Daily Security Briefing 015

September 19, 2025 | Read Online\n\nSpyware investment surges, Ivanti mobile vulnerabilities exploited, Russian hackers deploy Kazuar backdoor…\n\n—\n\n## Executive Summary\n\nToday’s cybersecurity landscape highlights increasing complexities in both state-sponsored and criminal cyber operations. The spyware market shows significant growth in U.S.-based investments, reflecting heightened interest in surveillance technology. Meanwhile, critical vulnerabilities in Ivanti Endpoint Manager Mobile have been actively exploited to deploy sophisticated malware, prompting urgent alerts from CISA. Russian hacking groups Gamaredon and Turla continue coordinated efforts against Ukrainian organizations, emphasizing persistent geopolitical cyber conflict. Additionally, significant threats have emerged targeting telecom providers, major web platforms, and the booming NFT ecosystem, underscoring the broad attack surface security teams must defend.\n\n—\n\n## Top Articles\n\nSurveying the Global Spyware Market \nThe Atlantic Council’s second annual report, “Mythical Beasts,” reveals a notable increase in U.S.-based investors participating in the global spyware market compared to last year. The detailed report dives deep into surveillance technologies, providing insights into market dynamics and emerging trends in spyware development and deployment. \nBruce Schneier\n\nCISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware \nCyber adversaries have weaponized two critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to deploy multi-component loaders designed to inject code and maintain persistence mainly on Apache Tomcat servers. CISA has issued warnings following evidence of increasingly sophisticated malware leveraging these flaws for ongoing attacks. \nGBHackers | BleepingComputer\n\nRussian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor \nGamaredon and Turla, linked to Russia’s FSB, have demonstrated unprecedented coordination in cyberattacks targeting Ukrainian entities. Their operations deploy the advanced Kazuar backdoor, allowing stealthy remote access and espionage, signifying continued geopolitical cyber tensions. \nGBHackers\n\nDon’t Get Rekt: The NFT Security Handbook That Could Save Your Digital Fortune \nThe burgeoning NFT market faces rising security risks where poor wallet permissions or malicious smart contracts can result in total asset loss. This handbook outlines common attack vectors and best practices to protect users from NFT theft and fraud. \nCheckpoint\n\nTop 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025 \nThis guide evaluates leading SOAR solutions designed to enhance security teams’ incident response capabilities by automating workflows and reducing alert fatigue, helping organizations stay ahead of growing cyber threats. \nCyberPress\n\nCritical Flaw in HubSpot Jinjava Engine Allows RCE Across Thousands of Websites \nA severe vulnerability in HubSpot’s Jinjava templating engine enables attackers to bypass sandbox controls and execute arbitrary code remotely. The flaw arises from insecure deserialization, threatening thousands of websites relying on Jinjava. Prompt remediation is critical. \nCyberPress\n\nUNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware \nIran-linked espionage group UNC1549 has compromised 34 devices across 11 European telecom companies by leveraging LinkedIn recruitment-themed lures and deploying MINIBIKE malware for reconnaissance and data theft. The campaign highlights continuing targeted threats to telecom infrastructure. \nTheHackerNews\n\nSystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers \nSystemBC malware fuels REM Proxy, an extensive network averaging 1,500 VPS daily victims spanning 80 command-and-control servers. This botnet supports a large proxy pool, including hijacked MikroTik routers and open proxies, posing serious risks to internet security. \nTheHackerNews\n\nMicrosoft starts rolling out Gaming Copilot on Windows 11 PCs \nMicrosoft has initiated the beta rollout of Gaming Copilot, an AI-powered assistant on Windows 11 aimed at providing real-time game guidance and optimization. The feature is currently available for users over 18, excluding mainland China residents. \nBleepingComputer\n\nA Conversation With Grant Lee CO-Founder & CEO At Gamma \nGrant Lee, CEO of Gamma, discusses how their AI-driven platform reshapes presentations by focusing first on storytelling rather than slides, automating visual and structural elements to enhance impact and clarity. \nOmny

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.