Daily Recap, A comprehensive roundup of recent cybersecurity developments spanning smishing campaigns exploiting Milesight routers, the MatrixPDF phishing toolkit, and various APTs and exploits across multiple regions. It also covers evolving privacy cases, critical vulnerabilities, and notable industry funding and research insights. #Milesight #MatrixPDF #PhantomTaurus #PatchworkAPT #N.KoreaScheme #CVE-2025-41244 #CVE-2025-20333 #CVE-2025-20362 #CVE-2025-10035 #WDMyCloud #BatteringRAM #Sendit #WestJet
Category: Daily Recap
![Cybersecurity News | Daily Recap [01 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [01 Oct 2025]")
Daily Recap, A roundup of vulnerabilities, AI threats, ransomware incidents, and policy developments shaping the cybersecurity landscape, including Critical CVE-2025-43400 fixes, Gemini AI risks, ransomware activity against Asahi, and state-backed phishing campaigns. The report highlights supply chain exposure from an npm package, notable enforcement actions like the Bitcoin Queen seizure, and ongoing OT guidance from national authorities. #CVE-2025-43400 #GeminiAI #ASLRBypass #AsahiOutage #MedusaRansomware #FEMACBP breach #JLRAttack #APT35 #BitcoinQueen #CISA
The daily recap covers nation-state espionage, ransomware, data breaches, AI-driven security trends, and notable campaigns, including a SonicWall SSL VPN MFA bypass tied to CVE-2024-40766 and a Harrods breach via a third-party supplier. It also highlights AI-enabled phishing with obfuscated SVG payloads, malvertising campaigns distributing spyware, Medusa exfiltration from Comcast, and broader activity from RedNovember and COLDRIVER, with impacts on multiple sectors. #SonicWall #Harrods #Medusa #RedNovember #COLDRIVER #TradingView
![Threat Research | Weekly Recap [28 Sep 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [28 Sep 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap. A wide range of threats were observed, including information-stealers, supply-chain abuses, botnets, ransomware, state-aligned APTs, web/infrastructure compromises, and offensive tooling, with notable activity across Europe, Asia, and online ecosystems. The report emphasizes defensive controls, incident response best practices, and AI/LLM security risks such as MCP backdoors and AI-obfuscated phishing campaigns.
Daily Recap, State-linked espionage and ransomware incidents dominate the latest security headlines, highlighting China-linked campaigns leveraging PlugX and Bookworm to target telecoms and manufacturing, alongside Salt Typhoon infiltrations via MSS-backed operators. The week also brings data breaches in Union County, Ohio, notable LockBit 5.0 activity, a OnePlus vulnerability, SVG-based phishing targeting Ukraine and Vietnam, BAS as a defense validation tool, and various Microsoft security enhancements and policy moves impacting user data control and extension integrity. #PlugX #Bookworm #SaltTyphoon #UnionCounty #LockBit5.0 #OnePlus #SVG #PureRAT #CountLoader
Daily Recap, Urgent patches and an emergency directive address multiple critical Cisco ASA/FTD flaws exploited by state-linked campaigns like ArcaneDoor and UAT4356 to deploy malware such as RayInitiator and LINE VIPER, while other zero-days in GoAnywhere MFT and widespread ransomware incidents underscore evolving threat activity across sectors. The roundup also highlights advanced espionage, AI/cloud risks, supply chain abuse, and notable law enforcement actions affecting organizations worldwide. #ArcaneDoor #RayInitiator #LINEVIPER #GoAnywhereMFT #Qilin #Akira #BRICKSTORM #RedNovember #COLDRIVER #DeceptiveDevelopment #ForcedLeak #VaneViper #XCSSET #InterpolAfrica #AmazonSettlement
Daily Recap, The week highlights privacy settlements, Cisco’s urgent SNMP fix, and a surge in supply-chain and state-sponsored campaigns impacting crypto, governments, and enterprises. Key items include the Google-Flo Health privacy settlement, the Neural Bill, the Shai-Hulud supply-chain attack, and Lazarus/RedNovember campaigns targeting crypto developers and governments. #GoogleFlo #NeuralBill #RustCrates #ShaiHulud #Lazarus #RedNovember
Daily Recap, Phishing & Scams, Ransomware & Major Incidents, Data Breaches & Disruptions, Vulnerabilities & Patch Urgency, APTs & Espionage, DDoS & Telecom Threats, Supply Chain & Registry Security, Law, Enforcement & Regulation, Threat Trends & Tools highlight a wave of credential-stealing schemes targeting PyPI, GitHub, NPM, and LastPass, alongside ransomware campaigns impacting Jaguar Land Rover and UK firms, notable data breaches at Boyd Gaming, Circle K Hong Kong, and Lotte Card, plus critical vulnerabilities in GeoServer, SolarWinds Web Help Desk, and BMC firmware. The report also notes sophisticated espionage activities, record-setting DDoS, law firm-focused cyber threats, and ongoing security improvements like GitHub tightening npm ecosystem safeguards and WhatsAppโs translation feature for secure cross-language communication. #AtomicStealer #JLRShutdown #GeoServer #Brickstorm #NimbusManticore #CyberFraud #EuroFraud
