![Cybersecurity News | Daily Recap [04 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [04 Oct 2025]")
Daily Recap, The article covers extortion and ransomware activities (Scattered Spider/LAPSUS$ threaten Salesforce, Toyota, Disney, Google; Cl0p-Oracle extortion linked to patched vulnerabilities and FIN11) alongside data breach incidents (Discord third-party breach; Renault UK; Shamir Medical Center). It also highlights actor activity and evolving malware campaigns (Detour Dog with Strela Stealer; Rhadamanthys MaaS; Confucius Groupās AnonDoor), plus notable vulnerabilities and privacy issues (Palo Alto Network scans; Splunk flaws; DrayTek CVE-2025-10547; ALPR surveillance debates) and industry responses (Signal SPQR; Oneleet funding). #ScatteredSpider #LAPSUS$ #Cl0p #FIN11 #DiscordData #RenaultUK #ShamirAttack #DetourDog #StrelaStealer #Rhadamanthys #AnonDoor #ConfuciusGroup #PaloAlto #Splunk #DrayTek #ALPR #FlockRaven #Signal #SPQR #Oneleet
Extortion & Ransomware
- New darkāweb leak site by the Scattered Spider/LAPSUS$ group threatens to release data from firms including Salesforce, Toyota, Disney and Google unless ransoms are paid by October 10 ā Scattered Site, Salesforce Probe
- Cl0p-linked extortion targeting Oracle EāBusiness Suite is tied to bugs patched in July and is under investigation with warnings of mass data theft and ties to FIN11 ā Oracle Extortion, Cl0p Warning
Data Breaches
- Hackers stole identifiable Discord user data from a compromised thirdāparty customer service provider, including ID documents and partial payment info with ransom demands ā Discord Data
- Renault UK confirms customer contact records exposed via a thirdāparty breach; no financial data reported and containment actions underway ā Renault Breach
- Cyberattack on Shamir Medical Center by the Russianāspeaking group Qilin exposed hospital emails and potentially patient data while core medical records remained intact ā Shamir Attack
Threat Actors & Malware
- Actor Detour Dog ran a DNSābased malware infrastructure to distribute Strela Stealer, exploiting vulnerable WordPress sites and using botnets for spam and persistence ā Detour Dog
- The Rhadamanthys stealer added device fingerprinting, PNG steganography payloads and new proxy/crypt services as it professionalizes into a MaaS ecosystem ā Rhadamanthys
- Confucius threat actors shifted from document stealers to Python backdoors, weaponizing documents to deliver the AnonDoor backdoor in campaigns against South Asian targets ā Confucius Group
Vulnerabilities & Scanning
- Scanning against Palo Alto Networks login portals spiked by 500% in a day with over 1,300 IPs (predominantly U.S. and Europe), mirroring recent Cisco ASA reconnaissance activity ā Palo Alto Scan
- Splunk disclosed six critical flaws enabling remote JavaScript injection, SSRF and other serverāside issues across Enterprise and Cloud, with urgent upgrades and mitigations advised ā Splunk Flaws
- DrayTek patched an unauthenticated RCE in DrayOS tracked as CVE-2025-10547 via firmware updates; no active exploitation reported yet ā DrayTek Patch
Surveillance & Privacy
- Californiaās AG sued El Cajon for alleged illegal outāofāstate searches of a licenseāplate reader (ALPR) database, highlighting crossājurisdiction privacy risks for Californians ā ALPR Lawsuit
- Flock Safety unveiled Raven, a gunshot and human voice detection system that expands surveillance capabilities and rekindles civilāliberties concerns ā Flock Raven
Defenses & Industry
- Signal introduced the SPQR (Sparse PostāQuantum Ratchet) to harden messaging against quantum threats while maintaining postācompromise confidentiality ā Signal SPQR
- Security startup Oneleet raised $33 million to scale its compliance and attackāsurface platform; separate roundup covers PQC adoption, new Android spyware and a FEMA data incident ā Oneleet Funding, In Other News