Today’s roundup

Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phasing Targeting Diplomats Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Zscaler, Palo Alto Networks Breached via Salesloft Drift Supply Chain Attack Jaguar Land Rover Shuts Down Systems Following Cyberattack Amazon Thwarts APT29 Credential Theft Campaign Targeting Cloudflare, Microsoft Lazarus Group Deploys New PondRAT, ThemeForestRAT Malware in DeFi Attacks Android Droppers Evolve to Spread Banking Trojans via Government-App Impersonation WhatsApp and Apple Warn of Zero-Day Exploits in Highly Targeted Attacks MystRodX Backdoor Leverages DNS/ICMP Triggers for Covert Operations

Summary

An Iranian-aligned hacking group compromised over 100 embassy email accounts through multi-wave phishing campaigns targeting diplomatic entities globally, attributed to Homeland Justice affiliates. Cloudflare mitigated a record-setting 11.5 Tbps DDoS attack originating primarily from Google Cloud infrastructure. CISA flagged critical vulnerabilities in TP-Link extenders (CVE-2020-24363) and WhatsApp as actively exploited. Zscaler, Palo Alto Networks, and Cloudflare suffered breaches via compromised OAuth tokens in Salesloft's Drift marketing platform. Jaguar Land Rover halted production and retail operations globally after a severe cyber incident, though customer data remains unaffected. Amazon disrupted APT29's credential theft campaign using fake Cloudflare pages to target Microsoft authentication flows. North Korea's Lazarus Group deployed new cross-platform malware strains targeting decentralized finance platforms. Google Play Protect bypass techniques enabled Android droppers to distribute banking trojans via government app impersonations in Asia. MystRodX backdoor utilized DNS/ICMP protocols for stealthy command execution, while WhatsApp and Apple warned of active zero-day exploitation against high-value targets using advanced social engineering.