Daily Security Briefing #044

October 18, 2025 | Read Online

Cybercrime-as-a-Service takedown, Windows 11 localhost bug disrupts apps, Zimbra SSRF flaw exposes data.

Executive Summary

Today’s cybersecurity landscape highlights significant law enforcement success against a major cybercrime-as-a-service network that facilitated widespread fraud across Europe. Meanwhile, Microsoft’s latest Windows 11 update introduced a critical bug disrupting localhost connectivity for many developers and IT teams. A high-severity Server-Side Request Forgery (SSRF) vulnerability in Zimbra also demands urgent patching to prevent data exposure. Additional threats include evolving malware campaigns targeting Russia and Asia, along with deceptive Google ads distributing infostealers targeting macOS users. These developments underscore the persistent and evolving nature of cyber threats worldwide.

Top Articles

Authorities Shut Down Cybercrime-as-a-Service, Seize 40,000 SIM Cards
European law enforcement coordinated a major operation to dismantle a cybercrime-as-a-service platform known as ‘SIMCARTEL’. The takedown included seven arrests and the seizure of over 40,000 active SIM cards used to perpetrate widespread fraud, resulting in millions of euros in damages. The operation disrupted a key infrastructure enabling serious criminal activity across the continent.
GBHackers

Microsoft Windows 11 October Update Disrupts Localhost (127.0.0.1) Connectivity
Microsoft’s security patch KB5066835 for Windows 11 has caused unexpected localhost connectivity issues, preventing applications from accessing services on the loopback address 127.0.0.1. The update intended to fix vulnerabilities instead disrupted workflows for developers and IT professionals using the affected OS builds 26200.6899 and 26100.6899. Users should watch for upcoming fixes or workarounds.
GBHackers

Critical Zimbra SSRF Flaw Exposes Sensitive Data
Zimbra urgently patched a critical Server-Side Request Forgery flaw affecting versions 10.1.5 through 10.1.11. This high-severity vulnerability could allow attackers to exploit the platform’s chat proxy configuration to access sensitive information. Administrators are strongly advised to apply the emergency security update to mitigate risk immediately.
GBHackers

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Researchers identified a previously unknown .NET malware called CAPI Backdoor targeting Russian automobile and e-commerce companies. The infection vector involves phishing emails distributing malicious ZIP archives to execute the backdoor, highlighting tailored threat campaigns focused on specific industry verticals in Russia.
TheHackerNews

Google Ads for Fake Homebrew, LogMeIn Sites Push Infostealers
A malicious campaign exploits popular developer tools and services by advertising fake Homebrew, LogMeIn, and TradingView platforms through Google Ads. These fake sites serve infostealer malware families such as AMOS and Odyssey, targeting macOS users to harvest sensitive data and credentials.
BleepingComputer

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The Winos 4.0 malware group, previously active in China and Taiwan, has broadened operations to Japan and Malaysia. The campaign uses phishing emails with malicious PDF links to distribute the HoldingHands RAT, also known as Gh0stBins, emphasizing a growing regional threat landscape in East Asia.
TheHackerNews

Cyber Academy Founder Champions Digital Safety for All
Aliyu Ibrahim Usman, founder of Nigeria’s Cyber Cadet Academy, advocates for widespread cybersecurity awareness and education to combat escalating global cyber risks. His efforts emphasize empowering individuals and communities through knowledge of digital safety practices.
DarkReading

OpenAI Confirms GPT-6 Is Not Shipping in 2025
OpenAI announced that GPT-6 will not be released this year, though future models may still arrive. The update clarifies the company’s development timeline amid widespread interest in next-generation AI technology releases.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.