CyberNews: 29/08/2025 Edition

Published by Dunateo on 2025-08-29

Today’s roundup

Summary

Amazon disrupted APT29's watering hole campaign abusing Microsoft Device Code Auth to redirect users to malicious infrastructure. Threat actors hijacked an abandoned Sogou Zhuyin update server to deploy C6DOOR and GTELAM malware targeting Eastern Asia. Click Studios patched an authentication bypass in Passwordstate's emergency access page, releasing build 9972 on August 28. FreePBX zero-day (CVE-2025-57819) allowed RCE via exposed admin panels, prompting emergency patches for versions 15-17. Google confirmed Salesloft Drift OAuth token compromises impacted all integrations, advising immediate credential rotation. TamperedChef malware distributed fake PDF editors via hijacked ads to steal credentials and cookies. North Korean APT37 leveraged stolen South Korean intelligence documents in spear-phishing campaigns. npm 'Nx' package compromised via AI-powered supply chain attack to deploy crypto-stealing malware. TransUnion breach exposed 4.5 million US customer records through a third-party application on July 28. Sitecore disclosed HTML cache poisoning (CVE-2025-53693) and deserialization RCE (CVE-2025-53691) vulnerabilities patched in June/July 2025.