Daily Recap, Several notable vulnerabilities were disclosed, including FlatPress v1.4.1 and libelf gmo2msg, with patches released for SolarWinds Web Help Desk RCE and SonicWall SMA100 rootkit removal, alongside various incidents such as JLR shutdowns and Stellantis data exposure. Researchers also highlighted actor tokens in Azure Entra enabling silent compromise, and campaigns from ComicForm, Subtle Snail, and ShadowV2; governance and defense updates followed across GitHub, Mozilla, and Tenfold, with disinformation activity noted in Moldova. #FlatPress #libelf #SolarWindsRCE #SonicWall #AzureEntra #ComicForm #SubtleSnail #ShadowV2 #Atomic #JLRShutdown #Stellantis #MoldovaDisinfo
Daily Recap, A critical Entra ID flaw allowed impersonation of Global Administrators across tenants and patches have been issued, while ransomware hit European airport check-in systems disrupting flights in multiple hubs. Threat actors, malware, and notable incidents span Turla/Gamaredon collaboration, BlockBlasters theft, GoAnywhere MFT zero-days, and CopyCopโs AI-driven disinformation expansion. #EntraID #TurlaGamaredon #BlockBlasters #GoAnywhereMFT #CopyCop
Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights a week of widespread vulnerability disclosures, supply-chain attacks, and ransomware trends, including a self-replicating npm worm (Shai-Hulud) and numerous loader, adware, and credential-stealing campaigns that span multiple platforms from Windows to macOS and mobile. It also covers APT/state-aligned operations, targeted phishing, and defensive tooling to enhance detection and response.
#Shai-Hulud #SystemBC #ChillyHell #Oyster #Kawa4096 #BlackLock #Qilin #Kimsuky #TA415 #TA415 WhirlCoil
Daily Recap, Researchers expose MalTerminal and ShadowLeak, highlighting growing LLM abuse and zero-click data exfiltration risks in AI-enabled threats. The report covers state-backed operations, ransomware trends, and notable breaches involving Jaguar Land Rover, ShinyHunters, and MrBeast, underscoring the widening attack surface across AI, OT, and consumer ecosystems. #MalTerminal #ShadowLeak #Turla #Gamaredon #UNC1549 #Lapsus$Hunters #JaguarLandRover #ShinyHunters #MrBeast
Daily Recap, Critical vulnerabilities and patches were issued for WatchGuard Firebox (CVE-2025-9242, CVSS 9.3) affecting IKEv2 VPNs and for Entra ID (CVE-2025-55241) risking tenant takeovers, with guidance to patch or migrate to Microsoft Graph. Ivanti EPMM campaigns exploit CVEs 2025-4427/4428, ShadowLeak targets Gmail via ChatGPT research agents, Raven Stealer steals passwords via Telegram, Qilin leads ransomware activity with new entrants Sinobi and The Gentlemen, MuddyWater shifts to targeted malware, and notable breaches include NY Blood Center and SonicWall incidents, plus KrasAvia disruptions.
#WatchGuard #CVE-2025-9242 #CVE-2025-55241 #Ivanti #ShadowLeak #RavenStealer #Qilin #Sinobi #TheGentlemen #MuddyWater #NYBloodCenter #SonicWall #KrasAvia
Daily Recap, Cybersecurity News highlights a wave of state and geopolitical activity, including APT28’s Phantom Net targeting Ukraine and TA415’s Silent Spy operations leveraging VS Code remote tunnels, plus AI-driven disinformation tied to Romania and cross-border attacks against Indiaโs infrastructure. The cybercrime section notes high-profile breaches (Tiffany, Insight Partners, Brevard) and evolving tooling (CountLoader, SystemBC) alongside AI-enabled phishing and credential theft on cloud platforms, with notable incidents like Scattered Spider and JLR, and regulatory actions shaping the risk landscape. #PhantomNet #SilentSpy #RomaniaInfluence #IndiaAttacks #AfghanistanNetban #PolandResponse #ScatteredTeens #JLRAttack #CountLoader #SystemBC #RevengeHotels #SonicWallNotice #ShadowLeak #AICrypto #ShinyHunters #GhostActionTokens #Shai-hulud #SilentSync #GlassAction
Daily Recap, Phishing takedown by Microsoft and Cloudflare disrupted the RaccoonO365 phishing service leading to 338 domains seized and the identification of leader Joshua Ogundipe, linked to thousands of compromised Microsoft 365 credentials and over $100,000 in crypto. Supplying-chain and espionage updates follow, including Shai-Hulud’s worm affecting ~180โ187 npm packages and CrowdStrike-related impact, plus notable APT, AI security moves, and enforcement actions.
#RaccoonO365 #Shai-Hulud #CrowdStrike #BreachForums #CVE-2025-43300 #ChaosMesh #SlopAds #XWorm #LummaStealer #ShinyHunters