Daily Recap, Microsoft disrupted the Vanilla Tempest ransomware campaign by revoking over 200 fraudulent code-signing certificates, highlighting ongoing certificate disruptions in cybersecurity. Nations-state breaches exposed F5 BIG-IP source code and data, prompting CISA directives and emergency patches, while active exploits targeted Adobe AEM and other software, underscoring widespread vulnerability disclosures. #VanillaTempest #F5BREACH #AdobeAEM
Category: Daily Recap
![Cybersecurity News | Daily Recap [16 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [16 Oct 2025]")
Daily Recap, A wide range of breaches and vulnerabilities hit multiple sectors, from Mango and Qantas data exposures to major patch Tuesday updates addressing zero-days and high-severity flaws across vendors like Adobe, Fortinet, Ivanti, SAP, and Oracle. The report also notes ongoing malware threats such as VSCode crypto-stealers, pixnapping MFA attacks, SonicWall SSLVPN credential exploits, and passkey bypass techniques, with industry moves including LevelBlue acquiring Cybereason and HyperBunker advancing anti-ransomware solutions. #MANGO #Qantas #AsahiAttack #5CA #CapitaFine #NYFines #IndianaRansom #PatchTuesday #ZeroDays #BIG-IP #AdobeUpdate #F5Breach #OracleFix #ICS PatchTuesday #CVEDispute #VSCodeExtensions #Pixnapping #SonicWallAttacks #Passkeys #China #TaiwanSurge #ArcGISBackdoor #HyperBunker #Cybereason #NDR #RokuSuit #CaliforniaLaws #USDOJ
Daily Recap, A new 8-byte write called RMPocalypse targets AMD SEV-SNP and an array of exploits including CVE-2025-61927 and a CL0P-linked Oracle EBS zero-day affecting Harvard, while threats persist across NTDS.dit credential harvesting and geo-mapping persistence. Threat actors also exploit SonicWall VPNs, mass RDP botnets target the US, and a UK rise in nationally significant attacks highlights evolving risk in critical infrastructure #RMPocalypse #CVE-2025-61927 #NTDSdit #OracleEBS #Harvard #SonicWall #RDPBotnet #UKAttacks
Daily Recap, Australia launches CI Fortify program to bolster critical infrastructure security, and Oracle issues an emergency E-Business Suite patch tied to high-severity vulnerabilities and alleged Cl0p-style activity affecting Harvard. The week also highlights the RondoDox botnet, ChaosBot’s Discord-based C2, and Astaroth abusing GitHub for persistence, underscoring ongoing extortion and supply-chain concerns.
#CIFortify #RondoDox #ChaosBot #Astaroth #Harvard #Cl0p #Salesforce #Unity #TwoNet
![Threat Research | Weekly Recap [12 Oct 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [12 Oct 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights ongoing package-manager abuse, covert C2 channels, and extortion trends, including malicious npm packages, Discord-based C2, and double-extortion operations. It also covers high-severity vulnerabilities being actively exploited, phishing advancements, information-stealing and MaaS developments, and the rise of malware-less database ransomware, with emphasis on detection challenges and CTI considerations.
#Discord #SonicWall #CVEs #Qilin #RansomHub #Storm-2657 #ChaosBot #LummaStealer #GhostSocks #CastleRAT #XWorm #WhatsAppWorm #ClayRat #CryptoScam #DatabaseRansomware #NVD
Daily Recap, Open-source supply-chain attacks from a North Korean APT targeting npm and Node.js SEA/Electron installers to deliver RATs and ransomware, alongside a Gladinet zero-day being actively exploited. The summary also notes polymorphic RATs, ClayRat Android spyware, BreachForums takedown, and notable data-theft incidents including Sugar Land outage and PowerSchool breach, with updates on Windows 11 EOS and GDPR findings. #Stealit #Contagious npm #ClayRat #PowerSchool #Sugar_Land #Windows11_23H2 #GNU
Daily Recap, A PoC titled fenrir breaches secure boot on MediaTek-powered devices including the Nothing Phone (2a), enabling arbitrary firmware/OS installs and trust-chain compromise; Android spyware ClayRAT masquerades as popular apps to spy on Russian users and exfiltrate data. #Fenrir #ClayRat
Daily Recap, A wave of breaches and extortion efforts hit third-party platforms, Telstra, SonicWall, and major organizations, alongside notable malware and phishing campaigns, while AI security funding and policy updates shape the threat landscape. The incidents span data leaks, zero-days, and credential abuse, with activity from groups like Qilin and Crimson Collective, and evolving attack techniques such as PureRAT chains and WordPress-driven ClickFix phishing.
