During #CybersecurityAwarenessMonth, this one hits hard 👇

Flax Typhoon turned ArcGIS — a trusted geo-mapping app into a stealth backdoor that lived for a year.

No malware, no exploit. Just weak creds + blind trust.

#SecureByDesign isn’t a slogan. It’s survival!

Article via Dark Reading🔗 https://www.darkreading.com/application-security/chinas-flax-typhoon-geo-mapping-server-backdoor

#AppSec #CyberSecurity #Infosec #SupplyChainSecurity

A hidden flaw in a trusted file-sharing tool let hackers grab sensitive, critical files before a patch was ready. How can a single zero-day shake up your entire cybersecurity strategy? Read the full breakdown.

https://thedefendopsdiaries.com/gladinet-centrestack-zero-day-anatomy-of-an-actively-exploited-lfi-vulnerability/

#zero-day
#lfi
#centrestack
#vulnerabilitymanagement
#cybersecurity
#patchmanagement
#supplychainsecurity
#threatintelligence
#incidentresponse

If you're looking for an up-to-date report on supply-chain security and third-party risk then there's a new report available in the Espresso:

https://app.cyberespresso.eu/reports/493e603c-7258-4f85-a7e6-42c8bcf4b575/view

#SupplyChainSecurity #SupplyChain #Cybersecurity

F5 Networks' routine security check spiraled into a high-stakes drama when nation-state hackers infiltrated their critical systems and snagged secret source code. How safe is our digital infrastructure now?

https://thedefendopsdiaries.com/f5-networks-breach-a-case-study-in-advanced-persistent-threats-and-incident-response/

#f5networks
#advancedpersistentthreat
#incidentresponse
#cybersecuritybreach
#supplychainsecurity

The question isn't whether you need better cyber security; it's whether you'll implement proven protection before you become part of next year's statistics.

Read more 👉 https://lttr.ai/Aj12J

#CyberEssentials #GetCyberSorted #SupplyChainSecurity

Only 14% of businesses formally review the cyber security risks posed by their immediate suppliers.

Read more 👉 https://lttr.ai/AjzRm

#CyberEssentials #GetCyberSorted #SupplyChainSecurity

The cyber criminals are already at work – UK businesses experienced 8.58 million cyber crimes in the past year. https://lttr.ai/AjzLb

#CyberEssentials #GetCyberSorted #SupplyChainSecurity

It's been a packed 24 hours in cyber, with several significant breaches, new malware and botnet activity, critical vulnerabilities under active exploitation, and notable regulatory developments. Let's dive in:

Recent Cyber Attacks & Breaches 🚨

- Over 100 SonicWall SSLVPN accounts across 16 environments have been compromised since October 4th, leveraging stolen, valid credentials, with attackers performing network scans and attempts to access local Windows accounts.
- Harvard University confirmed a breach impacting a "limited number of parties" via an Oracle E-Business Suite (EBS) zero-day (CVE-2025-61882), with Clop ransomware demanding seven and eight-figure ransoms.
- SimonMed Imaging is notifying over 1.2 million patients of a January data breach where Medusa ransomware stole 212 GB of sensitive medical and financial data, demanding $1 million.
- The Scattered Lapsus$ Hunters (SLSH) cybercrime group leaked data from Qantas, Vietnam Airlines, Gap, and Fujifilm after an FBI site seizure, impacting millions of customers with personal and frequent flyer details.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/sonicwall-vpn-accounts-breached-using-stolen-creds-in-widespread-attacks/
🗞️ The Record | https://therecord.media/harvard-says-limited-number-linked-to-data-theft
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/simonmed-says-12-million-patients-impacted-in-january-data-breach/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/13/scattered_lapsus_hunters_hiatus/

New Threat Research: Malware & Botnets 👾

- A new Rust-based backdoor, ChaosBot, is using Discord for command-and-control (C2) and is distributed via compromised credentials or malicious LNK files, performing reconnaissance and arbitrary command execution.
- The Astaroth banking trojan has updated its tactics, leveraging GitHub repositories to host malware configurations for C2 resilience, making it harder to disrupt its operations in Latin America, especially Brazil.
- The RondoDox botnet has significantly expanded its attack surface, weaponising over 50 vulnerabilities across more than 30 vendors, including routers, DVRs, and CCTV systems, in a "loader-as-a-service" model often co-packaged with Mirai/Morte.
- A separate, massive multi-country botnet, comprising over 100,000 IP addresses from countries like Brazil, Argentina, and China, is actively targeting RDP services in the US using timing attacks and login enumeration.

