Daily Security Briefing 027
- DjediTech
- Security , Newsletter
- October 1, 2025
Table of Contents
October 1, 2025 | Read Online
Generative AI scams rise, Weaponized Excel malware targets Ukraine, Chinese hackers exploit network edge devices…
Executive Summary
Cyber threats are evolving rapidly with generative AI fueling new types of scams, increasing both their scale and sophistication. Nation-state actors continue to target critical infrastructure, highlighted by Ukrainian warnings about weaponized Excel add-in malware and Chinese state-sponsored groups compromising network edge devices globally. Additionally, cybercriminal campaigns are increasingly focusing on vulnerable demographics, such as seniors, with complex social engineering lures. On the corporate security front, high-severity flaws and data leaks affecting identity systems and analytics platforms demonstrate ongoing challenges. Attackers also exploit emerging hardware weaknesses, underscoring the need for proactive defensive measures.
Top Articles
Use of Generative AI in Scams
A new report titled “Scam GPT: GenAI and the Automation of Fraud” explores how generative AI is transforming scam tactics. It examines which communities are most vulnerable and how cultural and economic shifts increase susceptibility to these AI-enhanced frauds that extend beyond conventional financial crimes. The analysis delves into the systemic impact of automation on deception and trust in digital environments.
Schneier
Ukraine Warns of Weaponized XLL Files Delivering CABINETRAT Malware via Zip Archives
Ukraine’s CERT-UA has issued a critical alert regarding malicious Excel add-in (XLL) files used to deploy the CABINETRAT backdoor. Disguised as legitimate documents, these files exploit Excel’s Add-in Manager to execute malware upon loading. This campaign, active through September 2025, underscores sophisticated targeting likely linked to geopolitical tensions.
GBHackers
Chinese State-Sponsored Hackers Exploiting Network Edge Devices to Harvest Sensitive Data
The Chinese APT group Salt Typhoon, affiliated with the Ministry of State Security, continues long-term espionage operations by compromising global telecommunications infrastructure. Since 2019, the group has exploited vulnerabilities in routers, VPN gateways, and firewalls to gain persistent access and harvest sensitive intelligence, highlighting ongoing supply chain and telecom risks.
GBHackers | CyberPress
5 Essential Cyber Security Tips for Cyber Security Awareness Month
October’s Cybersecurity Awareness Month offers key guidance to counter increasingly sophisticated cyber threats faced by individuals and organizations. The article emphasizes staying vigilant across all digital interactions, including social media, emails, and applications, and reinforces the importance of proactive security hygiene in today’s complex threat environment.
Checkpoint
Threat Actors Exploit Senior Travel Fraud to Deploy Datzbro
A new social engineering campaign targets senior citizens through fake Facebook groups promoting “active senior trips.” The scheme distributes the Datzbro Android banking trojan across multiple countries, including Australia, Canada, and the UK. This operation highlights how threat actors exploit trusted communities and specialized fraud tactics to spread mobile malware.
CyberPress
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
Researchers from Georgia Tech and Purdue University demonstrated a novel side-channel attack bypassing Intel SGX’s hardware protections using DDR4 memory-bus interception. This attack enables passive decryption of sensitive enclave data, signaling emerging risks in hardware-based trusted execution environments that rely on memory isolation.
The Hacker News
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
A high-severity vulnerability (CVE-2025-59363) in One Identity’s OneLogin solution allows attackers to access OpenID Connect application secrets by exploiting API keys. With a CVSS score of 7.7, this flaw can lead to app impersonation and unauthorized access, emphasizing the importance of securing IAM platforms.
The Hacker News
Adobe Analytics Bug Leaked Customer Tracking Data to Other Tenants
Adobe disclosed an ingestion bug in its Analytics product that caused some customers’ tracking data to mix with others’ datasets for about one day. Although exposure appears temporary, this incident raises concerns about data segregation and multi-tenant security in cloud analytics services.
BleepingComputer
Data Breach at Dealership Software Provider Impacts 766,000 Clients
A ransomware attack on Motility Software Solutions, a dealer management software provider, exposed sensitive information belonging to over 766,000 customers. This breach highlights the increasing risk faced by sector-specific software vendors and the importance of robust ransomware defenses.
BleepingComputer
Rhadamanthys 0.9.x – Walk Through the Updates
The Rhadamanthys malware, a complex modular tool sold on underground markets since 2022, received a detailed update analysis. Developed by the actor “kingcrete2022,” it shows sophisticated evolution and code reuse from previous projects, emphasizing ongoing threats from advanced criminal malware ecosystems.
Checkpoint
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.