![Cybersecurity News | Daily Recap [08 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [08 Oct 2025]")
Daily Recap, Google launches an AI Vulnerability Reward Program offering up to $20,000 for critical flaws and DeepMind’s CodeMender auto-detects and patches vulnerable code. Chinese-linked actors abuse Nezha to deploy Gh0stRAT across multiple Asian targets, while BatShadow pushes Vampire Bot via Go-based malware; Salesforce rejects extortion tied to ShinyHunters and Clop exploits Oracle zero-day, with North Korea-linked theft exceeding $2B in crypto this year. #CodeMender #Gh0stRAT #Nezha #VampireBot #ShinyHunters #Clop #NorthKoreanCryptoTheft
AI & LLM Security
- Google launches an AI Vulnerability Reward Program offering up to $20,000 for critical flaws while DeepMind‘s CodeMender auto-detects and rewrites vulnerable code to patch projects — AI Bug Bounty, CodeMender
- Researchers warn of emerging LLM attack vectors and adversary use of AI—Google declines to patch an ASCII smuggling trick in Gemini while Ukrainian CERT reports Russian groups using AI-generated malware and zero-click tactics — ASCII Smuggling, Russian AI Attacks
China-linked Attacks
- Suspected China-linked actors abused the open-source Nezha monitoring tool and web shells to deploy Gh0stRAT, compromise over 100 targets across Taiwan, Japan, South Korea and Hong Kong, and poison logs and phpMyAdmin panels to maintain access — Nezha Campaign, Nezha Weaponized
Exploits & Active Attacks
- Attackers are actively exploiting a critical auth-bypass in the Service Finder WordPress theme with over 13,800 recorded attempts, enabling unauthorized admin access — Service Finder
- Credential-stuffing and account-takeover activity hit consumer services, with DraftKings forcing resets and MFA after mass login attempts — DraftKings Breach
Malware & Social Engineering
- Vietnamese actor BatShadow targets job seekers with decoy listings and ZIP-based lures to deliver a new Go-based Vampire Bot that uses browser redirection and social engineering to infect victims — Vampire Bot
Data Theft & Extortion
- Enterprise extortion and data-theft campaigns continue: Salesforce refuses to pay extortionists tied to ShinyHunters, attackers claimed nearly 1 billion records, while the Clop gang has abused an Oracle EBS zero-day (CVE-2025-61882) for data theft and multiple firms like Avnet reported compromised data (around 7–12TB) — Salesforce Extortion, Clop Oracle Exploit, Avnet Breach
- Law enforcement arrested suspects connected to a ransomware-driven doxing campaign that exposed over 1,000 children from the Kido nursery chain, underscoring risks to sensitive personal data — Kido Nursery Arrests
- Nation-state theft persists as North Korean</b)-linked groups reportedly stole over $2 billion in cryptocurrency in 2025 to fund weapons programs, continuing large-scale illicit cyber theft — North Korea Crypto Theft
DevSecOps & Supply Chain
- Docker expands access to its Hardened Images catalog to make verified, vulnerability-reduced container images affordable for small businesses to improve secure deployments — Docker Hardened Images
- Analysts urge modern defenses for cloud workspaces—beyond perimeter controls—to detect and contain OAuth/token abuse after recent incidents impacting trusted integrations like Salesloft/Drift — Workspace Defense
Policy & Privacy
- Germany says it will not back the EU’s proposed Chat Control message-scanning law, citing threats to privacy and end-to-end encryption, putting the initiative’s future in doubt — Chat Control
- An investigation revealed police used a national network of automatic license-plate readers in an abortion probe, raising privacy and cross-jurisdictional data-sharing concerns — License Plate Search