CyberNews: 02/09/2025 Edition

Published by Dunateo on 2025-09-02

Today’s roundup

Summary

Ukrainian autonomous system FDN3 (AS211736) conducted widespread brute-force and password spraying attacks against SSL VPN and RDP devices from June to July 2025, according to French cybersecurity firm Intrinsec. The Ukraine-based network targeted critical authentication infrastructure, with researchers linking it to broader malicious campaigns. Silver Fox attackers weaponized a Microsoft-signed driver (amsdk.sys v1.0.600) from WatchDog Anti-malware in BYOVD attacks to disable security tools, deploying ValleyRAT malware on compromised systems. A malicious npm package named nodejs-smtp, masquerading as the legitimate nodemailer library, was found injecting code into Atomic and Exodus cryptocurrency wallet applications on Windows, having been downloaded 347 times before detection.