A hacktivist group called TwoNet shifted from launching DDoS attacks to targeting critical infrastructure, including a fake water treatment facility used as a honeypot. Their activities reveal an evolving threat landscape where cybercriminals engage in both hacktivism and operational technology (OT) attacks. #TwoNet #CVE2021-26829
Tag: CRITICAL INFRASTRUCTURE
The article discusses the evolving security landscape of modern cloud workspaces, highlighting recent incidents like the Salesloft/Drift breach which exploited trusted integrations and OAuth tokens. It emphasizes the need for a comprehensive approach that includes detection, containment, and content-level protections to defend against token-based attacks. #Salesloft #Drift #OAuth #CloudWorkspaceSecurity #TokenAbuse
Hafnium (aka Silk Typhoon / MURKY PANDA) is a China-linked APT that conducts global cyber espionage against governments, research, and critical infrastructure using exploits (including CVE-2020-0688 and CVE-2021-26855), cloud credential abuse, supply-chain tactics, and a multi-tier contracting model of private firms. Recent campaigns show SharePoint exploitation, SEO poisoning, IoT and supply-chain targeting, and deployment of tools/malware such as Covenant, China Chopper, Tarrask, PlugX, and Whitebird. #Hafnium #CVE-2020-0688 #CVE-2021-26855 #Tarrask #PlugX #Whitebird
![Cybersecurity News | Daily Recap [07 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [07 Oct 2025]")
Daily Recap, Researchers disclosed a 13-year Redis vulnerability (CVE-2025-49844) that could allow sandbox escapes and native code execution, impacting about 330,000 instances. The month-round of patches includes OpenSSL in Zabbix Agent, Unity CVE-2025-59489, Y2K38 time manipulation risks, and Microsoft tightening Windows 11 setup flows, with Copilot issues in Office apps.
#Redis #Unity #Zabbix-Agent #Y2K38 #Windows11 #Copilot
CloudSEK analyzed a leaked dataset of Charming Kitten (APT35) operational materials showing Persian-language internal documents, personnel rosters, tooling details, and campaign reports that document coordinated teams for penetration, malware development, social engineering, infrastructure compromise, and rapid exploitation of CVE-2024-1709. The disclosure details long-term persistence, Active Directory domination, extensive exfiltration across government, legal, academic, aviation, energy, and financial sectors in the Middle East and beyond, highlighting IRGC-affiliated organized espionage and supply-chain risk. #CVE-2024-1709 #CharmingKitten
Cybercriminals exploited a deserialization vulnerability in Fortra’s GoAnywhere MFT to deploy Medusa ransomware, using it as a pivot into targeted networks. The attack, attributed to Storm-1175, highlights risks associated with file transfer infrastructure and remote access tools. #CVE202510035 #Storm1175…
Hackers can exploit the Year 2036 and 2038 bugs today through time manipulation techniques, causing potential system failures and cybersecurity breaches. These vulnerabilities threaten critical infrastructure, connected devices, and security systems, requiring urgent awareness and mitigation efforts. #Y2K38 #Epochalypse…
Cybercriminal group Storm-1175 exploited a critical vulnerability in Fortra’s GoAnywhere to deploy Medusa ransomware, affecting over 300 organizations across various sectors. Authorities advise urgent patching and raise concerns about prolonged silent attacks and potential data breaches. #CVE202510035 #MedusaRansomware…
A cybercrime group, Storm-1175, has been exploiting a severe vulnerability in GoAnywhere MFT to launch Medusa ransomware attacks since September 2025. Organizations need to urgently update their systems and monitor for suspicious activity related to this zero-day flaw. #GoAnywhereMFT #MedusaRansomware
Thegentlemen threatened the 2GO Group, a major Philippine logistics provider, with ransomware attacks potentially disrupting their extensive transportation and logistics operations across the Philippines. The threat highlights the ongoing cybersecurity risks faced by critical infrastructure in the Philippines. #Philippines
A cyberattack on Shamir Medical Center exposed sensitive patient email data but did not compromise its core medical record system. The Russian-speaking group Qilin claims responsibility, demanding ransom and threatening to release stolen data. #Qilin #ShamirMedicalCenter #IsraeliHospitals #Cyberattack…
This report highlights a significant vulnerability in Festo control devices allowing remote, unauthenticated access that could lead to a denial of service. Mitigations include limiting network access and updating affected products to newer versions. #FestoVulnerability #CVE-2022-3079…
Canadian airline WestJet experienced a cyberattack in June 2025 that resulted in the theft of personal data from approximately 1.2 million customers. The company is offering two years of free monitoring and identity theft protection to affected individuals. #WestJet #DataBreach #Cyberattack #IdentityTheftProtection…
A Chinese state-sponsored hacking group called Phantom Taurus has been conducting covert espionage operations targeting government and telecom organizations worldwide. The group uses unique malware families like Specter, Net-Star, and Ntospy, leveraging shared infrastructure to evade detection. #PhantomTaurus #ChineseApt…
Daily Recap, A roundup of vulnerabilities, AI threats, ransomware incidents, and policy developments shaping the cybersecurity landscape, including Critical CVE-2025-43400 fixes, Gemini AI risks, ransomware activity against Asahi, and state-backed phishing campaigns. The report highlights supply chain exposure from an npm package, notable enforcement actions like the Bitcoin Queen seizure, and ongoing OT guidance from national authorities. #CVE-2025-43400 #GeminiAI #ASLRBypass #AsahiOutage #MedusaRansomware #FEMACBP breach #JLRAttack #APT35 #BitcoinQueen #CISA