October saw rapid evolution of phishing and ransomware campaigns that increasingly abused legitimate cloud services (Figma, ClickUp, Salesforce, Azure Blob Storage) and layered CAPTCHAs and redirects to evade detection, with new toolsets like TyKit and LockBit 5.0 expanding impact to Microsoft 365 accounts, ESXi, and Linux systems. #TyKit #LockBit5 #Figma #ClickUp…
Tag: CRITICAL INFRASTRUCTURE
Privileged access is the primary pathway attackers use to achieve high-impact compromises, and protecting both human and non-human privileged identities across on-premises and cloud environments is essential. Mandiant recommends a defense-in-depth PAM strategy—tiering, least privilege, PAWs, MFA, secrets management, detection (high-fidelity session telemetry and anomaly analytics), and practiced response including coordinated credential rotation—to reduce dwell time and blast radius. #Mandiant #GoogleSecOps
Agentic AI is emerging as a transformative layer in cybersecurity, enabling autonomous detection, decision-making, and action to drastically reduce response times and shift humans into oversight and strategy roles. The META region faces rising, AI-augmented threats and operational urgency, prompting industry discussions like Cyble’s webinar on Oct 29, 2025 to explore responsible adoption. #AgenticAI #Cyble
![Cybersecurity News | Daily Recap [28 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [28 Oct 2025]")
Daily Recap, The week highlights new Android malware like Herodotus and Baohuo, a Chrome zero-day delivering Memento Labs/LeetAgent spyware, and SideWinder shifting to a PDF/ClickOnce chain targeting South Asian diplomacy with StealerBot. These items underscore evolving threat techniques across APTs, ransomware, and supply-chain incidents—watch for updates on Xortec, Dublin Airport data, and Oracle-related vulnerabilities. #Herodotus #Baohuo #MementoLabs #LeetAgent #SideWinder #StealerBot #Xortec #DublinAirport #OracleHack
Iran’s Ravin Academy, a training center for cyberattackers linked to the Iranian government, experienced a data breach exposing personal information of its associates and students. The attack was part of broader geopolitical tensions, with implications for Iran’s cyber operations and international sanctions. #YellowNix #MuddyWater…
A new vulnerability in OpenAI’s ChatGPT Atlas browser allows attackers to inject malicious instructions into the AI’s memory, leading to potential code execution and account compromise. This security flaw exploits a CSRF attack, with significant risks due to the persistence of tainted memories across sessions and devices. #ChatGPTAtlas #CSRF #MemoryTampering…
The Safepay ransomware group claimed responsibility for hacking German security provider Xortec, posing risks to the security supply chain. The attack could lead to backdoored hardware, compromised client data, and disruptions in critical sectors. #Safepay #Xortec #ransomware #cyberattack #supplychainsecurity…
Svenska kraftnät reported a cyberattack, but no impact on the electrical system has been confirmed. The incident, claimed by threat actor Everest, prompted an investigation by relevant authorities. #Everest #SvenskaKraftnät
ESET observed a new wave of Operation DreamJob attributed to Lazarus targeting European defense and UAV-related companies using trojanized open-source projects and the ScoringMathTea RAT to steal proprietary information and manufacturing know-how. The campaign used DLL side-loading, reflective loading, and compromised WordPress sites for C2 infrastructure, suggesting a link to North Korea’s effort to scale up its drone program. #ScoringMathTea #Lazarus
Trend Research reported that the Agenda (Qilin) ransomware group deployed a Linux-based ransomware binary on Windows hosts by abusing legitimate remote management and file-transfer tools (WinSCP and Splashtop), combined with BYOVD techniques and targeted theft of Veeam backup credentials. The campaign used fake Cloudflare R2-hosted CAPTCHA pages, SOCKS proxy backdoors, and…
Cybersecurity researchers have uncovered a phishing campaign attributed to the Iran-linked threat group MuddyWater, targeting international organizations to gather intelligence. The attack used compromised email accounts and malware like Phoenix v4, alongside remote monitoring tools, to infiltrate high-value targets. #MuddyWater #PhoenixBackdoor…
The Microsoft Digital Defense Report 2025 highlights a shift toward financially motivated cyberattacks, with extortion and ransomware comprising over half of known motives. The report emphasizes the importance of integrated cybersecurity strategies and regional awareness, especially in Southeast Europe. #Ransomware #Cybercrime #MicrosoftDigitalDefense2025…
Operation Endgame (May 2024–May 2025) triggered multinational takedowns targeting loaders, botnets, and cash-out services, prompting selective Russian domestic enforcement that dismantled monetization nodes (e.g., Cryptex, UAPS) while higher-value ransomware operators with alleged intelligence ties (e.g., Conti, Trickbot) largely remained insulated. The resulting trust erosion in the underground drove tighter OPSEC, closed affiliate recruitment, rebrands, and decentralization as attackers adapted to sustained Western pressure and a conditional Russian “politics of protection.” #OperationEndgame #Cryptex #Conti #Trickbot
A Morocco-based financially motivated group tracked as CL-CRI-1032 (overlapping with Atlas Lion/STORM-0539) runs the Jingle Thief campaign, using phishing and smishing to steal Microsoft 365 credentials and carry out large-scale gift card fraud by abusing cloud services. Their tactics include tailored phishing, inbox rules for silent exfiltration, device/Authenticator registration in Entra…
Incransom has claimed a ransomware attack targeting Kumwell, a company dedicated to providing safety and security systems such as grounding, lightning, and surge protection across various critical infrastructure sectors. The attack potentially jeopardizes safety systems in countries including Thailand, China, India, Saudi Arabia, United Arab Emirates, Malaysia, Philippines, Vietnam, and Indonesia.