Daily Security Briefing 029

October 3, 2025 | Read Online

Rhadamanthys stealer evolves with new evasion and targeting; StallionRAT phishing campaigns intensify; Renault and Dacia UK report data breach…

Executive Summary

Cybercriminal operations continue to advance with sophisticated evasion techniques and expanded targeting, exemplified by the latest Rhadamanthys stealer update, now including device fingerprinting and encrypted payload delivery. Phishing attacks remain prevalent, highlighted by the government-official impersonation campaigns deploying StallionRAT malware. Malware-as-a-Service models like GhostSocks proliferate proxy abuse, complicating network defense. Notably, the automotive sector faces a customer data breach in the UK, underscoring third-party risk exposure. Meanwhile, threat intelligence remains a key defensive investment in today’s evolving landscape.

Top Articles

Rhadamanthys 0.9.2: A Stealer That Keeps Evolving
The Rhadamanthys stealer’s latest version 0.9.2 introduces enhanced evasion capabilities, including PNG-based payload delivery and advanced sandbox detection. The operators rebranded as RHAD Security / Mythical Origin Labs, launching a professional storefront featuring multiple cybercrime tools. Notably, the stealer now targets Ledger Live cryptocurrency wallets with improved encryption and configurable process injections.
Checkpoint

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
Further technical updates to Rhadamanthys include device and browser fingerprinting capabilities and the use of PNG steganography for payloads. The threat actor also markets complementary tools such as Elysium Proxy Bot and Crypt Service, signifying an expanding threat ecosystem.
TheHackerNews

Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT
The Cavalry Werewolf threat cluster has intensified phishing campaigns by impersonating government officials to deliver FoalShell and StallionRAT malware. These attacks emphasize the need for ongoing cyber intelligence and robust email authentication to defend against sophisticated social engineering.
GBHackers

Threat Actors Exploit WhatsApp Messages to Target Windows Systems with SORVEPOTEL Malware
The SORVEPOTEL malware uses compromised WhatsApp sessions to rapidly infect Windows systems, primarily affecting Brazilian enterprises and public sector organizations. The campaign highlights the risk of leveraging popular messaging platforms as malware propagation vectors.
CyberPress

GhostSocks Malware as a Service Empowers Threat Actors to Turn Compromised Devices into Proxies
GhostSocks MaaS enables attackers to transform infected devices into residential proxies to evade anti-fraud measures. Launched in late 2023 on Russian cybercrime forums, its ease of integration fuels increased use in fraudulent traffic routing and malicious campaigns.
CyberPress

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
Infoblox exposed the actor “Detour Dog” controlling DNS-based infrastructure distributing Strela Stealer. The operator actively maintains domains for the initial backdoor called StarFish, continuing campaigns since mid-2023 targeting information theft through DNS manipulation.
TheHackerNews

Renault and Dacia UK Warn of Data Breach Impacting Customers
Renault and Dacia customers in the UK were notified after a third-party provider suffered a data breach exposing sensitive customer information. This incident underscores ongoing risks linked to vendor security and the importance of third-party risk management in automotive supply chains.
BleepingComputer

Presenting AI to the Board as a CISO? Here’s a Template.
Keep Aware published a free template designed to help CISOs clearly communicate AI usage, risks, governance, and controls to corporate boards, facilitating better leadership understanding of generative AI adoption and security implications.
BleepingComputer

Federal Judiciary Touts Cybersecurity Work in Wake of Latest Major Breach
In response to criticism over recent breaches, the Administrative Office of the US Courts emphasized proactive cybersecurity efforts. Officials rejected allegations of ignoring expert advice, underscoring ongoing enhancements to judicial cybersecurity posture.
CyberScoop

Scattered Lapsus$ Hunters Returns With Salesforce Leak Site
The cybercriminal group Scattered Lapsus$ Hunters revived operations after announcing a shutdown, threatening to release stolen Salesforce customer data by October 10 if demands are unmet, signaling potential imminent data exposure for affected organizations.
DarkReading

Top 10 Best End-to-End Threat Intelligence Companies in 2025
This overview highlights leading threat intelligence providers crucial in combating increasingly sophisticated cyberattacks faced by enterprises and governments. These companies deliver actionable insights and alerts essential for proactive defense strategies.
GBHackers

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.