Daily Security Briefing 011

September 15, 2025 | Read Online

WhatsApp security lawsuit, Pro-Russian cyberattacks on global industries, Remote access via RMM phishing campaigns…

Executive Summary

Cybersecurity concerns are intensifying as high-profile lawsuits and state-aligned cyber operations emerge. A whistleblower lawsuit accuses WhatsApp’s parent company of security negligence affecting hundreds of thousands of users daily. Pro-Russian hacker groups continue to escalate sophisticated attacks against critical industries worldwide amid geopolitical tensions. Meanwhile, attackers are innovating phishing techniques by leveraging trusted IT tools for persistent remote access. Organizations must also prepare for imminent end-of-support deadlines for legacy Microsoft Exchange servers, which could increase exposure risks. The evolving threat landscape highlights the urgency of proactive defense and modernized security operations.

Top Articles

Lawsuit About WhatsApp Security
Former WhatsApp security chief Attaullah Baig filed a whistleblower lawsuit claiming Facebook ignored numerous security flaws, violating a 2019 FTC settlement. The suit alleges that roughly 100,000 WhatsApp accounts were compromised daily in 2022, raising serious concerns over user data protection and corporate accountability. Legal action centers on violations of the Sarbanes-Oxley Act’s whistleblower protection provisions.
Schneier.com

Global Industries Face Escalating Cyber Assaults from Pro-Russian Hackers
Pro-Russian hacker group SectorJ149 (aka UAC-0050) has intensified cyberattacks targeting South Korea’s manufacturing, energy, and semiconductor sectors. These operations utilize customized malware to disrupt critical industries as the Russia-Ukraine conflict persists, underscoring cyberspace as a continuing battleground affecting global supply chains and national infrastructure.
CyberPress

Phishing Campaigns Exploit RMM Tools to Sustain Remote Access
Attackers are deploying Remote Monitoring and Management (RMM) tools such as ITarian, PDQ Connect, and SimpleHelp in phishing campaigns to establish persistent remote access on victim machines. By masking malicious files as genuine browser updates and official invitations, adversaries exploit user trust in IT administration software, enabling stealthy long-term intrusions.
GBHackers

Check Point Named a Leader in IDC MarketScape Report for Enterprise Hybrid Firewalls
Check Point has been recognized as a Leader in the 2025 IDC MarketScape Report for Worldwide Enterprise Hybrid Firewalls, reflecting its advanced hybrid mesh firewall capabilities and commitment to simplifying security operations at scale. The global firewall market reached $12.3 billion in 2024, highlighting increasing demand for robust network defenses.
Checkpoint.com

Sidewinder Hackers Weaponize Nepal Protests to Distribute Malware
The APT group Sidewinder is exploiting ongoing Nepal protests to deliver cross-platform mobile and Windows malware alongside credential phishing. By impersonating trusted national institutions and key figures, they aim to collect sensitive data from users following political events in the region, demonstrating how geopolitical unrest is leveraged for cyber espionage.
GBHackers

Mustang Panda Deploys SnakeDisk USB Worm Delivering Yokai Backdoor in Thailand
Mustang Panda has released an updated backdoor (TONESHELL) and a new USB worm named SnakeDisk that specifically targets devices with Thailand IP addresses. The worm propagates via USB and installs the Yokai backdoor, illustrating enhanced regional targeting by Chinese-aligned threat actors using novel infection methods.
TheHackerNews

Rise of SEO Poisoning: Malicious Sites Target Windows Users with Weaponized Downloads
FortiGuard Labs uncovered a large-scale SEO poisoning operation mainly targeting Chinese-speaking Windows users by manipulating search engine rankings and using lookalike software domains. This campaign delivers malware such as Hiddengh0st and modified Winos variants through fraudulent sites, highlighting growing threats from SEO abuse for malware distribution.
CyberPress

Google Confirms Hackers Gained Access to Law Enforcement Portal
Google acknowledged that hackers created a fraudulent account within its Law Enforcement Request System (LERS), a platform used for submitting official data requests. This breach raises serious questions about the security of platforms handling sensitive law enforcement information and the risks of unauthorized access.
BleepingComputer

6 Browser-Based Attacks Security Teams Must Prepare For
Browser-based attacks are surging, with attackers targeting browser vulnerabilities and user interactions to bypass traditional defenses. This article outlines six key attack types affecting web browsers today and explains why these vectors are increasingly effective, emphasizing the need for security teams to implement mitigations focused on web client risks.
TheHackerNews

Microsoft: Exchange 2016 and 2019 Reach End of Support in 30 Days
Microsoft has issued a reminder that extended support for Exchange 2016 and 2019 will end next month. Organizations are urged to decommission outdated servers or migrate to newer versions to avoid unpatched vulnerabilities that could be exploited by attackers targeting legacy mail infrastructure.
BleepingComputer

15th September – Threat Intelligence Report
Check Point Research’s latest bulletin highlights key cyber incidents including a ransomware attack on Panama’s Ministry of Economy and Finance, resulting in over 1.5TB of critical data theft. The report provides detailed insights into recent attack methods and threat actor behaviors observed during the week of September 15th.
Checkpoint Research

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.