CyberNews: 17/09/2025 Edition

Published by Dunateo on 2025-09-17

Today’s roundup

  • Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
  • Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
  • DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
  • Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service
  • Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
  • Self-Replicating Worm Hits 180+ Software Packages
  • North Korean Group Targets South With Military ID Deepfakes
  • Gucci and Alexander McQueen Hit by Customer Data Breach
  • FileFix Campaign Using Steganography and Multistage Payloads
  • A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

    • Summary

    China-linked TA415 conducted spear-phishing campaigns targeting U.S. policymakers using VS Code tunnels. Scattered Spider reemerged with financial attacks despite previous claims of retirement. The U.S. DOJ resentenced BreachForums founder Conor Fitzpatrick to three years for cybercrime operations. Microsoft and Cloudflare seized 338 domains in RaccoonO365’s phishing network, which stole 5,000+ Microsoft credentials globally. Critical flaws in Chaos Mesh allow Kubernetes cluster takeover via GraphQL vulnerabilities. The Shai-Hulud worm infected 187+ npm packages, exfiltrating credentials through self-replicating code. North Korea’s Kimsuky group deployed AI-generated military ID deepfakes to compromise South Korean targets. Gucci and Alexander McQueen suffered a breach exposing 7.4M emails via ShinyHunters’ attack. The FileFix campaign hid malware in JPGs using steganography for multilingual phishing. A misconfigured DHS platform exposed sensitive surveillance-related intelligence to unauthorized users.