Cyber News 20OCT2025

General

• The alliance that never was (LockBit, DragonForce, Qilin)
  • https://www.suspectfile.com/the-alliance-that-wasnt-a-critical-analysis-of-reliaquests-q3-2025-ransomware-report/
• Using (Zendesk) ticket-creation emails for spamming and email-bombing
  • https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
• Watch out macOS users….Google ads for fake Homebrew, LogMeIn sites push infostealers
  • https://www.bleepingcomputer.com/news/security/google-ads-for-fake-homebrew-logmein-sites-push-infostealers/
• Rust isn't a silver bullet - Windows Kernel Vuln (<sarcasm>surprise - it's in the graphics-handling pathway!</sarcasm>) doesn't lead to Code Exec, but still leads to DoS.
  • https://cyberpress.org/new-windows-gdi-rust-kernel-vulnerability/
• Why hack, when you can just ask the user to run it? Hackers Exploit TikTok Videos to Deliver Self-Compiling PowerShell Malware
  • https://cyberpress.org/tiktok-powershell-malware/
  • https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/
• Finding malware traces in backups - Rubrik scanning finds CN-linked Brickstorm malware
  • https://zerolabs.rubrik.com/blog/unmasking-the-invisible-hunting-and-defeating-edr-evading-threats-like-brickstorm
  • (Google TIG report on Brickstorm) https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
• [AU] Dodo's email system breached, 1600 accounts accessed. Motivation unclear.
  • https://www.itnews.com.au/news/vocus-isp-dodos-email-system-breached-on-friday-621134
• [DE] Volkswagen the 'next' auto-maker to be hit by ransomware? (Listed by 8base - Volkswagen Group - in OCT2024, Qilin - Volkswagen Group France - in OCT2025). This might be some confused initial reporting.
  • https://cyberpress.org/volkswagen-reportedly-hit-by-ransomware-attack/
• [EU] Europol dismantles SIM box operation renting numbers for cybercrime. Looks professional, but they still do it bigger in the US.
  • https://www.bleepingcomputer.com/news/security/europol-dismantles-sim-box-operation-renting-numbers-for-cybercrime/
  • https://vxdb.sh/operation-simcartel-europol-shuts-down-gogetsms-cybercrime-network/
  • https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
• [FR] Did France arrest the leader of ShinyHunters?
  • https://databreaches.net/2025/10/17/an-arrested-mans-lawyer-claims-his-client-cant-be-shinyhunters-leader-his-argument-wasnt-persuasive/
• [NKO] Latest on North Korea’s fake job interview malware - same technique, new code
  • https://cyberpress.org/clickfake-interview-attack/
  • https://blog.talosintelligence.com/beavertail-and-ottercookie/

Retro Corner

• Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
  • https://cyberpress.org/cisco-desk-ip-and-video-phones-vulnerable/
• Bringing ConnectWise security into the 21st century
  • https://cyberpress.org/critical-connectwise-flaws/
• Macro-laden Word docs are still a thing? Weaponized Office Documents Enable APT28 to Deliver BeardShell and Covenant
  • https://cyberpress.org/apt28-office-documents/
• Phishing leads to tech-support scam
  • https://cyberpress.org/microsoft-login-scam/
• Using an installer package for malware distribution - Exploiting Windows MSIX Packages for Persistent and Covert Malware Distribution
  • https://cyberpress.org/windows-msix/
• Remote Admin Tool, with unprotected remote includes. Clearly it's been pentested....
  • https://www.tenable.com/blog/tenable-discovers-critical-vulnerabilities-in-simplehelp-tool-cve-2025-36727-and-cve-2025

Getting Techy

• Reversing Kindle Web DRM, so that you can backup the books you own
  • https://blog.pixelmelt.dev/kindle-web-drm/
• Using EDR-whitelisted executables to drop files in EDR's own folders
  • https://www.zerosalarium.com/2025/10/defenderwrite-abusing-whitelisted-programs-arbitrary-write.html

Geo-Politics

• [AU] Planning for 6G - secure sovereign networks
  • https://www.aspistrategist.org.au/6g-isnt-about-speed-its-about-sovereignty/
• [AU] Nex Cyber Affairs Ambassador, 20yr ASD veteran
  • https://www.itnews.com.au/news/australias-new-cyber-affairs-ambassador-sourced-from-asd-621128
• [CN/EU] China / Europe chip battles heat up, over NL's Nexperia (ex. NXP) move
  • https://www.theregister.com/2025/10/17/car_industry_nexperia_supply/
• [CN/US] China claims US was in its (time server) network
  • https://moderndiplomacy.eu/2025/10/19/nsa-accused-of-stealing-secrets-from-chinas-national-time-centre/

Privacy

• [NL] Experian fined €2.7m for GDPR violations
  • https://www.bleepingcomputer.com/news/legal/experian-fined-32-million-for-mass-collecting-personal-data/
• [US] Pushing back against (TX) age-verification laws
  • https://therecord.media/tech-industry-texas-age-gating
• [US] Pushing back against social-media surveillance - EFF and labour unions sue US administration (Dep. State and Homeland Security)
  • https://www.eff.org/press/releases/labor-unions-eff-sue-trump-administration-stop-surveillance-free-speech-online
  • https://www.theregister.com/2025/10/17/labor_unions_surveillance_lawsuit/

AI

• MIT "State of AI in Business 2025"
  • https://www.artificialintelligence-news.com/wp-content/uploads/2025/08/ai_report_2025.pdf