CyberNews: 11/09/2025 Edition

Published by Dunateo on 2025-09-11

Today’s roundup

  • SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers
  • Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
  • AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
  • Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
  • France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
  • LNER Reveals Supply Chain Attack Compromised Customer Information
  • KillSec Ransomware Hits Brazilian Healthcare IT Vendor
  • Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts
  • Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT
  • You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)

    • Summary

    Akira ransomware actors are actively exploiting a SonicWall SSL VPN vulnerability and misconfigurations, per Rapid7, targeting enterprise networks. Threat actors are distributing fake 'Meta Verified' browser extensions via malvertising campaigns, compromising social media business accounts to steal credentials. AsyncRAT malware is being deployed via abused ConnectWise ScreenConnect RMM software, utilizing fileless techniques to exfiltrate sensitive data. Chinese state-linked APT groups employed novel fileless malware 'EggStreme' against Philippine defense contractors, leveraging memory injection for espionage. Three French regional health agencies suffered cyberattacks exposing patient names, contact info, and medical data. UK rail operator LNER confirmed a third-party vendor breach impacting customer data. Brazilian healthcare software provider MedicSolution was hit by KillSec ransomware, threatening patient care operations. Adobe patched a critical Magento/Commerce flaw (CVE-2025-54236) enabling account takeover and RCE via malicious API requests. Security researchers detailed new AsyncRAT campaigns exploiting ScreenConnect access to establish persistence via fake Skype updaters. watchTowr Labs disclosed an unauthenticated RCE chain (CVE-2025-57819) in FreePBX VoIP systems through SQLi and cron job abuse, with active exploitation observed.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-57819
  • CVE-2025-54236