Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [19 Aug 2025]

admin
Cybersecurity News | Daily Recap [19 Aug 2025]

The cybersecurity landscape this week highlights the emergence of PipeMagic, a modular backdoor exploiting a Windows zero-day, used by threat actors like Storm-2460 and RansomEXX to deploy ransomware through fake ChatGPT apps. Additionally, nation-state campaigns from North Korea and Russia target foreign embassies and space infrastructure, while significant data breaches impact organizations like Allianz Life, TPG’s iiNet, and the Business Council of New York State. Key vulnerabilities such as SAP NetWeaver flaws and HTTP/2 DoS are being actively exploited, along with malware campaigns like Noodlophile and the leaking of ERMAC source code. Hashtags: #PipeMagic #Storm2460 #RansomEXX #Kimsuky #XenoRAT #SpaceWarfare #AllianzBreach #TPGBreach #SAPVulnerabilities #Noodlophile #ERMAC #Kinsing #Zeppelin

Ransomware & Backdoors

  • Microsoft warns a modular backdoor PipeMagic (used by Storm-2460/RansomEXX) leverages a Windows zero‑day CVE-2025-29824 and is being pushed via fake ChatGPT apps to deploy ransomware – PipeMagic Backdoor, ChatGPT Lure, Windows Exploit

Espionage & Nation-State

  • A North Korea‑linked campaign (likely Kimsuky) used spear‑phishing and XenoRAT to target foreign embassies in South Korea, with signs of operations routed via ChinaEmbassy Espionage, XenoRAT Campaign
  • Hackers linked to Russia hijacked a satellite used by Ukraine to broadcast propaganda, highlighting growing threats to space infrastructure – Space Warfare

Data Breaches & Incidents

  • Attackers leaked ~1.1 million Allianz Life records via compromised Salesforce access in a campaign tied to Scattered Spider/ShinyHuntersAllianz Leak, Allianz Impact
  • Stolen employee credentials at TPG’s iiNet exposed ~280,000 customers’ personal data; investigation ongoing (no financial data affected) – iiNet Breach, TPG Investigates
  • The Business Council of New York State disclosed a breach affecting > 47,000 people and offered containment and credit monitoring – NY Breach
  • Optima Tax Relief notified ~3,100 people after an alleged ransomware incident claimed by Chaos exposed sensitive data – Optima Breach
  • Workday suffered a social‑engineering breach through a third‑party CRM that exposed contact data and increased phishing risk – Workday Breach
  • Colt Technology Services faced prolonged outages and a data leak claimed by Warlock, likely via a SharePoint flaw – Colt Outage
  • Casino gaming firm Bragg reported a cyberattack that accessed internal systems but said no personal data or operations were impacted – Bragg Attack, Bragg Incident

Vulnerabilities & Patch Issues

  • A new exploit chain targets SAP NetWeaver (including CVE-2025-31324 and CVE-2025-42999) enabling remote code execution on unpatched systems – SAP Exploit
  • The HTTP/2 DoS bug CVE-2025-8671 bypasses mitigations to overload servers; vendors have issued fixes but unpatched hosts remain at risk – HTTP/2 DoS
  • Over 800 N‑able N‑central instances remain unpatched against actively exploited flaws (CVE-2025-8875/CVE-2025-8876), prompting urgent upgrades – N‑able Flaws, N‑able Unpatched
  • Microsoft’s August 2025 security updates caused Windows reset/recovery failures on Windows 10/11 and are being corrected via out‑of‑band patches – Windows Update
  • PyPI blocked ~1,800 expired‑domain email addresses to prevent account takeovers and domain‑resurrection supply‑chain attacks – PyPI Fix

Malware Campaigns & Threat Actors

  • The global Noodlophile spear‑phishing campaign uses fake copyright/PI notices, DLL side‑loading and Telegram C2 to deliver an infostealer to enterprises worldwide – Noodlophile Campaign, Noodlophile Expansion
  • Leak of ERMAC v3 Android banking‑trojan source code exposes infrastructure that could spawn new mobile banking threats against > 700 apps – ERMAC Leak
  • A threat actor is offering > 15.8 million plain‑text PayPal credentials from infostealer logs for sale, enabling credential stuffing and fraud – PayPal Dump

Cryptomining & Financial Crime

  • Cryptomining group Kinsing has expanded operations into Russia, exploiting legacy flaws like CVE-2017-9841 to mine Monero at scale – Kinsing Expansion
  • A Nebraska man was sentenced to 1 year for a $3.5M cryptojacking scheme that abused cloud providers and laundered proceeds – Cryptojack Sentenced

Law Enforcement & Takedowns

  • The DoJ seized ~$2.8M in cryptocurrency tied to the Zeppelin ransomware operation, part of continued disruption efforts – DoJ Seizure
  • A UK “serial hacker” was jailed for 20 months after compromising ~3,000 sites and leaking data to promote extremist causes – UK Sentence
  • Thai police arrested operators of an SMS‑blasting phishing ring (allegedly hired by a Chinese boss) that sent fake bank alerts across Bangkok – SMS Bust

Network & Telecom Security

  • Researchers revealed Sni5Gect, a novel 5G attack allowing message sniffing/injection before authentication without a malicious base station, impacting devices like Galaxy S22 and Pixel 7 – 5G Bypass

Policy & Industry

  • Britain has dropped its demand for Apple to provide encryption backdoors, marking a win for privacy and civil liberties in digital security debates – Apple Backdoor
  • Mozilla warns a German court ruling could effectively ban browser ad blockers, raising concerns about user choice and extension development – Adblock Ruling

Cybersecurity News | Daily Recap – hendryadrian.com