Cybersecurity News | Daily Recap [12 Sep 2025]

hendryadrian.com

hendryadrian.com

Daily Cybersecurity Recap

Ransomware & Malware

• Researchers warn of the HybridPetya bootkit-installer ransomware that can bypass UEFI Secure Boot via CVE-2024-7344 to encrypt systems. – HybridPetya, In Other News
• The Akira gang is actively exploiting CVE-2024-40766 in SonicWall SSLVPNs—authorities urge immediate patching, MFA and password resets. – Akira Ransom
• New espionage and RAT campaigns identified: fileless EggStreme targets the Philippine military, ToneShell (Mustang Panda) adds anti-analysis tricks in Myanmar operations, and attackers abuse ConnectWise ScreenConnect to drop AsyncRAT. – EggStreme, ToneShell, AsyncRAT
• INC Ransom claims a theft of over 1.5 TB from Panama’s Ministry of Economy though core systems remain operational. – Panama Breach

Vulnerabilities & Patching

• A critical deserialization flaw CVE-2025-5086 in Dassault Systèmes DELMIA Apriso is being actively exploited and added to CISA’s KEV catalog; organizations are urged to patch now. – DELMIA Flaw, DELMIA Coverage
• Cisco released patches for three high-severity IOS XR flaws affecting image verification, ARP processing and ACLs that could enable RCE or bypasses. – Cisco Patches
• Samsung fixed an actively exploited Android RCE (CVE-2025-21043) and WhatsApp patched a zero-click flaw (CVE-2025-55177) linked to spyware campaigns. – Samsung Fixes
• Adobe published security advisory AV25-583 covering multiple products (Acrobat, After Effects, Premiere Pro, ColdFusion); admins should review and patch. – Adobe Advisory
• CISA outlines plans to modernize the CVE Program with a focus on improving vulnerability data quality and partnerships to strengthen global cyber defense. – CVE Program
• New microarchitectural Spectre-BTI variant VMScape can break cloud VM isolation and leak keys on some AMD Zen and older Intel CPUs—cloud operators should apply mitigations. – VMScape
• Payment vendor KioSoft delayed patching a critical NFC stored-value card flaw that enabled infinite top-ups, exposing weaknesses in RFID systems and vendor response. – KioSoft Hack

Cloud & AI Security

• F5 will acquire CalypsoAI for $180 million to bolster AI security and runtime defenses for enterprise AI deployments. – F5 Acquires
• Security bug in the Cursor AI code editor can enable silent code execution from malicious repositories—enable Workspace Trust and audit repos. – Cursor Flaw
• Cloud-native security trends for 2025 emphasize runtime visibility, AI-assisted triage and platform consolidation to secure hybrid environments. – Cloud-Native
• A large NPM supply-chain compromise of packages like ansi-styles and chalk primarily sought cryptojacking rewards and netted only $600, yet propagated rapidly. – NPM Attack
• Google Pixel 10 adds C2PA support to verify AI-generated media provenance, improving content transparency. – Pixel C2PA
• Researchers and vendors offer LLM pen‑testing guidance (Adversarial Prompt Exploitation); tune defenses and attend briefings such as today’s webinar on LLM red‑teaming. – LLM Webinar
• The FTC opened inquiries into AI “companion” chatbots for children to assess emotional risks, privacy and COPPA compliance. – FTC AI Probe, FTC Inquiry

Incidents & Breaches

• French regional healthcare agencies reported breaches that exposed patient data via impersonation/phishing tactics and are implementing containment measures. – France Healthcare
• UK train operator LNER notified customers of a breach exposing contact and travel history from a third‑party supplier; payment data was not impacted. – LNER Breach
• Former Vastaamo breach perpetrator Aleksanteri Kivimäki was released from custody during appeal proceedings in a high‑profile Finnish extortion case. – Vastaamo Case
• A Memphis man was sentenced to 57 months for stealing and selling unreleased movies, underscoring ongoing digital piracy enforcement. – Movie Seller

Microsoft: Outages & Oversight

• Microsoft is investigating a widespread Exchange Online outage across North America that disrupted email and related services while rolling fixes are deployed. – Exchange Outage
• Microsoft will add malicious link warnings to Teams private chats, rolling out in September and broadly in November 2025 to reduce phishing and malware clicks. – Teams Warnings
• Senator Ron Wyden urged the FTC to investigate Microsoft over alleged “gross cybersecurity negligence” tied to ransomware incidents and deprecated crypto defaults (e.g., RC4). – Wyden Accusation, Wyden Probe

Policy & Regulation

• A CISA official urged Congress to renew the Cybersecurity Information Sharing Act (CISA 2015) to avoid disrupting public‑private threat intelligence sharing. – CISA Renewal
• California passed a bill requiring browsers to offer an automatic opt‑out for third‑party data sharing to strengthen consumer privacy (awaiting the governor’s signature). – CA Opt-Out
• Switzerland’s proposed law to force ID collection, retention and encryption backdoors drew criticism as a mass‑surveillance risk and prompted privacy firms to relocate infrastructure. – Swiss Privacy
• The UK again delayed introducing the Cyber Security and Resilience Bill (CSRB), slowing regulatory updates amid rising industry incidents. – UK CSRB Delay
• ASEAN adopted a 10‑year action plan to combat cybercrime and online scams through regional cooperation through 2035. – ASEAN Plan

Education & Insider Risk

• The UK ICO warns that student insiders now cause over half of school cyber incidents—prompting calls for improved technical controls and cultural safeguards in schools. – Student Threats, Student Hackers

Industry Guidance & Training

• New training helps CISOs translate technical risk into board‑level language with practical guidance for risk reporting and strategic alignment. – CISO Course

Cybersecurity News | Daily Recap – hendryadrian.com