Daily Security Briefing 021

DjediTech
Security , Newsletter
September 25, 2025

Table of Contents

September 25, 2025 | Read Online

Quantum-safe cryptography, Chinese state hackers infiltrate telecoms, Cisco zero-day exploits, FIFA 2026 threat prep…

Executive Summary

The cybersecurity landscape today is marked by growing concerns of future quantum threats and intensified state-sponsored espionage. Chinese hacker groups continue to target global telecommunications and government sectors with advanced persistent campaigns. Alongside these sophisticated attacks, emergent zero-day vulnerabilities in Cisco products are actively being exploited, prompting emergency directives for patching. Meanwhile, threat actors are already gearing up for the 2026 FIFA World Cup with deceptive campaigns. These developments underscore the critical need for proactive defenses and awareness as both technology and threat tactics rapidly evolve.

Top Articles

Quantum-Safe Cyber Security: Current Capabilities and the Road Ahead
Quantum computing promises to break many current encryption methods securing VPNs, TLS, and digital identities. This creates an immediate threat called “harvest now, decrypt later,” where attackers collect encrypted data now to decrypt when quantum resources are available. The article explores the current state of quantum-safe cryptographic research and the challenges ahead in deploying these next-generation protections.
Checkpoint

Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
The Salt Typhoon APT group, aligned with China’s Ministry of State Security, continues deep espionage on global telecom networks. Active since at least 2019, they exploit network edge devices to maintain persistent access and exfiltrate sensitive metadata and signals intelligence. This campaign reflects a sustained effort targeting critical communications infrastructure worldwide.
GBHackers | CyberPress

Playing Offside: How Threat Actors Are Warming Up for FIFA 2026
With the 2026 FIFA World Cup approaching, cybercriminals are already registering thousands of deceptive domains and scams. These threat actors aim to exploit the event’s massive global audience through phishing, malware, and fraudulent sponsorship schemes. The report highlights the early tactics being deployed and warns organizations to prepare defenses around this major sporting event.
Checkpoint

RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor
The Chinese state-sponsored RedNovember group, linked to the TAG-100 campaign, has intensified its cyber-espionage efforts against governmental and technology sectors. Using a Go-based backdoor called Pantegana, the group has expanded operations targeting perimeter devices to establish long-term access and data exfiltration capabilities.
GBHackers

Hackers Use AI Generated Code to Hide Malicious Payloads from Traditional Defenses
A recent sophisticated phishing campaign exploited AI-generated code obfuscation to bypass traditional email security solutions. Attackers used compromised small-business email accounts and personalized techniques to mask real targets, delivering weaponized attachments disguised as file-sharing notifications. This showcases the increasing use of AI in evading conventional security controls.
CyberPress

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco has disclosed two critical zero-day vulnerabilities in its Secure Firewall ASA and FTD products that are actively exploited in the wild. The flaws, including a high severity input validation bug, have prompted CISA to issue an emergency directive urging immediate patching to prevent further compromise of VPN web servers.
TheHackerNews

Cisco Uncovers New SNMP Vulnerability Used in Attacks on IOS Devices
Cisco also revealed a critical flaw (CVE-2025-20352) affecting IOS and IOS XE devices’ SNMP subsystem, which is currently exploited in active attacks. The vulnerability allows attackers to compromise core network operating systems, underscoring the urgent need for network operators to update their infrastructure promptly.
CyberScoop

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
This bulletin summarizes recent important cybersecurity events, including a rootkit vulnerability patch, breaches affecting federal agencies, personal data leaks via OnePlus SMS, and ongoing investigations into TikTok’s data handling practices. It serves as a quick digest of today’s assorted security headlines.
TheHackerNews

Amazon Pays $2.5 Billion to Settle Prime Memberships Lawsuit
Amazon agreed to a $2.5 billion settlement with the FTC over allegations that it used dark patterns to trick millions into enrolling in Prime memberships and making cancellations difficult. This settlement highlights regulatory focus on deceptive online subscription practices.
BleepingComputer

Co-op Says It Lost $107 Million After Scattered Spider Attack
The UK’s Co-operative Group reported a significant $107 million loss in operating profit during H1 2025 due to a cyberattack attributed to the Scattered Spider threat actor. The attack disrupted operations and caused substantial financial damage, demonstrating the continuing impact of ransomware and cyber intrusion campaigns on enterprises.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.

