CyberNews: 03/09/2025 Edition
Today’s roundup
-
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phasing Targeting Diplomats
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
Zscaler, Palo Alto Networks Breached via Salesloft Drift Supply Chain Attack
Jaguar Land Rover Shuts Down Systems Following Cyberattack
Amazon Thwarts APT29 Credential Theft Campaign Targeting Cloudflare, Microsoft
Lazarus Group Deploys New PondRAT, ThemeForestRAT Malware in DeFi Attacks
Android Droppers Evolve to Spread Banking Trojans via Government-App Impersonation
WhatsApp and Apple Warn of Zero-Day Exploits in Highly Targeted Attacks
MystRodX Backdoor Leverages DNS/ICMP Triggers for Covert Operations
Summary
An Iranian-aligned hacking group compromised over 100 embassy email accounts through multi-wave phishing campaigns targeting diplomatic entities globally, attributed to Homeland Justice affiliates. Cloudflare mitigated a record-setting 11.5 Tbps DDoS attack originating primarily from Google Cloud infrastructure. CISA flagged critical vulnerabilities in TP-Link extenders (CVE-2020-24363) and WhatsApp as actively exploited. Zscaler, Palo Alto Networks, and Cloudflare suffered breaches via compromised OAuth tokens in Salesloft's Drift marketing platform. Jaguar Land Rover halted production and retail operations globally after a severe cyber incident, though customer data remains unaffected. Amazon disrupted APT29's credential theft campaign using fake Cloudflare pages to target Microsoft authentication flows. North Korea's Lazarus Group deployed new cross-platform malware strains targeting decentralized finance platforms. Google Play Protect bypass techniques enabled Android droppers to distribute banking trojans via government app impersonations in Asia. MystRodX backdoor utilized DNS/ICMP protocols for stealthy command execution, while WhatsApp and Apple warned of active zero-day exploitation against high-value targets using advanced social engineering.