#DiscordBreach #Telstra #SonicWall #QilinRansomware #CrimsonCollective #TwoNet #WordPress #AI Vulnerability
Daily Recap, Google launches an AI Vulnerability Reward Program offering up to $20,000 for critical flaws and DeepMind’s CodeMender auto-detects and patches vulnerable code. Chinese-linked actors abuse Nezha to deploy Gh0stRAT across multiple Asian targets, while BatShadow pushes Vampire Bot via Go-based malware; Salesforce rejects extortion tied to ShinyHunters and Clop exploits Oracle zero-day, with North Korea-linked theft exceeding $2B in crypto this year. #CodeMender #Gh0stRAT #Nezha #VampireBot #ShinyHunters #Clop #NorthKoreanCryptoTheft
Daily Recap, Researchers disclosed a 13-year Redis vulnerability (CVE-2025-49844) that could allow sandbox escapes and native code execution, impacting about 330,000 instances. The month-round of patches includes OpenSSL in Zabbix Agent, Unity CVE-2025-59489, Y2K38 time manipulation risks, and Microsoft tightening Windows 11 setup flows, with Copilot issues in Office apps.
#Redis #Unity #Zabbix-Agent #Y2K38 #Windows11 #Copilot
Daily Recap, Oracle EBS and Zimbra face critical zero-days actively exploited by Cl0p and attackers targeting the Brazilian military, prompting urgent patches and monitoring. AI-driven defenses and cloud/CI/CD hardening continue as new threats emerge, including Unity flaws, Salesforce extortion, and XWorm expansions, with ongoing emphasis on rapid remediation and threat intel sharing. #CVE-2025-61882 #CVE-2025-27915 #Cl0p #UnityFlaw #Lapsus$ #ScatteredSpider #ShinyHunters #Salesforce #XWorm
Cybersecurity Threat Research ‘Weekly’ Recap. The update covers ongoing abuse across Messaging & Social Platforms, including WhatsApp/Android trojans, fake groups targeting seniors, SMS smishing, and AI-generated clone sites harvesting PII. It also highlights ransomware and extortion trends (Yurei, FunkLocker, BQTLock), notable APTs and long-term intrusions (Phantom Taurus, Confucius, Goffee, Lunar Spider, Scattered Lapsus$ Hunters, Lazarus), malware distribution & infrastructure abuse (WordPress malvertising, Detour Dog, WARMCOOKIE, Rhadamanthys, ClickFix, XiebroC2), Linux threats (Koske, FlipSwitch), and threat intel/detection tooling guidance (YARA hunting, intel ops best practices).
Daily Recap, The article covers extortion and ransomware activities (Scattered Spider/LAPSUS$ threaten Salesforce, Toyota, Disney, Google; Cl0p-Oracle extortion linked to patched vulnerabilities and FIN11) alongside data breach incidents (Discord third-party breach; Renault UK; Shamir Medical Center). It also highlights actor activity and evolving malware campaigns (Detour Dog with Strela Stealer; Rhadamanthys MaaS; Confucius Group’s AnonDoor), plus notable vulnerabilities and privacy issues (Palo Alto Network scans; Splunk flaws; DrayTek CVE-2025-10547; ALPR surveillance debates) and industry responses (Signal SPQR; Oneleet funding). #ScatteredSpider #LAPSUS$ #Cl0p #FIN11 #DiscordData #RenaultUK #ShamirAttack #DetourDog #StrelaStealer #Rhadamanthys #AnonDoor #ConfuciusGroup #PaloAlto #Splunk #DrayTek #ALPR #FlockRaven #Signal #SPQR #Oneleet
Daily Recap, The dayβs recap covers extortion campaigns tied to Oracle data theft, notable APT activity like Confucius shifting to AnonDoor, and new ransomware incidents impacting brands such as Asahi, with ongoing vulnerability disclosures including Meteobridge, Festo, and DrayTek. It also highlights privacy/legal actions, defense updates, and smishing infrastructure trends shaping the threat landscape. #Clop #FIN11 #ShinyHunters #Lapsus$ #CrimsonCollective #RedHat #Oracle #Asahi #Meteobridge #Festo #DrayTek #Confucius #AnonDoor #CavalryWerewolf #FoalShell #StallionRAT
Daily Recap, Scattered Spider, WestJet, Allianz Life, Motility, RemoteCOM, Red Hat, ENISA, Phantom Taurus, OpenShift AI, WireTap, Datzbro, soopsocks, OneLogin, FβDroid, Asahi, Brave, Zania, WireTap, Scattered Spider.