Cybersecurity News | Daily Recap [26 Sep 2025]

Daily Recap, Urgent patches and an emergency directive address multiple critical Cisco ASA/FTD flaws exploited by state-linked campaigns like ArcaneDoor and UAT4356 to deploy malware such as RayInitiator and LINE VIPER, while other zero-days in GoAnywhere MFT and widespread ransomware incidents underscore evolving threat activity across sectors. The roundup also highlights advanced espionage, AI/cloud risks, supply chain abuse, and notable law enforcement actions affecting organizations worldwide. #ArcaneDoor #RayInitiator #LINEVIPER #GoAnywhereMFT #Qilin #Akira #BRICKSTORM #RedNovember #COLDRIVER #DeceptiveDevelopment #ForcedLeak #VaneViper #XCSSET #InterpolAfrica #AmazonSettlement

Urgent patches and a CISA emergency directive address multiple critical ASA/FTD flaws (including CVE-2025-20333 / CVE-2025-20362) actively exploited by state-linked campaigns like ArcaneDoor and UAT4356 to achieve remote code execution and deploy malware such as RayInitiator and LINE VIPER – Cisco ASA, ASA Zero-Day, CISA Directive

A critical CVE-2025-10035 in Fortra’s GoAnywhere MFT has been exploited in the wild to achieve remote command execution and backdoors, leaving over 20,000 instances at risk until patched – GoAnywhere MFT, GoAnywhere Exploit

Australia is seeing a surge in ransomware targeting wealthy industries with 71 incidents reported in 2025 and activity from groups like Qilin and Akira – Ransomware Trends
High-impact attacks include the UK Co-op breach (mass customer data loss and reported losses ~£206M / other reports ~$107M), aerospace firm RTX hit by HardBit, a Maryland transport breach claimed by Rhysida, and an Arizona school district hit by Interlock affecting 35,000 people – Co-op Attack, Co-op Losses, RTX Ransomware, School District, Maryland Hack

Google and Mandiant intelligence detail the long-running China-linked BRICKSTORM campaign (credential theft and IP exfiltration across US tech and legal firms) persisting for over a year – BRICKSTORM Spy, Brickstorm Report
Other espionage campaigns include China-linked RedNovember intrusions into defense contractors, Russia-focused APT COLDRIVER using BAITSWITCH/SIMPLEFIX, and North Korea’s DeceptiveDevelopment/WageMole operations stealing developer identities to target crypto developers – RedNovember, COLDRIVER Campaign, DeceptiveDevelopment

Researchers disclosed ForcedLeak, an AI prompt-injection flaw in Salesforce AgentForce that can expose CRM data via Web-to-Lead forms and domain expiration, illustrating AI-agent risks – Salesforce AI, Salesforce ForcedLeak
Separately, experts warn of broader security gaps when deploying generative AI (phishing, deepfakes, model manipulation), and Microsoft has limited an Israeli unit’s access to cloud/AI services over alleged mass surveillance in Gaza – AI Risks, Microsoft Israel

A malicious npm package impersonating Postmark exfiltrated emails after a backdoored release, and PyPI users face coordinated phishing and fake login sites stealing credentials—developers urged to rotate keys and enable MFA – Postmark NPM, PyPI Phishing, PSF Warning

Vendors and security teams released multiple advisories and updates: SolarWinds pushed a hotfix for CVE-2025-26399 in Web Help Desk, Drupal issued AV25-617 fixes, Microsoft delivered a Windows 10 22H2 preview addressing SMBv1, and a Threatsday bulletin covered rootkit, mobile, and supply-chain risks—admins should prioritize these patches – SolarWinds Patch, Drupal Advisory, Windows 22H2, Threatsday Bulletin

Adtech actor Vane Viper generated an estimated 1 trillion DNS queries powering a global malvertising/ad-fraud network that compromised hundreds of thousands of sites for malware and phishing distribution – Vane Viper

Microsoft warns of a new XCSSET macOS variant targeting Xcode projects with browser-data theft, clipboard hijacking, and persistence to steal developer secrets and crypto assets – XCSSET macOS

Interpol-led operations across 14 African countries arrested 260 suspects in romance/sextortion scams, seizing devices and disrupting networks that defrauded over 1,400 victims—regional crackdowns continue – Interpol Africa, Africa Crackdown
Law-enforcement stories include two Dutch teens arrested on suspected pro-Russian espionage duties and a 17-year-old tied to the 2023 Las Vegas casino cyberattacks released under supervision—highlighting arrests connected to state and organized actors – Dutch Teens, Teen Hacker
Policy updates: the UK plans to replace Action Fraud with a new Report Fraud system powered by Palantir Foundry to improve reporting and investigations – Report Fraud

A misconfigured cloud server exposed thousands of Indian bank transfer records from multiple banks, underscoring cloud misconfiguration risks and data governance failures – Indian Bank Leak
Amazon agreed to a $2.5 billion settlement over alleged dark-pattern tactics for Prime signups, including a $1 billion civil penalty and $1.5 billion in refunds—highlighting consumer-privacy and UX abuse issues – Amazon Settlement

SHARE THIS STORY