Tags :

comments powered by Disqus

Daily Security Briefing 016

September 20, 2025 | Read Online\n\nRussian botnet exploits DNS flaws, Canadian crypto exchange seized, GPT-4 malware emerges\n\n—\n\n## Executive Summary\n\nCybersecurity threats continue to evolve with sophisticated attacks exploiting overlooked infrastructure and emerging technologies. Researchers uncovered a Russian botnet that leverages simple DNS misconfigurations to launch global malware campaigns via compromised routers. Law enforcement in Canada dismantled a major criminal cryptocurrency exchange, seizing $40 million in illicit funds. Meanwhile, malware incorporating GPT-4 AI capabilities signals a new frontier in automated cyber attacks. Additional concerns raised include zero-click flaws exposing Gmail data and widespread macOS infections via fake repositories. Defensive measures and vigilance remain critical as attackers innovate rapidly.\n\n—\n\n## Top Articles\n\nNew Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack \nSecurity researchers revealed a large-scale Russian botnet operation abusing DNS misconfigurations and compromised MikroTik routers to distribute malware via extensive spam campaigns. By exploiting common DNS errors, the attackers bypassed email security filters, spreading malicious payloads globally since late 2024. This discovery underscores the risk posed by fundamental network misconfigurations in facilitating sophisticated cybercrime. \nGBHackers\n\nCanada Dismantles TradeOgre Exchange, Seizes $40 Million in Crypto \nThe Royal Canadian Mounted Police shut down the TradeOgre cryptocurrency exchange, confiscating over $40 million believed linked to criminal activity. This operation represents a significant crackdown on illicit crypto platforms facilitating money laundering and fraud. The seizure disrupts revenue streams for cybercriminals relying on unregulated exchanges to launder proceeds. \nBleepingComputer\n\nLastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer \nLastPass alerted the community to a widespread malware campaign targeting Apple macOS users through bogus GitHub repositories. These fake repositories trick users into downloading tools infected with the Atomic infostealer, which harvests sensitive information stealthily. The campaign highlights ongoing threats in software supply chains, especially within developer and open source ecosystems. \nTheHackerNews\n\nResearchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell \nA new malware variant named MalTerminal represents the earliest known example of malicious software embedding GPT-4 large language model capabilities. Presented at LABScon 2025, this AI-augmented malware autonomously generates ransomware and reverse shell commands, indicating a shift toward more adaptable and intelligent cyber threats. This raises significant concerns about the future sophistication of automated attacks. \nTheHackerNews\n\nShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent \nSecurity researchers disclosed ShadowLeak, a zero-click vulnerability in OpenAI’s ChatGPT Deep Research agent that allows attackers to exfiltrate Gmail inbox data simply by sending a crafted email. The flaw requires no interaction from the user and was responsibly disclosed and patched earlier this year. ShadowLeak demonstrates new risks emerging from AI-integrated cloud services handling sensitive user data. \nTheHackerNews\n\nEmad Mostaque on the End of Capitalism \nThought leader Emad Mostaque explores the potential transformations in global economic systems driven by emerging technologies and societal shifts. Though not focused on cybersecurity directly, the essay invites reflection on how digital disruption may impact the broader landscape of technology, governance, and economics. \nDanielMiessler\n\n—

