Cybersecurity News | Daily Recap [20 Oct 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patches

• ConnectWise released a patch for a critical flaw in its Automate RMM tool that could enable remote compromise – ConnectWise Patch
• A critical WatchGuard Fireware vulnerability could allow unauthenticated code execution on affected appliances – WatchGuard Flaw
• A flaw in the Dolby decoder was disclosed that can enable zero-click attacks against vulnerable devices – Dolby Zero-Click

Microsoft & Detection

• Microsoft warned that October updates are causing Windows smart card auth problems for some environments after patching, impacting authentication workflows – Microsoft Auth
• Security teams can use Cazadora to find hidden malicious OAuth apps in Microsoft 365, helping detect stealthy app-based compromises – Cazadora Scan

North Korea APTs

• UNC5342 is using EtherHiding to store malware in blockchain smart contracts for stealthy C2 communication tied to North Korea operations – EtherHiding APT
• WaterPlum deployed a Node.js OtterCandy RAT with anti-forensic modules to steal crypto and persist on victims’ systems in targeted campaigns – WaterPlum RAT

Phishing, Extensions & Ads

• Researchers warn that ClickFix copy/paste attacks and TikTok push campaigns continue to distribute infostealers, driving account takeovers and credential theft – ClickFix Attacks, TikTok Push
• 131 Chrome extensions were caught hijacking WhatsApp Web to run a massive spam campaign that abuses browser permissions for large-scale abuse – WhatsApp Extensions
• Malicious ads promoting a fake Perplexity Comet browser download were observed pushing installers that deliver malware via Google ad placements – Perplexity Ads
• Lumma Stealer activity has dropped after the operator was doxxed, reducing observed distribution but leaving residual risk from stolen credentials – Lumma Stealer

Surveillance & SIM Fraud

• European law enforcement dismantled a large SIM farm infrastructure and arrested seven suspects involved in SIM-based fraud and account takeover schemes – SIM Farm
• A court ordered NSO to stop exploiting WhatsApp but cut damages to $4 million, marking a mixed legal outcome in spyware litigation – NSO Ruling
• The creator of Evilginx reflected publicly on the harmful uses of red-team tools as abuse outpaces legitimate research, spotlighting dual-use risks – Evilginx Interview

Breaches, Outages & Legal Actions

• Home security firm Verisure reported a data breach at its Swedish subsidiary, exposing customer-related information and triggering investigations – Verisure Breach
• American Airlines subsidiary Envoy Air was impacted by an Oracle-related hack affecting systems and prompting incident response actions – Envoy Air Hack
• An AWS outage disrupted major services including Amazon, PrimeVideo, Fortnite and Perplexity, demonstrating cloud single-point-impact risks – AWS Outage
• Experian was fined $3.2 million for mass-collecting personal data, underscoring regulatory scrutiny on data aggregation practices – Experian Fine

Geopolitics & Time Systems

• China’s MSS accused the NSA of using 42 cyber tools in a multi-stage attack on Beijing’s time systems, while Beijing separately accused the US of a cyberattack on its National Time Center, escalating state-level tensions around time infrastructure disruptions – MSS Claim, China Accuses US

Research & Recap

• Daily threat summaries and weekly recaps continue to be published covering recent advisories, incidents, and research for analysts and defenders – Threat Recap

Cybersecurity News | Daily Recap – hendryadrian.com