Cybersecurity News | Daily Recap [22 Oct 2025]

Daily Recap, Oracle patching urgency follows active SSRF exploitation in E-Business Suite as researchers flag 94+ n-day Chromium vulnerabilities impacting IDE tooling. Also highlighted are Bitter APT’s WinRAR zero-day, PolarEdge expanding to new routers, and Passiveneuron/Neursite backdoors detected in campaigns.
#Oracle #SSRF #BitterAPT #WinRAR #PolarEdge #PassiveNeuron

Vulnerabilities & Patches

Oracle released its October 2025 security updates while CISA confirmed active exploitation of an Oracle E-Business Suite SSRF flaw, underscoring urgent patching – Oracle Patches, Oracle SSRF
TP-Link patched four Omada gateway flaws including two allowing remote code execution and warned of a critical command injection in Omada gateways—apply updates – TP-Link Omada, TP-Link Warning
Researchers disclosed the TARmageddon flaw in the abandoned async-tar Rust library that could enable remote code execution via crafted archives – TARmageddon, Async-Tar Flaw
Active exploitation detected for a critical Windows SMB flaw CVE-2025-33073, prompting immediate mitigation – SMB Flaw
Cursor and Windsurf IDEs were found riddled with over 94 n-day Chromium vulnerabilities affecting developer tooling – IDE Chromium
Microsoft’s recent Windows updates caused login issues on some PCs sharing security IDs, and a separate patch fixed a bug preventing users from opening classic Outlook – Windows Login Issues, Outlook Fix

Malware & APTs

Researchers tracked the PassiveNeuron APT deploying Neursite and NeuralExecutor backdoors and abusing MS SQL servers for stealthy deployments – PassiveNeuron, PassiveNeuron Report
The Bitter APT used a WinRAR zero-day and a new C# backdoor delivered via Office macros to target China and Pakistan – Bitter APT
Russian state-sponsored COLDRIVER actors are replacing burned toolsets (including LOSTKEYS) with new malware, according to Google and reporting – COLDRIVER Tools, COLDRIVER Follow-up
Attackers evolved malicious ClickFix/PhantomCaptcha ‘I am not a robot’ flows to push malware and recently targeted Ukraine war-relief organizations – Captcha Malware, Captcha Evolution
The Brazilian Caminho Loader hides a malware delivery chain inside image files to bypass defenses – Caminho Loader
Vidar Stealer 2.0 adds multi-threaded data theft and improved evasion to accelerate credential and data exfiltration – Vidar Stealer
A doxxing campaign exposed Lumma Stealer developers and has slowed the malware’s operations and ecosystem activity – Lumma Doxxed, Lumma Slowed
PolarEdge botnet expanded to target Cisco, ASUS, QNAP, and Synology routers to recruit devices at scale – PolarEdge Botnet
ToolShell SharePoint attacks targeted organizations across four continents using SharePoint-based toolsets to maintain access – ToolShell SharePoint

Ransomware & Incidents

A cyberattack disrupted operations at Heywood and Athol hospitals in Massachusetts, affecting services and patient care – Hospital Attack
Jewett-Cameron fencing and pet company reported a ransomware incident impacting business operations – Jewett Ransom
Ransomware activity is escalating in APAC, exploiting VPN flaws, Microsoft 365 logins and custom Python scripts, while overall ransom payments rose larger even as fewer victims pay – Ransomware APAC, Ransomware Payments

Events & Research

On day one of Pwn2Own Ireland 2025 researchers exploited 34 zero-days and earned over $520,000 in payouts, highlighting ongoing exploit research value – Pwn2Own Earnings, Pwn2Own Zero-Days
“Unseeable” prompt injection techniques were described as a new threat that can stealthily manipulate AI agents and chain malicious actions – Prompt Injection

Policy & Disinformation

Google exposed a Russian disinformation blitz over a Poland airspace incursion using the Portal Kombat network to amplify false narratives – Disinfo Poland
Russia is pressuring Apple to set Russian search engines as the default on locally sold iPhones, raising privacy and market concerns – Russia Apple

Industry Moves

Gravwell closed a $15.4M funding round to expand its data analytics and security platform – Gravwell Funding
SBOM pioneer Allan Friedman joined NetRise to advance software supply chain visibility and SBOM adoption – Allan Friedman
Defakto raised $30M for its non-human identity and access management platform to secure machine identities – Defakto Raise
Meta rolled out new protections to help shield WhatsApp and Messenger users from scams and social engineering – Meta Tools

Security Guidance & Breaches

The FinWise data breach underscores why strong encryption is often the last line of defense when other controls fail – FinWise Breach
Security guidance now favors longer, memorable passphrases over complex passwords to reduce helpdesk tickets and improve resistance to brute-force attacks per NIST recommendations – Passphrases
A guide stresses going beyond basic configuration to harden gateway devices and reduce attack surface across network edge devices – Gateway Security

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print