Cybersecurity News | Daily Recap [16 Oct 2025]

Daily Recap, Microsoft disrupted the Vanilla Tempest ransomware campaign by revoking over 200 fraudulent code-signing certificates, highlighting ongoing certificate disruptions in cybersecurity. Nations-state breaches exposed F5 BIG-IP source code and data, prompting CISA directives and emergency patches, while active exploits targeted Adobe AEM and other software, underscoring widespread vulnerability disclosures. #VanillaTempest #F5BREACH #AdobeAEM

Certificate Disruptions

Microsoft disrupted the Vanilla Tempest ransomware campaign by revoking/invalidating over 200 fraudulent code‑signing certificates used to sign malware – Cert Revocations, Vanilla Tempest

Nation-state Breaches & Response

Nation-state actors stole F5 BIG‑IP source code and vulnerability data, triggering CISA directives, agency warnings and emergency patches from F5 – F5 Breach, Source Theft, F5 Patches, CISA Directive

Actively Exploited Flaws

CISA warns a maximum‑severity Adobe AEM flaw (score 10.0) is under active attack while vendors and researchers scramble to patch related issues – AEM Flaw, Adobe Exploited
Gladinet patched an actively exploited zero‑day in its file‑sharing software after in‑the‑wild abuse was reported – Gladinet Patch
Microsoft’s September Windows Server updates caused Active Directory issues for some environments after patch deployment – AD Update Issues

Blockchain Malware

North Korean‑linked actors are abusing blockchain smart contracts and techniques like EtherHiding to conceal crypto‑stealing malware and deliver payloads via infected sites – Blockchain Hiding, EtherHiding, Smart Contract Abuse, Blockchain Malware

APT Campaigns

Multiple APTs — Elephant, Jewelbug and Flax Typhoon — conducted prolonged intrusions stealing diplomatic and IT data and maintaining long‑term access via novel backdoors like MemLoader and ArcGIS SOE web shells – Elephant APT, Jewelbug, Flax Typhoon

Mobile Malware

New Android campaign by GhostBat RAT targets Indian users with fake RTO apps (e.g., mParivahan), using Telegram bots, multi‑stage droppers and crypto‑mining to exfiltrate data and control devices – GhostBat RAT

Supply Chain & Phishing

Over 100 malicious or vulnerable VS Code extensions exposed developers to hidden supply‑chain risks, increasing attack surface for downstream apps – VS Code Risk
Fake LastPass and Bitwarden breach alerts are being used in social‑engineering campaigns to hijack PCs and harvest credentials – Fake Alerts

Defense, AI & Events

AISLE emerged with an AI‑based reasoning system that remediates vulnerabilities on the fly, while Matters.AI raised $6.25M to safeguard enterprise data — signaling more AI in defensive tooling – AISLE Launch, Matters.AI Funding
SecurityWeek will host the 2025 ICS Cybersecurity Conference Oct 27–30 in Atlanta and a webinar today covers API security best practices for defenders – ICS Conference, API Webinar
Microsoft added Hey Copilot voice activation to Windows 11 PCs as part of broader product updates – Hey Copilot

Breach Penalties & Legal

The UK ICO fined outsourcing giant Capita a record £14 million over a ransomware/data breach that impacted millions of customers – Capita Fine, Capita Penalty
Mango confirmed a third‑party cyberattack exposed limited customer details as it investigates the breach – Mango Breach
A hacker involved in the PowerSchool intrusion was sentenced to 4 years in prison, underscoring criminal penalties for school‑system breaches – PowerSchool Sentence, PowerSchool Coverage

Policy & Accountability

US senators and watchdogs pressed vendors like Cisco to share more data on the business impact of severe bugs as governments respond to recent large‑scale intrusions – Cisco Inquiry, CISA Response

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print