Cybersecurity Threat Research ‘Weekly’ Recap. This week highlights state-sponsored and APT activity, including APT35’s malware pipeline and SideWinder emulation guidance, plus DragonBreath’s RONINGLOADERloader and KONNI Android operations. It also covers diverse malware families like Lumma Stealer, LeakyInjector/LeakyStealer, Remcos, Amatera, XWorm, Rhadamanthys, and VenomRAT takedowns; ransomware trends with Qilin, Akira, Cl0p, Kraken, and Yurei analyses; phishing and credential theft campaigns; supply-chain and RMM abuse including Anthropic MCP SDK flaws and Triofox CVE; detection and threat-hunting advances; and emergent AI-driven malware, pig-butchering scams, Kubernetes trends, and macOS privilege escalation. #APT35 #SideWinder #Gh0stRAT #RONINGLOADER #KONNI #Lum maStealer #LeakyInjector #LeakyStealer #Remcos #Amatera #NetSupportRAT #XWorm #Rhadamanthys #VenomRAT #Qilin #Akira #Cl0p #Kraken #Yurei #Kimsuky #AI‑drivenmalware #PigButchering #Triofox #CVE-2025-12480 #CVE-2025-24277
Category: Daily Recap
![Cybersecurity News | Daily Recap [15 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [15 Nov 2025]")
Daily Recap, Five U.S. nationals pled guilty to schemes aiding North Korean IT workers and infiltrating 136 companies to move about $2 million, while North Korean actors leverage JSON services to deliver malware. The roundup covers extortion, vulnerabilities, AI & ML security flaws, and nation-state operations influencing global cyber risk — including CL0P breaches, FortiWeb zero-days, Akira ransomware, and SpearSpecter campaigns. #NKGuilty #JSONMalware #CL0PHits #FortiWebZeroDay #AkiraRansomware #SpearSpecter
Daily Recap, Akira ransomware funds and CISA warnings highlight an imminent threat to Nutanix VMs, while the ransomware ecosystem shows fragmentation with LockBit and Kraken enhancing encryption strategies. The batch of breaches, exploits, phishing, and policy shifts underscores a widening threat landscape across data breaches, DDoS, auth-bypass flaws, and AI-assisted espionage. #Akira #CISA #Nutanix #LockBit #Kraken #Checkout.com #WashingtonPost #Oracle #DoorDash #DDoS #FortiWeb #Imunify360 #ImunifyAV #CiscoISE #CitrixBleed #ASUS #ChatGPT #Claude #Lighthouse #ANY.RUN #Zimbra #Rhadamanthys #VenomRAT #Elysium
Daily Recap, Law enforcement dismantled global botnets including Rhadamanthys, VenomRAT, and Elysium across 1,025 seized servers, marking a coordinated takedown. The drive highlights cross-border operations and ongoing efforts to curb botnet-led cybercrime. #Rhadamanthys #VenomRAT #Elysium
Daily Recap, Microsoft patched 63 flaws including a Windows kernel zero-day and released multiple out-of-band updates and ESU fixes, while other vendors issued patches for Intel, Adobe, Ivanti, Synology, SAP, and more amid ongoing exploitation and zero-days in Citrix, Cisco ISE, and Zoom. The report also covers phishing kits, Android and WhatsApp malware, Qilin ransomware activity, North Korea and China-related espionage, and industry events and guidance on AI supply chain attacks.
#Triofox #Citrix #CiscoISE #Zoom #Qilin #FantasyHub #Maverick #NorthKorea #China #AI_Supply_Chain #Pwn2Own
Daily Recap, APT & Malware campaigns underpin a surge in weaponized documents and backdoors like Comebacker and ChaCha20, while vulnerabilities in Triofox, runC, and expr-eval threaten broader ecosystems. The news also covers credential phishing trends via Quantum Route Redirect and LinkedIn, regulatory actions on NY pricing and data privacy whistleblowers, plus notable incidents at Asahi and GitHub secrets leaks.
#ChaCha20 #Comebacker #KONNI #APT37 #FindHub #Triofox #runC #expr-eval #Yanluowang #Asahi #GitHub
Daily Recap, Widespread ClickFix phishing targets hotel systems alongside the reappearance of GlassWorm on Open VSX and GitHub, with LANDFALL Android malware exploiting a Samsung 0-day in WhatsApp images. The report also covers runc container flaws, OWASP Top 10 updates, and rising enterprise risks across IoT and mobile devices.
