Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [06 Sep 2025]

admin
Cybersecurity News | Daily Recap [06 Sep 2025]

Two notable security incidents affected education and finance sectors, with the Interlock group claiming a school district breach and Wealthsimple reporting a small customer impact while Qantas faced a July cyberattack linked to threat actors such as ScatteredSpider and ShinyHunters. The update also highlights critical CVEs in Sitecore and Argo CD, malicious npm activity impersonating crypto tooling, the TAG-150 group expanding with CastleLoader and CastleRAT, a $10 million FSB bounty, AI prompt-injection risks, and organizational changes like Microsoft MFA enforcement and Roblox age verification improvements. #Interlock #Wealthsimple #Qantas #ScatteredSpider #ShinyHunters #SITECORE #ArgoCD #npm #CastleRAT #TAG-150 #FSB #NKCTI #AIgovernance #Roblox

Data breaches & incidents

  • A UK education trust’s staff data was potentially exposed after a third‑party developer breach and a separate South Carolina school district incident that may have leaked 31,000 records and was claimed by the Interlock ransomware group – Dev Break-In, SC Schools
  • Canadian investment platform Wealthsimple disclosed a breach affecting under 1% of customers, with funds and passwords intact and identity protection offered to victims – Wealthsimple Breach
  • Qantas reduced executive bonuses by 15% after a July cyberattack that exposed millions of customer records and involved groups linked to ScatteredSpider and ShinyHuntersQantas Penalty

Vulnerabilities & patching

  • CVE-2025-53690 in Sitecore is being actively exploited and CISA ordered immediate patching and machine key rotation to prevent remote code execution – Sitecore CVE
  • A critical Argo CD API flaw (CVE-2025-55190) lets low‑permission tokens retrieve repository credentials, risking deployments for many organizations – ArgoCD Flaw

Developer & supply‑chain threats

  • Malicious npm packages impersonating crypto tooling and abuse of Ethereum smart contracts are being used to steal wallet keys and hide malware delivery inside developer dependencies – Malicious npm, Smart Contracts

Malware & threat actors

  • Threat actor TAG-150 expanded operations with CastleLoader and a new CastleRAT (Python/C) used for initial access, payload delivery and espionage via phishing and impersonation – CastleRAT

Nation‑state activity & law enforcement

  • The U.S. offered a $10 million reward for information on three alleged Russian FSB officers tied to cyberattacks against critical infrastructure, while reports also flag North Korean actors exploiting CTI platforms against crypto professionals – FSB Bounty, NK CTI

AI security & governance

  • Stealthy “parallel‑poisoned web” attacks can serve cloaked, malicious prompts only to AI agents, highlighting the need for stronger AI governance, observability and developer processes to reduce vulnerable code and prompt injection risks – Poisoned Web, AI Governance

Security controls & platform changes

  • Microsoft has enforced multifactor authentication for Azure Portal sign‑ins across all tenants and plans to extend MFA to CLI, PowerShell, SDKs and APIs by October 2025 to harden admin access – Azure MFA
  • Roblox will verify ages for all users of chat/text features using facial recognition, ID checks and parental consent to better protect minors from inappropriate interactions – Roblox Age

Cybersecurity News | Daily Recap – hendryadrian.com