📰 The Hacker News | https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html
📰 The Hacker News | https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
📰 The Hacker News | https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is-weaponizing-over-50-flaws-across-30-vendors.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/massive-multi-country-botnet-targets-rdp-services-in-the-us/

Critical Vulnerabilities & Exploitation 🛡️

- Microsoft has revamped Edge's Internet Explorer (IE) mode after discovering attackers exploited an unspecified zero-day in IE's JavaScript engine (Chakra) for remote code execution and privilege escalation, using social engineering to trick users into enabling IE mode.
- Oracle released an emergency patch (CVE-2025-61884) for an unauthenticated remote information disclosure flaw in E-Business Suite (EBS) Runtime UI, following a previous zero-day (CVE-2025-61882) actively exploited by Clop for data theft.
- Defenders must apply the Oracle EBS patch immediately and be aware of social engineering tactics targeting browser legacy features, as these vulnerabilities are under active exploitation and can lead to full system compromise.

📰 The Hacker News | https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-patch-for-new-e-business-suite-flaw/

Regulatory & Geopolitical Cyber Landscape 🌐

- Ofcom, the UK's Online Safety Act regulator, has issued its first fine (£20,000, with daily increases) against 4chan for failing to provide illegal content risk assessments and revenue information, specifically regarding child protection.
- The Dutch government has invoked special powers under the Goods Availability Act against Chinese-owned semiconductor company Nexperia, citing "serious governance shortcomings" and a threat to crucial technological knowledge, allowing intervention in corporate decisions.
- China, in turn, is probing Qualcomm's acquisition of Autotalks, accusing Qualcomm of antitrust violations and "jumping the gun," further escalating the tech trade war and restrictions on strategic semiconductor assets between Western nations and Beijing.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/13/4chan_ofcom_fine/
🗞️ The Record | https://therecord.media/4chan-fined-ofcom-uk-online-safety-act
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/13/nexperia_special_measures/
🗞️ The Record | https://therecord.media/netherlands-special-powers-chinese-owned-semiconductor
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/13/qualcomm_autotalks_china_probe/

Data Privacy Concerns 🔒

- An Austrian data protection regulator ruled that Microsoft "illegally" tracked students via its 365 Education platform and used their data, shifting responsibility to schools.
- The ruling mandates Microsoft to provide complete information on data processing, including explanations for terms like "internal reporting" and "business modelling," and disclose third-party data transfers.
- This decision could have significant implications for Microsoft's data handling practices and GDPR compliance across Europe, forcing greater transparency and accountability from big tech providers.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/13/microsoft_365_education_gdpr/

Government Cyber Initiatives 🇺🇦

- Ukraine's parliament has advanced a bill to establish a dedicated military Cyber Force, aiming to unite offensive and defensive military cyber capabilities under a single command.
- This new branch would conduct military cyber operations, intelligence gathering, threat hunting, and defend military systems, aligning Ukraine with NATO standards.
- A key feature is the creation of a cyber reserve, allowing civilian tech experts to temporarily assist military units, formalising existing volunteer efforts and enhancing collaboration with the tech sector.

🗞️ The Record | https://therecord.media/ukraine-takes-steps-dedicated-cyber-force

#CyberSecurity #ThreatIntelligence #Ransomware #Malware #Botnet #ZeroDay #Vulnerability #DataBreach #GDPR #OnlineSafetyAct #Geopolitics #SupplyChainSecurity #CyberWarfare #InfoSec #IncidentResponse

Edit: Added &c=my-comment to the URL,
please like my comment, or otherwise help me to reach LaurieWired? Boost=❤️ #askfedi

@regtur @reproducible_builds @guix @ekaitz_zarraga
@nlnet
@fsf
@fsfe
@gnutools
Seems #fedi didn't do their thing just yet, so I logged into the Evil Empire and added a comment. Not sure if that will do any good, tho. I guess maybe one or two of you who read this, and still have a Google account, could like my comment, but there are already comments with > 3K likes, so yeah.

Also, no idea how to reach them; they're talking about trust, and then only seem to on Big Tech platforms like TPPKAB (the platform previously known as birdsite), instagram, etc.

