Category: Daily Recap

Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, The week covers ShinyHunters exploiting an unpatched system to steal data from Vietnam’s National Credit Information Center, along with ongoing Salesforce breaches by UNC6040 and UNC6395 using social engineering, OAuth theft, and abuse. The roundup also notes China tightening incident reporting and Hive0154-aligned malware, a SEO poisoning campaign with HiddenGh0st/Winos/kkRAT, WhiteCobra’s crypto-stealer extensions, VoidProxy phishing, a record L7 DDoS driven by a 5.76M IoT botnet, Windows 10 end-of-life, and persistent double-extortion ransomware trends.
#ShinyHunters #UNC6040 #UNC6395 #GreatFirewall #Hive0154 #Toneshell9 #SnakeDisk #HiddenGh0st #Winos #kkRAT #WhiteCobra #LummaStealer #VoidProxy #DDoS #IoT #Windows10

Read More
Threat Research | Weekly Recap [14 Sep 2025]

The weekly recap highlights continued double-extortion ransomware activity and copycat families, with Yurei leveraging open-source Prince code and healthcare remaining a major target. It also details rapid RATs, APT campaigns, supply-chain compromises, and evolving extortion trends, underscoring cross‑actor intrusions, AI‑assisted threats, and defensive guidance #Yurei #SafePay #BlackNevas #LunaLock #CyberVolk #ZynorRAT #MostereRAT

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, researchers warn the VoidProxy phishing-as-a-service is actively bypassing MFA to steal Google and Microsoft session tokens and enable account takeovers, urging stronger auth like passkeys. The recap highlights threats from bootkits like HybridPetya bypassing UEFI Secure Boot, Akira ransomware affiliates exploiting patched SonicWall CVE-2024-40766, critical patches for Chrome, Cisco IOS XR, and Samsung, and ongoing espionage, data theft, and state-backed campaigns affecting governments and enterprises. #VoidProxy #HybridPetya #Akira #Pegasus #Predator #EggStreme #SonicWall #Chrome #Windows11 #Salesforce #ShinyHunters #INC #DELMIA

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, The latest cybersecurity updates highlight a surge in ransomware like HybridPetya leveraging CVE-2024-7344 to bypass UEFI Secure Boot, plus Akira actively exploiting CVE-2024-40766 in SonicWall SSLVPNs. Also noted are ToneShell anti-analysis tricks and AsyncRAT drops, a Panama Ministry breach, and broader patching efforts across DELMIA Apriso, Cisco IOS XR, Samsung Android, and Adobe AV25-583.
#HybridPetya #CVE-2024-40766 #ToneShell #AsyncRAT #PanamaBreaches #DELMIA #IOSXR #SamsungCVE-2025-21043 #CISAProgram #C2PA

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, A Spectre-like VMScape flaw threatens guest-host isolation on AMD/Intel CPUs, while SonicWall CVE-2024-40766 exploits enable breach and firewall crashes. Other highlights include EggStreme, ChillyHell, AsyncRAT campaigns, and JLR data theft, with notable supply chain and privacy concerns across NPM, browser extensions, and keystroke tracking. #VMScape #SonicWallFlaw #EggStreme #ChillyHell #AsyncRAT #JLRAttack #NPMAttack #KeystrokeTracking

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, A sweeping review of recent cybersecurity incidents and industry shifts, from breaches impacting individuals and organizations to supply-chain compromises and AI-driven threats. It highlights notable events like the Sapphos data exposure, Plex breach, Nexar’s 130 TB of video, and the evolving landscape of ransomware, supply-chain attacks, and state-backed surveillance, along with emerging defenses and policy responses. #Sapphos #Plex #Nexar #WayneBreach #Wealthsimple #Lovesac #Salesloft #GhostAction #npmHijack #Chaos #ScatteredSpider #LockBit #LunaLock #APT41 #SaltTyphoon #KazMunayGas #JLR #Calcio #NozomiNetworks #ObservoAI #BlackHat

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Daily Recap, Large-scale DevOps supply-chain and repository attacks exposed thousands of secrets and private repos, including GhostAction and the NX leak, while Argo CD’s API flaw prompts urgent patching and updates. Noisy Bear targets Kazakhstan’s energy sector, and Pakistan and Qantas report major data breaches alongside ongoing identity and phishing threats, reinforced by AI-driven safety measures in Roblox and evolving patch management practices. #GhostAction #NxLeak #SalesloftBreath #ArgoCD #NoisyBear #KazakhstanOilGas #PakistanSIM #QantasData #iCloudPhish #RobloxAge

