A China-backed APT group, assessed as likely Flax Typhoon, maintained year-long access to a self-hosted ArcGIS server by converting a legitimate Java Server Object Extension (SOE) into a gated web shell and embedding it in backups to survive recovery. The attackers also deployed a renamed SoftEther VPN executable as a persistent service to create a VPN bridge for lateral movement and C2, enabling credential harvesting and internal scanning. #FlaxTyphoon #ArcGIS #SoftEtherVPN
Tag: DARK WEB
A threat actor has leaked a large database of over 20,000 records from Lüks Artvin Seyahat, revealing sensitive customer information. This breach exposes personally identifiable information such as names, addresses, phone numbers, and Turkish National ID numbers. #LüksArtvinSeyahat #DataBreach…
An alleged data breach involving the Fiscalía General del Estado has raised concerns about the security of sensitive government information. The breach appears to include unredacted PII, emphasizing the importance of strengthening cybersecurity measures for public institutions. #FiscalíaGeneralDelEstado #DataBreach #PII…
The alleged data breach of Teknobuilt has raised concerns over the security of its sensitive information. The incident highlights vulnerabilities that could potentially impact client and company data. #Teknobuilt #DataBreach…
U.S. identity data, including Fullz, SSN, Driver’s License, and EIN, are being sold on a popular online forum. This widespread data exchange poses significant risks to individuals and organizations. #DataTheft #IdentityFraud…
![Cybersecurity News | Daily Recap [15 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [15 Oct 2025]")
Daily Recap, A wide range of breaches and vulnerabilities hit multiple sectors, from Mango and Qantas data exposures to major patch Tuesday updates addressing zero-days and high-severity flaws across vendors like Adobe, Fortinet, Ivanti, SAP, and Oracle. The report also notes ongoing malware threats such as VSCode crypto-stealers, pixnapping MFA attacks, SonicWall SSLVPN credential exploits, and passkey bypass techniques, with industry moves including LevelBlue acquiring Cybereason and HyperBunker advancing anti-ransomware solutions. #MANGO #Qantas #AsahiAttack #5CA #CapitaFine #NYFines #IndianaRansom #PatchTuesday #ZeroDays #BIG-IP #AdobeUpdate #F5Breach #OracleFix #ICS PatchTuesday #CVEDispute #VSCodeExtensions #Pixnapping #SonicWallAttacks #Passkeys #China #TaiwanSurge #ArcGISBackdoor #HyperBunker #Cybereason #NDR #RokuSuit #CaliforniaLaws #USDOJ
Enterprise networks are vulnerable to dark web threats such as C2 activity, data exfiltration, and anonymization services. Implementing Network Detection and Response (NDR) with strategic monitoring and threat intelligence enhances visibility and detection capabilities. #DarkWebThreats #NDR #Corelight
A threat actor claims to have stolen and leaked the source code of Teknobuilt, a partner of Oracle involved in energy and construction projects, in October 2025. The breach exposes proprietary code, internal repositories, configurations, and third-party integrations, potentially impacting the company’s operations and security. #Teknobuilt #Oracle #SupplyChainManagement #PaymentGateways…
The Killsec ransomware group has successfully breached Global Go, a major Peruvian motorcycle financing company, and added its data to their dark web leak site. The attack involved sensitive customer and corporate information, including personal IDs, legal documents, and financial records. #Killsec #GlobalGo #RansomwareAttack #DarkWebLeak…
The Qilin ransomware group has announced breaches of 54 organizations worldwide, targeting various sectors including legal, automotive, healthcare, and government. The targeted organizations include law firms, educational institutions, manufacturing companies, and local governments. #QilinRansomware #DarkWebLeak…
A threat actor claims to have compromised Trans7, a major Indonesian TV station, revealing a 1.1GB database of sensitive personal data. The breach threatens to expose extensive PII unless demands are met. #Trans7 #DataBreach…
Cyble CRIL observed a resurgence of Android malware campaigns impersonating the Indian mParivahan RTO app to steal banking credentials, exfiltrate SMS messages, and perform cryptocurrency mining while registering devices via a Telegram bot. The campaign uses multi-stage droppers, ZIP header manipulation, native .so packers, and phishing pages to harvest UPI PINs and OTPs. #GhostBatRAT #mParivahan
Supply chain attacks exploit trusted vendors, contractors, and third-party services to bypass internal defenses and can cascade into widespread disruption, as seen in incidents like SolarWinds, MOVEit, and the CrowdStrike Linux outage. Continuous, intelligence-led monitoring and integration of external threat intelligence are essential to replace static audits and enable proactive, risk-driven vendor protection. #SolarWinds #MOVEit #CrowdStrike
Taiwan’s national security agencies warn of increased Chinese cyberattacks and disinformation campaigns aimed at destabilizing the Taiwanese government and public trust. The campaign involves sophisticated influence operations using AI-generated content and a coordinated effort by China’s military and intelligence agencies. #ChinaCyberattacks #DisinformationCampaigns…
A webinar from ANY.RUN detailed evolving malware and phishing techniques—ClickFix, QR-code-enabled PhishKits (e.g., Tycoon2FA), and LOLBin abuse in DeerStealer—demonstrating why interactive sandboxing, automation, and fresh threat intelligence are critical for SOC detection and response. #ClickFix #Tycoon2FA #DeerStealer…