors and families mentioned include APT35, APT24, ToddyCat, MuddyWater, UNC1549, Curly COMrades, Kimsuky, NotDoor, WaterSaci, Astaroth, Eternidade, Sarcoma, Lynx, Akira, The Gentlemen, Tycoon2FA, Tsundere, PlushDaemon, NKNShell, TamperedChef, and related C2 and advancement trends.
#APT35 #APT24 #ToddyCat #MuddyWater #UNC1549 #CurlyCOMrades #Kimsuky #NotDoor #WaterSaci #Astaroth #Eternidade #Sarcoma #Lynx #Akira #TheGentlemen #Tycoon2FA #Tsundere #PlushDaemon #NKNShell #TamperedChef
Daily Recap, Active exploitation of a critical Oracle Identity Manager RCE and a CVSS 10 Grafana SCIM flaw prompts urgent advisories, while a new Matrix Push C2 campaign uses browser notifications for cross-platform phishing and an Android Spy variant exfiltrates audio and encrypted messages. Patches from Nvidia and Microsoft fix gaming issues and the Windows 11 hotpatch install loop, Google adds AirDrop compatibility to Android Quick Share, and investigations cover Scattered Spider, insider activity at CrowdStrike, the SolarWinds dismissal, GridEx VIII, FCC rollback, APT31 hacks, and Flock Safety surveillance. #OracleOIM #GrafanaSCIM #MatrixPush #AndroidSpy #NVIDIA #Windows11 #QuickShare #GridExVIII #APT31 #FlockSafety #ScatteredSpider #CrowdStrikeInsider #SolarWinds #Oklahoma #Massachusetts #WhatsAppNSO #CISA
Write 2 sentences summarizing the content (Cybersecurity News ‘Daily’ Recap). At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2. Start with ‘Daily Recap, ‘
Daily Recap, The recap highlights ongoing third-party app risks with Gainsight tied to Salesforce after unusual OAuth activity, and tracks a large-scale state-backed espionage campaign by APT24 using BadAudio against Taiwan. It also covers Android backdoors like Baohuo and Sturnus targeting messaging apps, critical flaws and active exploitation in WSUS and network devices, plus financial crime, legal actions, and policy shifts shaping the broader cybersecurity landscape. #Gainsight #APT24 #BadAudio #Baohuo #Sturnus #WSUS #ShadowPad #ICAM365 #AsusRouter #DIR-878 #SamouraiWallet #Almaviva #NSO
Daily Recap, The latest cyber threats span Android banking trojans like Sturnus hijacking devices across Europe, PhaaS kits such as Sneaky2FA, and HijackOnChat/Eternidade Worm targeting WhatsApp. Vulnerabilities from 7-Zip CVE-2025-11001 to W3 Total Cache PHP injections are being actively exploited, while ASUS WrtHug hijacks over 50,000 routers and sanctions hit Russian bulletproof hosting providers. #Sturnus #TamperedChef #Sneaky2FA #HijackOnChat #EternidadeWorm #7Zippercve #WrtHug #HostingSanctions #Photocall #ARCDataSale
Daily Recap, Cloudflare faced a global outage due to an internal database permissions/configuration error, not a cyberattack, while Fortinet’s FortiWeb flaws prompted a 7-day patch window per CISA. The recap highlights multiple evolving threat vectors, including AI-assisted intrusions (Tuoni), phishing and MFA bypass, ransomware supply chain activity (ShinySp1d3r, PlushDaemon), and state-sponsored and politically sensitive cyber operations.
#Cloudflare #FortiWeb #Tuoni #Sneaky 2FA #DoorDash Incident #ShinySp1d3r #PlushDaemon #LG Ransomware #W3 Total Cache #WrtHug #ShadowRay #Pajemploi Breach #CCTV Hack #Airline Broker #Meta Bounties #Denmark DDoS #National Cyber Strategy
The recap highlights a Chrome 142 zero-day that was exploited in the wild, ongoing state-backed campaigns, ransomware incidents, and high-profile breaches affecting major organizations. It also notes law-enforcement disruption of infrastructure, widespread vulnerability disclosures, and notable DDoS and supply-chain abusing campaigns impacting vendors and public services. #ChromeZeroDay #SpearSpecter #RoningLoader #UnderArmour #LogitechBreach #PennsylvaniaAG #PrincetonBreach #JaguarLandRover #AkiraRansomware #EVALUSION #Aisuru
Daily Recap, Multiple breaches were disclosed, including Eurofiber France, DoorDash, and Logitech acknowledging data exposures linked to the Oracle incident. In law enforcement, US prosecutors secured guilty pleas related to North Korea-linked IT workers and a large virtual-currency seizure, while Dragon Breath uses RONINGLOADER and Gh0st RAT, and Contagious Interview delivers BeaverTail and InvisibleFerret via JSON Keeper and GitLab.
#EurofiberFrance #DoorDash #Logitech #NorthKorea #GuiltyPleas NK #BeaverTail #Gh0stRAT