Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [23 Oct 2025]

admin
Cybersecurity News | Daily Recap [23 Oct 2025]

Daily Recap, Nation-state Attacks and vulnerabilities highlight ongoing state-backed espionage and critical flaws impacting governments, enterprises, and researchers worldwide. Key actions include Lazarus targeting European defense firms, ToolShell exploits on governments, MuddyWater’s Phoenix backdoor campaigns, critical Adobe Magento flaws, and AI governance risks shaping security strategies. #Lazarus #ToolShell #MuddyWater #Phoenix #AdobeFlaw #Magento #Pwn2Own

Nation-state Attacks

  • North Korean hackers used fake job lures to steal drone secrets and the Lazarus group targeted European defense firms β€” NK Jobs, Lazarus Hits
  • China-linked actors exploited the ToolShell SharePoint bug to breach governments in Africa and South America while Symantec links Zingdoor, ShadowPad and KrustyLoader across global espionage campaigns β€” APT Overlap, ToolShell Breach, ToolShell Exploit
  • Iran-linked MuddyWater deployed the Phoenix v4 backdoor via compromised emails and VPN exit nodes and has targeted 100+ organizations in a global espionage campaign β€” MuddyWater Phoenix, MuddyWater Targets, Phoenix Targets

Vulnerabilities & Patches

  • Attackers are actively exploiting a critical Adobe Commerce flaw and the SessionReaper bug, impacting over 250 Magento stores overnight β€” Adobe Flaw, Magento Hit, SessionReaper
  • The abandoned Rust library TARmageddon flaw enables remote code execution and has been demonstrated by researchers β€” TARmageddon, TARmageddon 2
  • BIND updates address high-severity cache-poisoning flaws that could enable DNS manipulation β€” BIND Fixes
  • Critical vulnerabilities in TP-Link Omada gateways have been patched β€” TP-Link Patch
  • A critical Lanscope Endpoint Manager bug is being actively exploited in ongoing attacks, according to CISA β€” Lanscope Bug

Malware & Breaches

  • An old infostealer infection enabled a separate breach at Collins Aerospace, highlighting persistent credential-theft risks β€” Collins Breach
  • The Vidar Stealer 2.0 update enhances credential theft and evasion capabilities, increasing risk to stolen accounts and data β€” Vidar 2.0

AI & Tooling Risks

  • Organizations are warned that AI agents create a blind spot for Zero Trust models and require new controls β€” AI Agents
  • Spoofed AI sidebars can trick Atlas and Comet users into dangerous actions, demonstrating UI-based AI attack vectors β€” AI Sidebars
  • AI-generated β€œvibe coding” produces insecure code patterns and highlights the need for security-guided model integration β€” Vibe Coding
  • Free resources are available to learn a framework for securing AI at scale and speed β€” Secure AI

Scams & Operational Incidents

  • Japanese retailer Muji halted online sales after a ransomware attack on a logistics partner disrupted operations β€” Muji Ransom
  • Cyber incidents in Texas, Tennessee and Indiana are impacting critical government services, causing service disruptions β€” US Incidents
  • SpaceX disabled more than 2,000 Starlink devices used in Myanmar scam compounds as part of fraud mitigation efforts β€” Starlink Disabled
  • Ukraine aid groups were targeted with fake Zoom meetings and weaponized PDFs in tailored social-engineering attacks β€” Ukraine Aid
  • Meta launched new anti-scam tools for WhatsApp and Messenger to help users detect and block fraud β€” Meta Tools

Research & Industry

  • Day two of Pwn2Own saw hackers exploit 56 zero-days for a total of $790,000 in payouts, demonstrating active zero-day discovery β€” Pwn2Own
  • Security startup Keycard emerged from stealth with $38 million in funding to advance authentication products β€” Keycard

Cybersecurity News | Daily Recap – hendryadrian.com