CyberNews: 09/09/2025 Edition

Published by Dunateo on 2025-09-09

Today’s roundup

  • From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
  • TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
  • 45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
  • 18 Popular Code Packages Hacked, Rigged to Steal Crypto
  • GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
  • GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
  • Chinese Cyber Espionage Campaign Impersonates US Congressman
  • Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World
  • Cyberattack on Jaguar Land Rover threatens to hit British economic growth
  • Summary

    Multiple high-impact cybersecurity events unfolded this week. A supply chain attack compromised 18 npm packages with 2 billion weekly downloads after developer Josh Junon fell victim to phishing, injecting crypto-stealing code. Salesloft disclosed a breach originating from a GitHub account takeover (March-June 2025), enabling reconnaissance and Salesforce instance compromises via stolen OAuth tokens. Fortinet reported a phishing campaign distributing MostereRAT, which combines banking malware with EDR-evading capabilities, and ClickFix malware. Salt Typhoon-linked Chinese threat actors were linked to 45 domains dating to 2020, signaling prolonged cyber espionage. A TOR-based cryptojacking operation targeted misconfigured Docker APIs, leveraging Akamai and Trend Micro findings. GPUGate malware abused Google Ads and GitHub commit URLs to deploy payloads on IT systems. Chinese operatives impersonated US Representative John Moolenaar to influence trade talks. Geedge Networks leaked documents revealed export of China’s censorship tech to four countries. A cyberattack disrupted Jaguar Land Rover’s operations, threatening UK economic growth.