Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer
New research from Infoblox Threat Intel has revealed that an established, persistent group of cybercriminals, Detour Dog, has been silently…
New China-Aligned Hackers Hit State and Telecom Sectors
A newly identified cyber espionage group has been targeting government and telecommunications organizations across Africa, the Middle East and…
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called…
Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access
The of the open-source software supply chain was once again tested when JFrog’s research team uncovered a malicious package on PyPI. The…
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and…
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously…
China-linked RedNovember Campaign Shows Importance of Patching Edge Devices
A long-running threat campaign linked to a Chinese state-sponsored cyber-espionage group highlights the importance of patching and protecting…
New TamperedChef Malware Leverages Productivity Tools to Gain Access and Exfiltrate Sensitive Data
A sophisticated malware campaign has emerged that weaponizes seemingly legitimate productivity tools to infiltrate systems and steal sensitive…
Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden…
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted…
RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms
A new report from Recorded Future’s Insikt Group reveals that the Chinese state-sponsored threat group RedNovember has significantly…
Morte Botnet Unveiled: A Rapidly Growing Loader-as-a-Service Campaign Exploiting Routers and Enterprise Apps
Researchers at CloudSEK Threat Intelligence (TRIAD) have exposed a sophisticated botnet operation that systematically compromises SOHO…
Prompt Injection and Model Poisoning: The New Plagues of AI Security
You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This is the…
Cybersecurity Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the…
Fake Microsoft Teams installers push Oyster malware via malvertising
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect…
China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign…
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June…
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to…
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in…
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed…
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands…
Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed…
Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks
A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been…
Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt…
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security…
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have…
Malicious AI Agent Server Reportedly Steals Emails
A popular Model Context Protocol (MCP) server used to deploy AI agents has turned malicious in one of its latest updates, according to Koi…
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented…
Chinese Hackers Use 'BRICKSTORM' Backdoor to Breach US Firms
Chinese cyber threat actors are suspected of deploying a recently identified backdoor to get a foothold into the systems of US organizations…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!
Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE Software, tracked as CVE-2025-20352 with a CVSS score of…
Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access
Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by manipulating…
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning…
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the…
Google warns China-linked spies lurking in 'numerous' enterprises since March
Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the…
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and…
SonicWall releases rootkit-busting firmware update following wave of attacks
SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting…
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could…