Daily Security Briefing 026

September 30, 2025 | Read Online

Google Careers phishing, Phantom Taurus espionage, Manufacturing sector under relentless attack…

Executive Summary

Cybercriminal activity continues to escalate with sophisticated phishing campaigns targeting job seekers and state-backed groups intensifying espionage operations globally. The manufacturing sector faces an unprecedented surge in ransomware and supply chain risks, exposing critical vulnerabilities. Meanwhile, advanced persistent threat (APT) groups such as Phantom Taurus and Patchwork refine their toolkits to maintain stealth and persistence. Notably, recent research highlights new cloud processor vulnerabilities and evolving mobile malware threats that could significantly impact enterprise security. Organizations must adopt proactive measures and comprehensive defenses to counter these emerging challenges.

Top Articles

Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations
This detailed guide analyzes attack methodologies used by UNC6040 and outlines proactive defense strategies specifically for SaaS platforms, especially Salesforce environments. It emphasizes comprehensive logging, advanced detection, and rigorous hardening measures to strengthen cloud service security.
Google Cloud

Details of a Scam
This personal account highlights common social engineering tactics used in scams involving spoofed customer service calls, emphasizing how fraudsters employ plausible details like “cancellation codes” to build trust while attempting to deceive victims. The story reinforces awareness of such persistent phishing approaches.
Schneier on Security

The Rising Cyber Threat to Manufacturing: A Call to Action for Executives
Manufacturing organizations now face an average of 1,585 weekly cyberattacks, a 30% increase year-over-year, with ransomware causing severe financial and operational damage. Increasing connectivity to suppliers deepens exposure, while state-sponsored and hacktivist actors specifically target intellectual property and supply chains.
Checkpoint Blog

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details
A new phishing campaign impersonates Google Careers recruiters, tricking job seekers into visiting malicious sites to harvest Gmail credentials. The attackers use sophisticated multi-stage tactics with Salesforce and Cloudflare infrastructure to evade detection and maximize data theft efficacy.
GBHackers

New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite
Phantom Taurus, a China-linked APT group, has escalated espionage against government and telecom targets in Africa, the Middle East, and Asia using a newly discovered .NET malware suite named NET-STAR. The group’s operations have been tracked since 2023 and focus on geopolitical and military intelligence theft.
GBHackers

Patchwork APT Using PowerShell to Create Scheduled Tasks and Retrieve the Final Payload
Patchwork APT continues to evolve its espionage techniques, now employing a PowerShell loader that uses scheduled tasks and multi-level obfuscation for persistence. Targeting political and military sectors primarily in South and Southeast Asia, this group’s refined approach augments its stealth and longevity in compromised environments.
CyberPress

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
Researchers have demonstrated a low-cost hardware-based attack called Battering RAM that can bypass modern security protections in Intel and AMD cloud processors. The attack uses a simple interposer that is undetectable during system startup, exposing new risks for cloud infrastructure security.
The Hacker News

Hidden VNC Powers New Android Trojan to Gain Complete Remote Control
Klopatra, a newly discovered Android RAT and banking trojan, utilizes a hidden VNC feature to provide attackers full remote control over infected devices. Incorporation of commercial-grade protection and native C/C++ libraries enable it to evade detection and complicate removal efforts.
CyberPress

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Phantom Taurus has been active over the past two and a half years, targeting ministries, embassies, and military operations with stealthy malware campaigns. Palo Alto Networks Unit 42 highlights the group’s focus on geopolitical intelligence and the extended regional reach across Africa, the Middle East, and Asia.
The Hacker News

Imgur blocks UK users after data watchdog signals possible fine
In response to a potential monetary penalty from UK data regulators, Imgur has blocked access for users based in the United Kingdom. This action follows scrutiny of the parent company MediaLab’s compliance with local data protection regulations.
BleepingComputer

New MatrixPDF toolkit turns PDFs into phishing and malware lures
MatrixPDF is a new phishing and malware delivery toolkit that converts standard PDFs into interactive files designed to bypass email security defenses. These lures redirect victims to credential theft portals or malicious downloads, increasing the effectiveness of PDF-based attacks.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.