Cybersecurity News | Daily Recap [01 Oct 2025]

Daily Recap, A comprehensive roundup of recent cybersecurity developments spanning smishing campaigns exploiting Milesight routers, the MatrixPDF phishing toolkit, and various APTs and exploits across multiple regions. It also covers evolving privacy cases, critical vulnerabilities, and notable industry funding and research insights. #Milesight #MatrixPDF #PhantomTaurus #PatchworkAPT #N.KoreaScheme #CVE-2025-41244 #CVE-2025-20333 #CVE-2025-20362 #CVE-2025-10035 #WDMyCloud #BatteringRAM #Sendit #WestJet

A large-scale smishing campaign abused unsecured Milesight industrial cellular routers to send phishing SMS impersonating government services across Belgium and Europe by exploiting the routers’ API and known flaws – Milesight Smishing, Milesight Smishing
A new toolkit, MatrixPDF, converts benign PDFs into realistic phishing/malware lures using malicious JavaScript to evade email defenses – MatrixPDF Toolkit

Researchers attribute long-running espionage against governments and telcos in Africa, the Middle East, and Asia to a new China-linked group called Phantom Taurus, which uses fileless NET-STAR backdoors and tailored exploits – Phantom Taurus, Phantom Taurus
The re-emergent Patchwork APT is running stealthy espionage campaigns across South and Southeast Asia using DLL sideloading, layered obfuscation, encrypted C2, and malicious macros – Patchwork APT
North Korea is expanding an illicit global IT worker recruitment scheme into finance, healthcare, and government to evade sanctions and generate revenue via fake identities and remote job placements – N. Korea Scheme

A critical VMware zero-day, CVE-2025-41244, has been actively exploited since October 2024 by state-aligned actors (UNC5174) for privilege escalation across VMware products — urgent patching advised – VMware Zero-Day, VMware Zero-Day
Roughly 50,000 Cisco ASA and FTD appliances remain exposed to actively exploited flaws (CVE-2025-20333, CVE-2025-20362) enabling remote code execution and require immediate mitigation – Cisco Firewalls
CISA ordered federal agencies to urgently patch Fortra’s GoAnywhere MFT critical bug (CVE-2025-10035) after in-the-wild exploitation began in September 2025, with wide-reaching impact if unpatched – Fortra Bug
Western Digital released firmware to fix a critical remote command injection in WD My Cloud NAS (CVE-2025-30247); users should update to v5.31.108 or disconnect devices – WD My Cloud
Researchers disclosed Battering RAM, a low-cost ($50) memory-interposer attack that can bypass Intel/AMD confidential-computing protections (SGX, SEV-SNP), threatening cloud isolation guarantees – Battering RAM

Festo warned of a remotely exploitable flaw in CPX control products potentially leading to denial-of-service and recommends network restrictions or product replacement in lieu of fixes – Festo ICS
NIST published guidance to protect industrial control systems from USB-borne threats, recommending procedural, physical, technical, and sanitization controls for OT environments – NIST USB Guide

The new Android banking trojan Klopatra leverages hidden VNC, native libraries, and evasion tech to control infected devices and has impacted over 3,000 phones in Spain and Italy – Klopatra Trojan

The FTC sued social app Sendit and its CEO for illegally collecting data from children under 13 and deceptive subscription practices under COPPA — regulators pursue injunctions and penalties – Sendit Lawsuit, Sendit Lawsuit
Imgur geoblocked UK users after the ICO signaled potential fines over children’s data protections, disrupting embeds/uploads for UK audiences – Imgur Blocked
Tractor Supply agreed to pay about $1.35 million to settle alleged California privacy violations and pledged compliance improvements for four years – Tractor Supply Fine

Canadian carrier WestJet confirmed a June attack exposing customer personal data, including passports/IDs, and warned of impersonation scams while investigating links to the Scattered Spider group – WestJet Breach, WestJet Breach

Identity provider Descope raised an additional $35 million, bringing total funding to $88 million to expand no-code/low-code identity and anti-account-takeover offerings amid rising AI demand – Descope Funding
Bitdefender’s 2025 assessment warns of growing stealth tactics like Living Off-the-Land, expanding attack surfaces, and a leadership/frontline perception gap, urging attack-surface reduction and transparency – Bitdefender Report
Demand for skills is shifting: VMware certifications are surging as organizations manage hybrid/multi-cloud risks and misconfigurations, highlighting workforce upskilling needs – VMware Certs
Microsoft released the Windows 11 25H2 update with tightened security features, AI-assisted secure coding aids, and lifecycle changes but no major consumer features – Windows 25H2