Cyber News 31OCT2025
General
- Useful tool, to make sure you've located (and thus patched) all of your WSUS
- Exec phishing through LinkedIn - it's got all the usual ingredients, Google open-redirect, intermediary bouncer, bot-protection (Turnstile), and finishes with Attacker-in-the-Middle Microsoft sign-in page.
- Docker Compose - old-fashioned path-traversal bug in new Open Container Initiative (OCI) Compose support
- Jenkins always seems to deliver the good vulnerabilities (long past time to replace it with something more modern and secure)
- [EU] Increase in NFC payment relay attacks. This looks like a separate cluster (mainly Russian language), to the mobile-wallet loading and relaying attacks coming out of china.
- [US] Much delayed disclosure of a US Telco breach, likely part of the Salt Typhoon (CN) attacks disclosed earlier this year.
- [US] So, now is a good time to remove requirements on US Telco's to secure their networks (clearly they were doing well enough before, and the threat has clearly gone away...)
Getting Techy
- A look at the Warlock ransomware - pretty low sophistication, but the basics are all there
- GhostGrab Android Malware. Background crypto-miner seems like a bit of a give-away that something is awry with the device. Silent-audio is an interesting trick to stay in the foreground. Collecting "Aadhaar" number in the fake KYC suggests targeting Indian citizens. Open Firebase DB...really?
- [CN] Attacking EU diplomatic missions. Could be state-driven, or - as the i-Soon leak showed - could just be private companies hoping to find something saleable.
- https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/
- https://therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
- https://www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/
- https://unit42.paloaltonetworks.com/i-soon-data-leaks/
Geo-Politics
- [US] May start testing nuclear weapons again. Justification is flawed, and the environmental impacts likely high.
- [US] ICE building out an industrialised deportation system
- (Wired) https://archive.is/5WSWE
Privacy
- Leak of Cellebrite's capabilities against Google Pixel phones (be sure to read the first comment, to help decode the capabilities)
- (404 Media) https://archive.is/LeS5L
- Did you need any more evidence, that you're the product at Meta (Facebook, Instagram, WhatsApp, et al)?
- [EU] Chat Control proposal appears to finally be dead. The challenge lies between good intent, and bad implementation.
AI
- Using prompt-injection for good - injecting security banners and instructions
- Microsoft pushing hard with CoPilot, into more areas of M365 you never wanted it. Thankfully, it requires a CoPilot licence, so you can avoid, for now.