CyberNews: 03/09/2025 Edition

Published by Dunateo on 2025-09-03

Today’s roundup

Summary

An Iranian-aligned hacking group compromised over 100 embassy email accounts through multi-wave phishing campaigns targeting diplomatic entities globally, attributed to Homeland Justice affiliates. Cloudflare mitigated a record-setting 11.5 Tbps DDoS attack originating primarily from Google Cloud infrastructure. CISA flagged critical vulnerabilities in TP-Link extenders (CVE-2020-24363) and WhatsApp as actively exploited. Zscaler, Palo Alto Networks, and Cloudflare suffered breaches via compromised OAuth tokens in Salesloft's Drift marketing platform. Jaguar Land Rover halted production and retail operations globally after a severe cyber incident, though customer data remains unaffected. Amazon disrupted APT29's credential theft campaign using fake Cloudflare pages to target Microsoft authentication flows. North Korea's Lazarus Group deployed new cross-platform malware strains targeting decentralized finance platforms. Google Play Protect bypass techniques enabled Android droppers to distribute banking trojans via government app impersonations in Asia. MystRodX backdoor utilized DNS/ICMP protocols for stealthy command execution, while WhatsApp and Apple warned of active zero-day exploitation against high-value targets using advanced social engineering.