Daily Security Briefing 015

September 19, 2025 | Read Online\n\nSpyware investment surges, Ivanti mobile vulnerabilities exploited, Russian hackers deploy Kazuar backdoor…\n\n—\n\n## Executive Summary\n\nToday’s cybersecurity landscape highlights increasing complexities in both state-sponsored and criminal cyber operations. The spyware market shows significant growth in U.S.-based investments, reflecting heightened interest in surveillance technology. Meanwhile, critical vulnerabilities in Ivanti Endpoint Manager Mobile have been actively exploited to deploy sophisticated malware, prompting urgent alerts from CISA. Russian hacking groups Gamaredon and Turla continue coordinated efforts against Ukrainian organizations, emphasizing persistent geopolitical cyber conflict. Additionally, significant threats have emerged targeting telecom providers, major web platforms, and the booming NFT ecosystem, underscoring the broad attack surface security teams must defend.\n\n—\n\n## Top Articles\n\nSurveying the Global Spyware Market \nThe Atlantic Council’s second annual report, “Mythical Beasts,” reveals a notable increase in U.S.-based investors participating in the global spyware market compared to last year. The detailed report dives deep into surveillance technologies, providing insights into market dynamics and emerging trends in spyware development and deployment. \nBruce Schneier\n\nCISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware \nCyber adversaries have weaponized two critical Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) to deploy multi-component loaders designed to inject code and maintain persistence mainly on Apache Tomcat servers. CISA has issued warnings following evidence of increasingly sophisticated malware leveraging these flaws for ongoing attacks. \nGBHackers | BleepingComputer\n\nRussian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor \nGamaredon and Turla, linked to Russia’s FSB, have demonstrated unprecedented coordination in cyberattacks targeting Ukrainian entities. Their operations deploy the advanced Kazuar backdoor, allowing stealthy remote access and espionage, signifying continued geopolitical cyber tensions. \nGBHackers\n\nDon’t Get Rekt: The NFT Security Handbook That Could Save Your Digital Fortune \nThe burgeoning NFT market faces rising security risks where poor wallet permissions or malicious smart contracts can result in total asset loss. This handbook outlines common attack vectors and best practices to protect users from NFT theft and fraud. \nCheckpoint\n\nTop 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025 \nThis guide evaluates leading SOAR solutions designed to enhance security teams’ incident response capabilities by automating workflows and reducing alert fatigue, helping organizations stay ahead of growing cyber threats. \nCyberPress\n\nCritical Flaw in HubSpot Jinjava Engine Allows RCE Across Thousands of Websites \nA severe vulnerability in HubSpot’s Jinjava templating engine enables attackers to bypass sandbox controls and execute arbitrary code remotely. The flaw arises from insecure deserialization, threatening thousands of websites relying on Jinjava. Prompt remediation is critical. \nCyberPress\n\nUNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware \nIran-linked espionage group UNC1549 has compromised 34 devices across 11 European telecom companies by leveraging LinkedIn recruitment-themed lures and deploying MINIBIKE malware for reconnaissance and data theft. The campaign highlights continuing targeted threats to telecom infrastructure. \nTheHackerNews\n\nSystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers \nSystemBC malware fuels REM Proxy, an extensive network averaging 1,500 VPS daily victims spanning 80 command-and-control servers. This botnet supports a large proxy pool, including hijacked MikroTik routers and open proxies, posing serious risks to internet security. \nTheHackerNews\n\nMicrosoft starts rolling out Gaming Copilot on Windows 11 PCs \nMicrosoft has initiated the beta rollout of Gaming Copilot, an AI-powered assistant on Windows 11 aimed at providing real-time game guidance and optimization. The feature is currently available for users over 18, excluding mainland China residents. \nBleepingComputer\n\nA Conversation With Grant Lee CO-Founder & CEO At Gamma \nGrant Lee, CEO of Gamma, discusses how their AI-driven platform reshapes presentations by focusing first on storytelling rather than slides, automating visual and structural elements to enhance impact and clarity. \nOmny

Daily Security Briefing 019

September 23, 2025 | Read Online Apple’s new memory integrity, npm QR code malware, and Russia’s cyberattacks on critical industries dominate today’s cybersecurity news.