InfoSec News 20251001
Top News
-
Smishing Campaigns Exploit Cellular Routers to Target Belgium
A newly identified wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers. According to research by Sekoia.io’s Threat Detection & Research (TDR) team, the routers’ APIs were abused to send phishing text messages – a tactic that has repeatedly targeted Belgian users by impersonating official government services.
https://www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/?&web_view=true
TLP1 : Green
-
New MatrixPDF toolkit turns PDFs into phishing and malware lures
A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads.
TLP1 : Green
-
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. The flaws, tracked as CVE-2025-20333 and CVE-2025-20362, enable arbitrary code execution and access to restricted URL endpoints associated with VPN access. Both security issues can be exploited remotely without authentication.
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
WestJet confirms cyberattack exposed IDs, passports in June incident
WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs.
TLP1 : Green
-
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT.
https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html
Breaches: Data Breaches and Hacks
-
Allianz Life says July data breach impacts 1.5 million people
Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework
Google Project Zero has revealed a new technique capable of bypassing Address Space Layout Randomization (ASLR) protections on Apple devices.
https://thecyberexpress.com/project-zero-exposes-aslr-bypass/?&web_view=true
TLP1 : Green
-
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024.
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable low-privileged attackers to elevate their permissions to full cluster administrator and compromise the entire platform.
https://cybersecuritynews.com/red-hat-openshift-ai-service-vulnerability/#google_vignette
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
New DNS Malware Detour Dog Delivers Strela Stealer Using DNS TXT Records
A sophisticated DNS-based malware campaign has emerged, utilizing thousands of compromised websites worldwide to deliver the Strela Stealer information-stealing malware through an unprecedented technique involving DNS TXT records.
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.