Daily Security Briefing #046

October 20, 2025 | Read Online

Russian COLDRIVER malware reemerges, AWS outage disrupts global services, AI advances in phishing detection

Executive Summary

Today’s cybersecurity landscape highlights the rapid evolution of state-sponsored malware campaigns as Russia’s COLDRIVER group deploys new malicious tools following public exposure of previous malware. Meanwhile, a massive outage in Amazon Web Services has severely impacted multiple major platforms, exposing how dependent the internet remains on cloud providers. AI technologies continue to advance as new phishing detection engines promise enhanced defenses against growing social engineering threats. Additionally, critical vulnerabilities persist in widely used security appliances and software marketplaces face increasing supply-chain attacks, reinforcing the urgent need for robust monitoring and patch management.

Top Articles

To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER
Russia’s COLDRIVER threat group swiftly replaced their previously known LOSTKEYS malware with new families shortly after LASTKEYS was publicly disclosed in May 2025. Targeting NGOs, policy advisors, and dissidents, COLDRIVER demonstrates significant operational agility, with no observed instances of LOSTKEYS since its exposure. This shift emphasizes the ongoing challenge of tracking and mitigating sophisticated nation-state malware campaigns.
Cloud Google

Massive AWS Outage Disrupts Internet – Amazon, Snapchat, Prime Video, Canva, and More Down
A critical failure in AWS’s US-East-1 region caused widespread outages starting early on October 20, 2025, affecting major platforms including Amazon, Snapchat, Prime Video, and Canva. This incident underscores the fragility of internet services heavily reliant on single cloud providers, stressing the importance of resilience and multi-region failover strategies for critical digital infrastructures.
CyberPress

AI-Powered Phishing Detection: The Next Generation Security Engine
Check Point introduces a continuously-trained AI engine that significantly improves phishing detection by analyzing website attributes in real-time. Integrated across multiple products including Quantum gateways and Harmony Email, the system addresses the persistent and evolving threat posed by millions of new malicious domains emerging annually. This AI-driven approach promises enhanced protection against social engineering and phishing attacks.
Check Point

Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines
Recent campaigns employ malicious PDF files disguised as official government documents to distribute Winos 4.0 malware targeting Windows systems. Originating in Taiwan earlier this year, the operation has expanded its reach to Japan and Malaysia, leveraging social engineering to trick users into executing weaponized files.
GBHackers

131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users
Security researchers uncovered over 130 malicious Chrome extensions flooding the Web Store to automate spam campaigns on WhatsApp Web, primarily targeting Brazilian users. While not traditional malware, these extensions violate platform policies and facilitate widespread disruptive activities, emphasizing ongoing risks within browser extension ecosystems.
GBHackers

Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets
CISA added five newly exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, notably including CVE-2025-61884 affecting Oracle E-Business Suite with confirmed active exploitation. These additions highlight the need for rapid patching and vulnerability management in enterprise environments to mitigate real-world attacks.
The Hacker News

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
This week’s recap reveals persistence of long-term breaches within critical infrastructure, including F5 systems compromised by nation-state actors. Emerging tactics involve sophisticated Linux rootkits and novel malware evasion techniques, reinforcing the importance of continuous detection strategies beyond standard patching.
The Hacker News

Over 75,000 WatchGuard Security Devices Vulnerable to Critical RCE
Approximately 76,000 WatchGuard Firebox appliances publicly exposed remain vulnerable to a critical unauthenticated remote code execution flaw (CVE-2025-9242). This widespread exposure poses significant risks for exploitation unless immediate mitigations and patching are implemented.
BleepingComputer

20th October – Threat Intelligence Report
Check Point Research’s latest bulletin details a range of ongoing cyber threats including the recent F5 breach by a persistent nation-state, with attackers exfiltrating sensitive BIG-IP source code. The report emphasizes active espionage campaigns and evolving attacker techniques in critical product development environments.
Check Point Research

Self-spreading GlassWorm Malware Hits OpenVSX, VS Code Registries
A supply-chain attack using the GlassWorm malware has infected developer tools on OpenVSX and Microsoft Visual Studio marketplaces, with over 35,800 installations reported. This self-propagating malware highlights growing threats to software repository security, potentially impacting vast developer and user communities.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.