<https://www.youtube.com/watch?v=Fu3laL5VYdM&lc=UgxAf-w-tTYM5syB3x94AaABAg>
#bootstrappablebuilds #guix #gnu #reproducibleBuilds #supplyChainSecurity #trustingTrust

175 malicious npm packages + unpkg CDN used as resilient phishing infrastructure (26k downloads).

Attack strategy: automated package publishing → CDN-served JS redirects with victim email fragments → pre-filled credential harvesters. This is a hosting-abuse supply-chain tactic (registry+CDN), not a typical dependency compromise.

Immediate defensive steps:
• Monitor npm publish frequency and automation patterns.
• Alert on unpkg asset requests tied to newly published/empty package manifests.
• Treat HTML attachments as high risk; validate source and block local file URIs in email clients.
Discuss mitigation strategies below and follow @technadu for more threat intelligence.

#InfoSec #ThreatIntel #npm #unpkg #Phishing #SupplyChainSecurity #DevSecOps #SecurityOps #ThreatHunting #CyberSecurity

Why Every UK Business Needs Cyber Essentials: The Shield That Results in 92% Fewer Cyber Insurance Claims

Read the full article: Benefits of Cyber Essentials in 2025
▸ https://lttr.ai/AjhQJ

#CyberEssentials #GetCyberSorted #SupplyChainSecurity

Plugin vulnerability exploited! Get the inside scoop on the Postmark MCP attack and what it means for supply chain security.#PostmarkMCP #npm #supplyChainSecurity
https://jpmellojr.blogspot.com/2025/10/the-postmark-mcp-server-attack-5-key.html

Cyber Essentials, the UK government's flagship cyber security certification scheme, has been quietly protecting British businesses for over a decade.

Read more 👉 https://lttr.ai/AjkK0

#CyberEssentials #GetCyberSorted #SupplyChainSecurity

Clop ransomware strikes again — exploiting a zero-day in Oracle systems to target enterprises. Supply-chain blind spots remain the soft underbelly of modern defense. 🧩💣 #Ransomware #SupplyChainSecurity

https://www.darkreading.com/application-security/clop-ransomware-oracle-customers-zero-day-flaw

Why attack one company…
…when you can compromise one maintainer and reach millions?

#ShaiHulud scaled like SaaS. As @spoole167 highlights, supply chain attacks are now business models.
Read more: https://javapro.io/2025/10/02/the-shai-hulud-npm-worm-when-supply-chains-bite-back/

#DevSecOps #SupplyChainSecurity #JAVAPRO #DevOps

"How does the United States adapt when the cost of entry to high-tech warfare has collapsed, and when adversaries with a fraction of our budget can still threaten our carriers, our bases, and our troops?"
https://michaelwood627.substack.com/p/i-am-worried-that-we-will-lose-the
"This is not just an incremental shift. It may be the beginning of a new era where the overwhelming technological dominance we’ve relied upon for decades no longer guarantees victory." #sustainment #logistics #supplychainsecurity

When a ransomware strike brought a major beer producer to a halt, it wasn't just a tech glitch—it exposed a vulnerable supply chain and costly data breach risks for the entire beverage industry. How safe is your favorite brew?

https://thedefendopsdiaries.com/cybersecurity-threats-and-resilience-in-the-beverage-industry-lessons-from-the-asahi-ransomware-attack/

#ransomware
#beverageindustry
#cybersecurity
#supplychainsecurity
#databreach

This Red Hat breach is a big deal, and not because of the source code. The threat is the theft of Customer Engagement Reports. That’s like a thief stealing the blueprints, security patrol routes, and master keys for hundreds of other buildings, not just the architect's office. This is a supply chain attack in the making. The attackers are leveraging RedHat to hit their entire client ecosystem. The fallout from the secondary breaches could be massive.

TL;DR
🗺️ Blueprint for Attack: The stolen data allegedly includes customer architecture diagrams, network maps, and configuration details.
🔑 Compromised Credentials: Leaked reports contained authentication tokens, creating immediate risk for customer environments.
🔗 Supply Chain Nightmare: This is less about a single company breach and more about the systemic risk to every customer documented in those files.
🎯 Downstream Attacks: The group claims they've already used stolen tokens to compromise Red Hat customers, which is the most critical part of this story.

https://www.theregister.com/2025/10/02/cybercrims_claim_raid_on_28000/
#RedHat #Cybersecurity #DataBreach #SupplyChainSecurity #SupplyChain #security #privacy #cloud #infosec