Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [01 Sep 2025]

admin
Cybersecurity News | Daily Recap [01 Sep 2025]

Recent cybersecurity disruptions include Amazon halting a Russian APT29 campaign targeting Microsoft 365, and new research exposing private Russian firms supporting Kremlin operations amidst Ukraine conflict. Additionally, cybereth threats span from Asia-targeted espionage campaigns like TAOTH and ScarCruft, to mobile malvertising via Meta ads pushing Brokewell malware.
#APT29 #ScarCruft

State-backed Operations

  • Amazon disrupted a Russian APT29 watering‑hole campaign that used malicious redirects mimicking Cloudflare to hijack Microsoft 365 device‑code authentication and harvest credentials – APT29 Campaign, APT29 Campaign
  • New research details how private Russian cybersecurity firms are entwined with Kremlin operations, blurring lines between defense and offensive cyber activity during the Ukraine war – Russian Firms

Asia-targeted Espionage

  • Researchers uncovered the TAOTH campaign using hijacked software updates and spear‑phishing to deliver multiple malware families against Eastern Asian dissidents and journalists – TAOTH Campaign
  • North Korea‑linked ScarCruft (APT37) ran tailored spear‑phishing with malicious LNKs to deploy RokRAT against South Korea academics for espionage and data theft – ScarCruft RokRAT

Mobile Malvertising

  • Adverts on Meta were abused to push fake TradingView Premium apps that install the Brokewell Android malware to steal crypto and enable remote device control – Brokewell Ads, Brokewell Ads

Vulnerabilities & Patches

  • An authenticated SQL injection in IBM Watsonx Orchestrate Cartridge (CVE-2025-0165) risks data exposure in IBM Cloud Pak for Data; update to 5.2.0.1 is advised – IBM Watsonx
  • WhatsApp patched a critical zero‑click zero‑day (CVE-2025-55177) likely used in targeted spyware campaigns, underscoring mobile OS chaining risks – WhatsApp Patch

Ransomware & Threat Recap

  • A ransomware incident at the Pennsylvania Office of Attorney General disrupted court cases and services while investigations continue with no confirmed data theft yet – PA Ransomware
  • Weekly threat roundup highlights cloud‑based ransomware (e.g., Storm-0501), double‑extortion gangs like Lynx/Sinobi, and persistent espionage by groups such as APT37 and UNC6384 — defend with updated detections and response playbooks – Threat Recap

Browser Attack Surface

  • Enterprises are warned that browsers now fuel most intrusions—over 80% of incidents originate from browser‑based vectors—with groups like Scattered Spider exploiting credential theft and session hijacking, prompting stronger browser defenses – Browser Risk

Fraud & BEC

  • Business Email Compromise cost the city of Baltimore more than $1.5 million after attackers spoofed a vendor and altered bank details, exposing weak internal controls – Baltimore BEC

Governance & Response

  • Homeland Security purged FEMA’s IT leadership following a cyber breach that exposed systemic security failures, citing the move as necessary to protect national security despite internal controversy – FEMA Purge

Cybersecurity News | Daily Recap – hendryadrian.com