Daily Recap, A new 8-byte write called RMPocalypse targets AMD SEV-SNP and an array of exploits including CVE-2025-61927 and a CL0P-linked Oracle EBS zero-day affecting Harvard, while threats persist across NTDS.dit credential harvesting and geo-mapping persistence. Threat actors also exploit SonicWall VPNs, mass RDP botnets target the US, and a UK rise in nationally significant attacks highlights evolving risk in critical infrastructure #RMPocalypse #CVE-2025-61927 #NTDSdit #OracleEBS #Harvard #SonicWall #RDPBotnet #UKAttacks
Tag: CRITICAL INFRASTRUCTURE
Supply chain attacks exploit trusted vendors, contractors, and third-party services to bypass internal defenses and can cascade into widespread disruption, as seen in incidents like SolarWinds, MOVEit, and the CrowdStrike Linux outage. Continuous, intelligence-led monitoring and integration of external threat intelligence are essential to replace static audits and enable proactive, risk-driven vendor protection. #SolarWinds #MOVEit #CrowdStrike
Taiwan’s national security agencies warn of increased Chinese cyberattacks and disinformation campaigns aimed at destabilizing the Taiwanese government and public trust. The campaign involves sophisticated influence operations using AI-generated content and a coordinated effort by China’s military and intelligence agencies. #ChinaCyberattacks #DisinformationCampaigns…
Chinese state hackers exploited a component in ArcGIS GIS software to remain undetected for over a year, using a web shell to access internal networks. They extended their malicious activities by deploying SoftEther VPN to maintain persistence and conduct lateral movement within the compromised environments. #FlaxTyphoon #ArcGIS #SoftEtherVPN #RaptorTrain
A China-backed APT (Flax Typhoon) maintained year-long access to an ArcGIS environment by converting a legitimate Java Server Object Extension (SOE) into a hardcoded-key gated web shell and embedding it in backups to survive recovery. The intruders also deployed a renamed SoftEther VPN executable as a service for persistent C2 and lateral access. #FlaxTyphoon #ArcGIS
![Cybersecurity News | Daily Recap [14 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [14 Oct 2025]")
Daily Recap, Australia launches CI Fortify program to bolster critical infrastructure security, and Oracle issues an emergency E-Business Suite patch tied to high-severity vulnerabilities and alleged Cl0p-style activity affecting Harvard. The week also highlights the RondoDox botnet, ChaosBot’s Discord-based C2, and Astaroth abusing GitHub for persistence, underscoring ongoing extortion and supply-chain concerns.
#CIFortify #RondoDox #ChaosBot #Astaroth #Harvard #Cl0p #Salesforce #Unity #TwoNet
SimonMed Imaging, a U.S. medical imaging provider, experienced a data breach exposing sensitive information of over 1.2 million individuals due to a cyberattack involving Medusa ransomware. The breach included potentially highly sensitive personal and medical data, and the company may have negotiated a ransom payment to hackers. #MedusaRansomware #SimonMedImaging
Qilin (aka Agenda) is a RaaS group that has targeted organizations globally since August 2022 using spear-phishing, double extortion, and a portable Go/Rust ransomware that encrypts files with AES-256 or ChaCha20 and appends RSA-encrypted key material to each file. The ransomware disables recovery (shadow copies, event logs, backup/DB services), uses argument-controlled…
Australia has introduced the CI Fortify framework to enhance cybersecurity for critical infrastructure, focusing on operational technology resilience. The initiative aims to help operators prevent disruptions caused by sophisticated cyberattacks from threat actors such as nation-states and cybercriminals. #Stuxnet #Industroyer…
Forescout Research has uncovered a new tactic by pro-Russian hacktivists, fabricating industrial attacks to boost their reputation, exemplified by the group TwoNet’s false claims of targeting critical water treatment systems. This escalation from web defacement and DDoS to actual OT/ICS interference signifies an increasing cyber-physical threat. #TwoNet #OTIntrusions…
A cyberattack has disrupted several online services in Sugar Land, Texas, prompting an investigation and highlighting ongoing municipal cybersecurity threats in 2025. Critical systems remain operational, but services like bill pay, permit scheduling, and the 311 contact center are impacted. #QilinRansomware #TexasMunicipalities #Cyberattack…
A pro-Russian hacker group called TwoNet infiltrated a honeypot designed to simulate critical infrastructure systems, illustrating the naivety of inexperienced hacktivists targeting OT and ICS. The incident emphasizes the blurred lines between propaganda and actual cyber operations and highlights ongoing threats to utilities and critical infrastructure. #TwoNet #Honeypot #OTThreats #CriticalInfrastructure…
Handala Hackers have breached the Delek System, demonstrating the vulnerability of Israel Fuel System and exposing the illusion of security provided by firewalls and encryption. This operation, titled Blackout, underscores the persistent threat posed by cyber adversaries in Israel, IL.
The Protecting America from Cyber Threats Act aims to renew critical cybersecurity protections that expired, fostering ongoing threat information sharing between private sectors and the federal government. This legislation builds on a decade-old framework credited with preventing major cyber incidents like SolarWinds and Volt Typhoon, while also addressing liability concerns for…
Daily Recap, A wave of breaches and extortion efforts hit third-party platforms, Telstra, SonicWall, and major organizations, alongside notable malware and phishing campaigns, while AI security funding and policy updates shape the threat landscape. The incidents span data leaks, zero-days, and credential abuse, with activity from groups like Qilin and Crimson Collective, and evolving attack techniques such as PureRAT chains and WordPress-driven ClickFix phishing.
#DiscordBreach #Telstra #SonicWall #QilinRansomware #CrimsonCollective #TwoNet #WordPress #AI Vulnerability