Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-22 11:26 PDT
- Infocon: green
SANS ISC Diary (full) • 2025-10-22 11:25 • isc.sans.edu
webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?
https://isc.sans.edu/diary.html?rss - Canada Fines Cybercrime Friendly Cryptomus $176M
KrebsOnSecurity • 2025-10-22 10:21 • krebsonsecurity.com
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.
https://krebsonsecurity.com/2025/10/canada-fines-cybercrime-friendly-cryptomus-176m/ - TARmageddon flaw in abandoned Rust library enables RCE attacks
BleepingComputer • 2025-10-22 10:21 • www.bleepingcomputer.com
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. […]
https://www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/ - Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Hacker News • 2025-10-22 10:21 • thehackernews.com
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.
The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering
https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html - Cybercriminals turn on each other: the story of Lumma Stealer’s collapse
Graham Cluley • 2025-10-22 10:10 • www.fortra.com
Normally when we write about a malware operation being disrupted, it’s because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotaged by other cybercriminals.Read more in my article on the Fortra blog.
https://www.fortra.com/blog/cybercriminals-turn-each-other-story-lumma-stealers-collapse - Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
The Hacker News • 2025-10-22 09:55 • thehackernews.com
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2).
The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee
https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html - Meta launches new anti-scam tools for WhatsApp and Messenger
BleepingComputer • 2025-10-22 08:11 • www.bleepingcomputer.com
Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. […]
https://www.bleepingcomputer.com/news/security/meta-launches-new-anti-scam-tools-for-whatsapp-and-messenger/ - FinWise data breach shows why encryption is your last defense
BleepingComputer • 2025-10-22 08:11 • www.bleepingcomputer.com
The FinWise breach shows that when insider threats strike, encryption is the last line of defense. Penta Security’s D.AMO platform unites encryption, key management, and access control to keep sensitive data secure. […]
https://www.bleepingcomputer.com/news/security/finwise-data-breach-shows-why-encryption-is-your-last-defense/ - webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?, (Wed, Oct 22nd)
SANS ISC Diary (full) • 2025-10-22 07:21 • isc.sans.eduStarting yesterday, some of our honeypots received POST requests to “/cgi-bin/webctrl.cgi”, attempting to exploit an OS command injection vulnerability:
- PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
BleepingComputer • 2025-10-22 06:37 • www.bleepingcomputer.com
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. […]
https://www.bleepingcomputer.com/news/security/phantomcaptcha-clickfix-attack-targets-ukraine-war-relief-orgs/ - Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
The Hacker News • 2025-10-22 05:56 • thehackernews.com
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology
https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html - What time is it? Accuracy of pool.ntp.org., (Tue, Oct 21st)
SANS ISC Diary (full) • 2025-10-22 05:42 • isc.sans.eduYesterday, Chinese security services published a story alleging a multi-year attack against the systems operating the Chinese standard time (CST), sometimes called Beijing Standard Time. China uses only one time zone across the country, and has not used daylight saving time since 1991. Most operating systems use UTC internally and display local time zones for user convenience. Modern operating systems use NTP to synchronize time. Popular implementations are ntpd and chrony. The client will poll several servers, disregard outliers, and usually sync with the “best” time server based on lat…
https://isc.sans.edu/diary/rss/32390
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