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Two notable security incidents affected education and finance sectors, with the Interlock group claiming a school district breach and Wealthsimple reporting a small customer impact while Qantas faced a July cyberattack linked to threat actors such as ScatteredSpider and ShinyHunters. The update also highlights critical CVEs in Sitecore and Argo CD, malicious npm activity impersonating crypto tooling, the TAG-150 group expanding with CastleLoader and CastleRAT, a $10 million FSB bounty, AI prompt-injection risks, and organizational changes like Microsoft MFA enforcement and Roblox age verification improvements. #Interlock #Wealthsimple #Qantas #ScatteredSpider #ShinyHunters #SITECORE #ArgoCD #npm #CastleRAT #TAG-150 #FSB #NKCTI #AIgovernance #Roblox

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Two major vulnerabilities and patch guidance dominated this recap, including active exploitation of SAP S/4HANA (CVE-2025-42957) and Sitecore (CVE-2025-53690) zero-days prompting rapid patching and monitoring. The report also covers notable APT activity, law enforcement actions, data breaches, and evolving malware campaigns affecting organizations and industries worldwide. #CVE-2025-42957 #CVE-2025-53690 #NotDoor #Kimsuky #GhostRedirector #PowerSchool #JLR #SalesforceDrift

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

The recap highlights notable AI/ML threats, supply-chain exploits, and vulnerability disclosures, including Model Namespace Reuse targeting Google Vertex AI and Azure, and widespread patching efforts across Windows, Android, Chrome, Django, and Linux. It also notes significant incidents such as data breaches, nation-state activity, and enforcement actions, with various high-profile actors and organizations affected.
#ModelNamespaceReuse #NotDoor #APT28 #APT29 #ShinyHunters #NotDoorBackdoor #Google #Bridgestone #Workiva #DeepSeek

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

In this daily recap, multiple vulnerabilities and patches were issued for WhatsApp, TP-Link, FreePBX, MobSF, and Android, with active exploitation prompting immediate updates. The report also covers supply-chain-OAuth breaches, Lazarus Group’s cross-platform tool expansion, and notable incidents affecting Cloudflare, Palo Alto Networks, Disney, and Jaguar Land Rover. #WhatsApp #TP-Link #FreePBX #MobSF #Android #Salesloft #Drift #LazarusGroup #PondRAT #ThemeForestRAT #RemotePE #APT29 #Disney #Cloudflare #PaloAltoNetworks #JaguarLandRover

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Recent cybersecurity incidents include a major disruption at Jaguar Land Rover, affecting manufacturing and retail systems with no customer data breach reported, and a ransomware attack on the Pennsylvania AG’s Office causing a two-week outage. Supply-chain breaches exploited OAuth tokens from Salesloft/Drift, exposing customer data at Zscaler and Palo Alto Networks, while nation-state actors targeted Microsoft users with APT29 and other regional espionage campaigns involving APT-37, Lazarus, and Iranian-linked groups. Hashtags: #JaguarLandRover #PA Ransomware #Salesloft #OAuth #Zscaler #PaloAltoNetworks #APT29 #APT37 #Lazarus #HanKookPhantom #OmaniMailbox #FDN3 #ValleyRAT #nodejs-smtp #AndroidDroppers #Cloudflare #DDoS #WhatsApp #CVE-2025-55177 #CVE-2025-43300 #WordPress #Varonis #BlackHat #ShadowAI #Huawei #MoscowHires

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Recent cybersecurity disruptions include Amazon halting a Russian APT29 campaign targeting Microsoft 365, and new research exposing private Russian firms supporting Kremlin operations amidst Ukraine conflict. Additionally, cybereth threats span from Asia-targeted espionage campaigns like TAOTH and ScarCruft, to mobile malvertising via Meta ads pushing Brokewell malware.
#APT29 #ScarCruft

Read More
Threat Research | Weekly Recap [14 Sep 2025]

This weekly recap highlights recent developments in cybersecurity threats, including cloud-based ransomware campaigns by Storm-0501 and ongoing double-extortion attacks by groups like Lynx/Sinobi. It also covers sophisticated espionage activities by threat actors such as UNC6384, APT37, and Silver Fox, along with emerging malware, supply-chain attacks, and evasive techniques used to bypass security measures. Stay vigilant against evolving threats and enhance defenses using new detection tools and operational strategies. #Storm0501 #LynxSinobi #UNC6384 #APT37 #SilverFox

Read More
Cybersecurity News | Daily Recap [15 Sep 2025]

Cybersecurity threats are increasingly driven by AI misuse, sophisticated phishing operations, and disrupted ransomware activities, highlighting evolving attack techniques and law enforcement efforts. Key incidents include AI-powered cybercrime using Claude and Salesloft, targeted supply-chain phishing, and the fragmentation of ransomware gangs like Chaos, alongside high-profile breaches and nation-state activities involving APT29 and Salt Typhoon. #ClaudeAI #SalesloftTheft #APT29 #SaltTyphoon

Read More