![Cybersecurity News | Daily Recap [08 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [08 Sep 2025]")
Daily Recap, Large-scale DevOps supply-chain and repository attacks exposed thousands of secrets and private repos, including GhostAction and the NX leak, while Argo CD’s API flaw prompts urgent patching and updates. Noisy Bear targets Kazakhstan’s energy sector, and Pakistan and Qantas report major data breaches alongside ongoing identity and phishing threats, reinforced by AI-driven safety measures in Roblox and evolving patch management practices. #GhostAction #NxLeak #SalesloftBreath #ArgoCD #NoisyBear #KazakhstanOilGas #PakistanSIM #QantasData #iCloudPhish #RobloxAge
Daily Cybersecurity Recap
DevOps & Supply‑Chain
- Large-scale DevOps supply‑chain and repository attacks exposed thousands of secrets and private repos—campaigns include GhostAction (GitHub Actions leak of over 3,300 secrets), the Nx incident that made > 6,700 private repos public, and a Salesloft GitHub compromise tied to UNC6395 that helped fuel a Salesforce data theft – GhostAction, Nx Leak, Salesloft Breach
- Critical Argo CD API flaw (CVE-2025-55190, rated 9.8) can expose GitOps repository credentials via project tokens; patches are available—update immediately – Argo CD
Nation‑State Activity
- China-linked actors (reported APT41) impersonated a U.S. congressman to target trade stakeholders and gather intelligence, reinforcing concerns about state-backed espionage and political influence operations – China Impersonation, Czech Advisory
- New APT dubbed Noisy Bear (likely Russian‑linked) has been spying on Kazakhstan‘s oil & gas sector since April 2025 using spear‑phishing, PowerShell loaders, and DLL implants—targeted espionage of energy infrastructure – Noisy Bear
Data Breaches & Privacy
- Pakistan launches an investigation after a massive SIM‑holder data leak exposed millions of records (including officials) and sparked illicit sales of personal data online—major national privacy crisis – Pakistan SIM
- Qantas’ cyberattack exposed personal data of 5.7 million customers, prompting executive bonus reductions and accelerated security measures and customer support actions – Qantas Data
Identity, AI & Phishing
- Attackers are abusing platform features and synthetic identities—iCloud Calendar invites are being used to send phishing from Apple servers while adversaries use AI‑generated profiles to onboard as trusted employees; defenses like strict credential controls and zero standing privileges are advised – iCloud Phish, Onboarded Attacker
- Roblox is deploying AI‑based age estimation (facial analysis and ID checks) for all communication‑enabled users to bolster child safety, raising privacy and regulatory trade‑offs – Roblox Age
Security Practices & IoT
- Modern patch management favors cloud‑native tools: vendors argue moving from legacy on‑prem WSUS to solutions like Action1 delivers easier deployment, broader coverage, and real‑time automation – Patch Management
- The UAE Cyber Security Council warns that 70% of smart home devices are vulnerable due to weak defaults and poor practices, urging improved firmware, defaults, and consumer guidance – Smart Home Risk
- Weekly threat research roundup highlights ongoing trends in supply‑chain compromises, ransomware evolution, and mappings between actors and tooling—useful context for defensive prioritization – Threat Recap
Censorship & Protests
- Nepal’s government imposed a social media ban citing cybercrime and disinformation concerns, triggering protests and clashes that left dozens injured and drew rights groups’ criticism—digital restrictions sparked civil unrest – Nepal Ban