CyberNews: 01/09/2025 Edition

Published by Dunateo on 2025-09-01

Today’s roundup

Summary

North Korea-linked ScarCruft (APT37) deployed RokRAT malware in Operation HanKook Phantom, using phishing emails with malicious LNK files disguised as academic newsletters to target South Korean researchers and ex-officials, exfiltrating data via cloud services. Pennsylvania’s Attorney General confirmed a ransomware attack disrupted court operations after refusing ransom demands. Amazon thwarted Russian APT29’s Microsoft authentication exploitation in a watering hole attack aimed at broadening intelligence collection. Adversaries compromised Google Workspace accounts by exploiting Salesloft Drift’s Salesforce integration. WhatsApp addressed a critical zero-day, zero-click vulnerability tied to sophisticated attacks, though details remain undisclosed.