Cyber News 30OCT2025

General

• Unpatched bug (DoS) in Chrome's rendering engine (Blink), inherited by all Chromium-based browsers, including Edge. Browser isolation doesn't help!
  • https://brash.run/
  • https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/
• Windows 11 Administrator Protection available in preview (original blog post from November 2024!)
  • https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5067036-update-rolls-out-administrator-protection-feature/
  • https://techcommunity.microsoft.com/blog/windows-itpro-blog/administrator-protection-on-windows-11/4303482
• Meanwhile in Azure, they didn't want to be left out of the DNS-outage fun AWS had earlier this month

"Starting at approximately 16:00 UTC on 29 October 2025, customers and Microsoft services leveraging Azure Front Door (AFD) may experience latencies, timeouts, and errors. We have confirmed that an inadvertent configuration change was the trigger event for this issue.

Affected Azure services include, but are not limited to: App Service, Azure Active Directory B2C, Azure Communication Services, Azure Databricks, Azure Healthcare APIs, Azure Maps, Azure Portal, Azure SQL Database, Container Registry, Media Services, Microsoft Defender External Attack Surface Management, Microsoft Entra ID, Microsoft Purview, Microsoft Sentinel, Video Indexer, and Virtual Desktop."

• https://azure.status.microsoft/en-us/status/
• (Wired) https://archive.is/OM1iq
• https://www.bleepingcomputer.com/news/microsoft/microsoft-dns-outage-impacts-azure-and-microsoft-365-services/
• Real-world impact: https://nltimes.nl/2025/10/29/ns-hit-microsoft-cloud-outage-travel-planner-ticket-machines-affected
• Thread: https://cyberplace.social/@GossiTheDog/115459591401634291
• Situation Normal - security plugin creates a security hole in WordPress
  • https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-anti-malware-security-and-brute-force-firewall-wordpress-plugin/
  • https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
• Situation Normal - package repositories filled with malicious packages. Only surprise - it doesn't try to steal or mine crypto-currency!
  • https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
  • https://arstechnica.com/security/2025/10/npm-flooded-with-malicious-packages-downloaded-more-than-86000-times/
• The headline - EY left a 4TB database backup exposed - reality: looks like a company somewhat recently acquired by EY.
  Also shows the importance of having an easily located security contact.
  • https://www.neosecurity.nl/blog/ey-data-leak-4tb-sql-server-backup
  • https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/
  • https://cyberpress.org/ey-data-exposure-4tb-sql-server-backup-found-publicly-accessible-on-azure/
• Tata Motors: "Hold my beer...here's a 70TB data leak". Put down your coffee before reading this one, there are some real clangers!
  • https://eaton-works.com/2025/10/28/tata-motors-hack/
  • https://cyberpress.org/tata-motors-data-leak/
• Good news, I guess? Aisuru botnet moves from DDoS to Residential Proxies as its means of monetisation. Thank LLM training for the demand for proxies (to enable scraping).
  • https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/
• More on Memento Labs (built from the death of Hacking Team)
  • https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/
• More on the Trenchant (L3 Harris) thefts/spying
  • https://techcrunch.com/2025/10/29/former-l3harris-trenchant-boss-pleads-guilty-to-selling-zero-day-exploits-to-russian-broker/
  • (Wired) https://archive.is/xuVuY
  • https://therecord.media/trenchant-exec-pleads-guilty-russia-secrets

Getting Techy

• This is neat - using Airwatch Mobile Device Management as a C2 channel. Comes with its own awmdm.com servers to help hide the attackers; executes in the context of the MDM, reducing suspicion.
  • https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/

Geo-Politics

• Python Software Foundation pulls out of a $1.5m grant (annual budget <$6m) due to anti-DEI requirements of the contract
  • https://pyfound.blogspot.com/2025/10/NSF-funding-statement.html
  • https://simonwillison.net/2025/Oct/27/psf-withdrawn-proposal/
  • https://cyberscoop.com/python-software-foundation-rejects-federal-grant-funding-citing-dei-restrictions/
• [EU] When a lack of digital privacy bites - dossiers on most of Italy's political elite. Connections everywhere, allegedly including some big-four consulting.
  • https://www.politico.eu/article/italy-milan-hackers-carmine-gallo-enrico-pazzali-samuele-calamucci-equalize-mercury-advisors/
• [US] Customs and Border Patrol (CBP) searching lots more electronic devices (up 17% yoy)
  • (Wired) https://archive.is/Nn1JH
• [US] ICE agents using facial-recognition to check if people are US citizens....while they cover their own faces.
  • (404 Media) https://archive.is/goBQM
• [US] Meta/Ray-Ban glasses being used to invade people's privacy, selling the videos, mainly from massage parlours. Definitely not a high-point for humanity.
  • (404 Media) https://archive.is/IV170

AI

• Warning, this paper is making headlines, and it's full of BS. Try following some of the references...see how many actually exist.
  • https://cams.mit.edu/wp-content/uploads/Safe-CAMS-MIT-Article-Final-4-7-2025-Working-Paper.pdf