CyberNews: 09/09/2025 Edition
Today’s roundup
Summary
Multiple high-impact cybersecurity events unfolded this week. A supply chain attack compromised 18 npm packages with 2 billion weekly downloads after developer Josh Junon fell victim to phishing, injecting crypto-stealing code. Salesloft disclosed a breach originating from a GitHub account takeover (March-June 2025), enabling reconnaissance and Salesforce instance compromises via stolen OAuth tokens. Fortinet reported a phishing campaign distributing MostereRAT, which combines banking malware with EDR-evading capabilities, and ClickFix malware. Salt Typhoon-linked Chinese threat actors were linked to 45 domains dating to 2020, signaling prolonged cyber espionage. A TOR-based cryptojacking operation targeted misconfigured Docker APIs, leveraging Akamai and Trend Micro findings. GPUGate malware abused Google Ads and GitHub commit URLs to deploy payloads on IT systems. Chinese operatives impersonated US Representative John Moolenaar to influence trade talks. Geedge Networks leaked documents revealed export of China’s censorship tech to four countries. A cyberattack disrupted Jaguar Land Rover’s operations, threatening UK economic growth.