Cybersecurity News | Daily Recap [30 Sep 2025]

Daily Recap, A roundup of vulnerabilities, AI threats, ransomware incidents, and policy developments shaping the cybersecurity landscape, including Critical CVE-2025-43400 fixes, Gemini AI risks, ransomware activity against Asahi, and state-backed phishing campaigns. The report highlights supply chain exposure from an npm package, notable enforcement actions like the Bitcoin Queen seizure, and ongoing OT guidance from national authorities. #CVE-2025-43400 #GeminiAI #ASLRBypass #AsahiOutage #MedusaRansomware #FEMACBP breach #JLRAttack #APT35 #BitcoinQueen #CISA

Vulnerabilities & Patches

Apple released cross-platform fixes for a critical font parser flaw CVE-2025-43400 that could lead to memory corruption or remote code execution – Apple Update
Researchers and Google patched multiple flaws in Gemini (prompt/search-injection, data exfiltration) and Google Project Zero disclosed an ASLR bypass in Apple serialization, underscoring new AI and serialization risks – Gemini Patches, Gemini Research, Apple ASLR
Broadcom issued fixes for two high-severity VMware NSX vulnerabilities reported by the NSA that could enable username enumeration and brute-force attacks – VMware NSX
Microsoft published optional Windows 11 preview KB5065789 with 41 non-security fixes including File Explorer AI enhancements and Sandbox/Windows Update bug fixes – KB5065789
Chinese-linked RedNovember campaign targets unpatched edge devices (SonicWall, Cisco ASA, Palo Alto) with tools like Pantegana, SparkRAT and Cobalt Strike, highlighting urgent patching needs for internet-facing devices – RedNovember

AI & Malware

Attackers are distributing EvilAI malware by masquerading as legitimate AI tools and signed software to infiltrate global organizations at scale – EvilAI Malware
Google fixed exploits that allowed poisoned logs and indirect prompt injections against Gemini, showing the growing attack surface in AI assistants and cloud integrations – Gemini Patches, Gemini Research

Ransomware & Incidents

A cyberattack forced Asahi (Japan’s largest brewer) to suspend domestic operations, disrupting shipping and call centers while investigations continue with no confirmed data theft – Asahi Outage, Asahi Suspension, Asahi Report
Akira ransomware actors can breach firms in under four hours using stolen SonicWall SSL VPN credentials, bypass MFA, exfiltrate data and rapidly deploy encryption – Akira Ransomware
Threat actors impersonating the Medusa gang tried to recruit a BBC reporter to facilitate a media giant breach, illustrating social engineering and insider-risk tactics – Medusa Attempt
A major breach exploiting compromised Citrix credentials exposed employee data at FEMA and CBP, prompting IT leadership dismissals and concern over government infrastructure security – FEMA/CBP Breach
Cyberattack on Jaguar Land Rover led the UK government to back recovery with a £1.5 billion loan guarantee after operational disruption and alleged data theft by groups tied to Scattered Lapsus$ Hunters/ScatteredSpider – JLR Support, JLR Attack

State-backed Espionage & Phishing

New phishing infrastructure linked to Iran’s APT35 impersonates video-conferencing services to target high-value victims, with fresh IPs, domains and TTPs detailed by CTI researchers – APT35 Campaign
Two Dutch teens face charges for alleged spying on behalf of pro-Russian actors after attempts to intercept Wi‑Fi near European institutions, highlighting proxy recruitment by state-linked groups – Dutch WiFi Sniffer

Supply Chain & Open Source

A malicious npm package impersonating Postmark’s MCP server exfiltrated thousands of emails daily via a one-line backdoor, underscoring supply-chain risks in OSS ecosystems – Fake Postmark

Crypto Crime & Enforcement

UK authorities secured the world’s largest cryptocurrency seizure and convicted the so-called Bitcoin Queen, tied to fraud laundering billions in Bitcoin (reported values ~£5.5 billion / nearly $7 billion) after international investigations – Bitcoin Queen, UK Seizure, Seizure Guilty Plea

Law, Policy & Guidance

The Cybersecurity Information Sharing Act (CISA) faces potential expiration, raising concerns about the future of protected threat intelligence sharing and liability shields – CISA Status
Seven national cyber authorities issued new OT security guidance emphasizing asset inventories, third-party risk management and operational controls to protect critical infrastructure – OT Guidance
The FTC sued the Sendit app for illegally collecting data from children under 13 and deceptive subscription practices violating COPPA and consumer protection laws – Sendit FTC Suit
European watchdog noyb filed a complaint against Lithuanian data broker Whitebridge AI over allegedly illegal, inaccurate “reputation reports” and GDPR violations – Whitebridge Complaint

Arrests & Crime Takedowns

A pan-African operation arrested 260 suspected cybercriminals across 14 countries in a crackdown on romance scams and sextortion, seizing over 1,200 devices with INTERPOL support – Operation Contender

Events, Startups & Funding

Black Hat’s CISO Podcast episode on moving from IGA to Identity Automation is live, discussing dynamic, automated identity management for cloud-first environments – CISO Podcast
Call for presentations is open for the 2025 CISO Forum Virtual Summit through Oct 10, 2025, targeting CISOs and expecting ~2,500 global attendees – CISO Forum CFP
Mondoo raised an additional $17.5 million in a Series A extension to expand its vulnerability management platform, bringing total funding to over $32 million – Mondoo Funding
Startup SafeHill emerged from stealth with $2.6 million pre-seed to launch its threat exposure management product SecureIQ combining AI and human validation – SafeHill Launch

Cybersecurity News | Daily Recap – hendryadrian.com