CyberNews: 19/09/2025 Edition

Published by Dunateo on 2025-09-19

Today’s roundup

  • Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
  • CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
  • UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London
  • SonicWall warns customers to reset credentials after MySonicWall backups were exposed
  • ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
  • New York Blood Center Alerts 194,000 People to Data Breach
  • Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
  • This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

    • Summary

    Russian state-linked groups Gamaredon and Turla collaborated to deploy the Kazuar backdoor in Ukraine in February 2025, as reported by ESET, targeting critical infrastructure. CISA warned of two malware strains exploiting Ivanti EPMM vulnerabilities (CVE-2025-4427 and CVE-2025-4428), enabling arbitrary code execution on compromised servers. UK and US authorities charged two Scattered Spider members, Thalha Jubair and Owen Flowers, for the August 2024 Transport for London cyberattack; Jubair faces charges linked to 120 attacks totaling $115M in ransom payments. SonicWall urged password resets after a breach exposed encrypted credentials and firewall data for under 5% of customers. Radware disclosed ShadowLeak, a patched zero-click vulnerability in ChatGPT's Deep Research agent that allowed data exfiltration via manipulated emails. New York Blood Center notified 194,000 individuals of a breach exposing SSNs, health data, and banking details. Trend Micro identified AI-generated fake CAPTCHAs in phishing campaigns, enhancing attack scalability. Microsoft addressed a critical Entra ID flaw that could have granted attackers access to Azure customer accounts globally.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-4427 High
    CVE-2025-4428 High