Cyber News 28OCT2025

General

• Interesting side-effect of phishing-resistant authentication (e.g. Passkeys). Twitter domain name will be migrating to X, so old passkeys will stop working (they're tied to a specific domain-name).
  • https://www.bleepingcomputer.com/news/security/x-re-enroll-2fa-security-keys-by-november-10-or-get-locked-out/
  • https://www.theregister.com/2025/10/27/x_passkey_reset/
• Ransomware stats from Coveware - payment rates continue to drop, however the average payment value is (long-term) still growing.
  • https://www.coveware.com/blog/2025/10/24/insider-threats-loom-while-ransom-payment-rates-plummet
  • https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/
• Red-Teamers build the best tools...attackers using Red Tiger to steal Discord information (there's Roblox in there too).
  • https://www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
  • https://www.netskope.com/blog/redtiger-new-red-teaming-tool-in-the-wild-targeting-gamers-and-discord-accounts
  • https://github.com/loxy0dev/RedTiger-Tools
• Continuing the mis-use of legitimate tools - attackers using AzureHound (Azure data collector for use with BloodHound) to map out Azure accounts and resources.
  Take away: Run this in your environment before the attackers do.
  • https://unit42.paloaltonetworks.com/threat-actor-misuse-of-azurehound/
  • https://github.com/SpecterOps/AzureHound
  • https://github.com/SpecterOps/BloodHound
• Windows blaming the hardware? Suggesting a memory scan after a BSOD.
  • https://www.bleepingcomputer.com/news/microsoft/windows-will-soon-prompt-for-memory-scans-after-bsod-crashes/
• No, GMail wasn't breached, just run-of-the-mill info-stealers. Apparently this frenzy was triggered by the Synthient (a threat-intel company) disclosure of the data from multiple info-stealers.
  • https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach/
  • https://x.com/NewsFromGoogle/status/1982893232934793655
  • https://www.troyhunt.com/inside-the-synthient-threat-data/
• Game-cheats to deliver malware - classic "if it's free, you're the product". A deep-dive into the full process.
  • https://vxdb.sh/info-stealing-malware-disguised-as-video-game-cheats/
• [IR] More proof that, just because you can hack, doesn't mean you can secure - Iran's Ravin Academy for cyber attackers.
  • https://ravin-academy.com/
  • https://www.theregister.com/2025/10/27/breach_iran_ravin_academy/
  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a
  • https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/muddy-advanced-persistent-teacher.html

Getting Techy

• Chrome Zero Day, likely from the old Hacking Team (now Memento Labs). The C2 commands get extra cool points.
  • https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
  • https://www.bleepingcomputer.com/news/security/italian-spyware-vendor-linked-to-chrome-zero-day-attacks/
  • https://therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky
  • Phineas Fisher's take down of Hacking Team
    • https://gist.github.com/jaredsburrows/9e121d2e5f1147ab12a696cf548b90b0

Geo-Politics

Privacy

• [US] Good news - some pushback against Flock surveillance cameras - some cities disabling the cameras
  • https://therecord.media/cities-reverse-course-on-automated-license-plate-reader-cameras
• [US] doesn't sign dodgy cybercrime treaty mentioned yesterday
  • https://therecord.media/us-declines-signing-cybercrime-treaty
• [US] ICE using access to utilities data (electricity) for investigations
  • (404 Media) https://archive.is/Ewe2R

AI

• Don't expect AI to replace developers, only augment
  • https://russmiles.substack.com/p/you-cannot-outsource-understanding
• Need more proof that we haven't solved prompt-injection attacks?
  • https://www.theregister.com/2025/10/24/m365_copilot_mermaid_indirect_prompt_injection/