#ClickFix #GlassWorm #LANDFALL #Samsung0day #OWASPTop10 #IoT #IlluminateFine #TISZABreach
![Threat Research | Weekly Recap [16 Nov 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [16 Nov 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap. Adversaries persist with phishing, credential theft, supply-chain compromises, and AI-enabled threats, targeting individuals, organizations, and critical infrastructure across multiple sectors. The report highlights notable campaigns, new backdoors, ransomware evolutions, vulnerabilities, and the increasing use of AI for malware development, detection evasion, and incident response improvements.
#Tycoon 2FA #Fake DMCA #RaccoonO365 #Booking.com “I Paid Twice” #AdE crypto-tax phishing #Bank of Italy phishing #Remcos #SleepyDuck #Gootloader #LANDFALL #Fantasy Hub #Cephalus #Midnight ransomware #DragonForce #MuddyWater #SesameOp #OpenAI C2 #Balancer #Great Firewall
Daily Recap, Malicious NuGet time bombs threaten industrial systems, while Landfall spyware exploits a Samsung zero-click flaw to target devices across regions. State-backed actors continue to use legacy flaws for espionage and destructive campaigns, with new zero-day fixes and AI-powered malware emerging in the threat landscape. #NuGet #Landfall #Log4j #Sandworm #CavalryWerewolf #QNAP #UPenn #CyberCommand
Daily Recap, The latest policy, breach, and vulnerability news cover Google-Wiz approval, Europol data-sharing advances, CBO and Nevada breach responses, high-severity Chrome 142 fixes, Cisco advisory, and evolving threats like ClickFix and AI-Slop with LLM-enabled evasion. The landscape shows growing regulatory cooperation, enforcement actions, and intensified attacker techniques across multiple sectors.
#GoogleWiz #Europol #CBO #Nevada #SonicWall #Chrome142 #Cisco #ClickFix #AI-Slop #LLMs
Daily Recap, Google releases an emergency Chrome 142 update to fix high-risk vulnerabilities including RCE flaws, while Cisco patches critical firewall and UCCX vulnerabilities under active attack. Sandworm deploys data wipers targeting Ukraine’s grain sector, and various APTs use RMM, VM techniques, and covert Hyper-V VMs to evade EDR; notable incidents include SonicWall cloud backup theft, Nikkei breach, Hyundai AutoEver data exposure, and Penn/Israeli contractor compromises. #Chrome142 #CVE-2025-20333 #CVE-2025-20362 #Sandworm #UNK_SmudgedSerpent #APT-C-60 #SpyGlace #CovertHyper-V #SonicWallTheft #Nikkei #HyundaiAutoEver #UPenn
Write 2 sentences summarizing the content (Cybersecurity News ‘Daily’ Recap). At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2. Start with ‘Daily Recap, ‘
Daily Recap, Ransomware actors are exploiting the Linux kernel CVE-2024-1086 to deploy malware and escalate incidents while a new BOF tool bypasses Microsoft Teams cookie encryption to steal user chats. Chrome vulnerability rewards and a Windows Task Manager bug are also noted in the week’s security updates.
#CVE-2024-1086 #LinuxKernel #TeamsBOF #ChromeRewards #KB5067036
Cybersecurity Threat Research ‘Weekly’ Recap. A wide range of topics cover Tor-based SSH backdoors, supply-chain and dev-tooling compromises, cloud abuse and credential theft, active vulnerabilities and exploits, diverse malware families and ransomware trends, phishing and mobile propagation, botnets and anonymized infrastructure, APTs and regional campaigns, detection frameworks and risk management, and a large leak exposing Great Firewall internals.
Daily Recap, Nation-state operations show Sandworm leveraging an LNK exploit and an OpenSSH over Tor obfs4 backdoor to target Belarus military, while China-linked groups deploy tools like Airstalk, UNC6384 exploiting CVE-2025-9491, and TICK leveraging Lanscope zero-day. The roundup also covers WSUS vulnerability exploits, Elementor King Addons flaws, and ongoing incidents, including UPenn investigations and Conti-related extradition, with regulatory and defense developments across FCC, CFPB, and password hygiene.
#Sandworm #Airstalk #UNC6384 #PlugX #Lanscope #BadCandy #GlassWorm #Meduza #WSUS #ElementorKing #UPenn #Conti #FCC #CFPB #Sling #ShadowAI #Aardvark