CyberNews: 20/09/2025 Edition

Published by Dunateo on 2025-09-20

Today’s roundup

  • LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
  • Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
  • ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
  • UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
  • SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
  • Fortra addressed a maximum severity flaw in GoAnywhere MFT software
  • 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
  • DOJ: Scattered Spider took $115 million in ransoms, breached a US court system
  • Russian spy groups Turla, Gamaredon join forces to hack Ukraine, researchers say

    • Summary

    LastPass warned of a macOS-targeted campaign distributing Atomic Infostealer malware via fake GitHub repositories. SentinelOne researchers identified MalTerminal, the first GPT-4-powered malware capable of generating ransomware, disclosed at LABScon 2025. Radware revealed ShadowLeak, a zero-click exploit in OpenAI's ChatGPT agent that exposed Gmail data via emails; patched in August 2025. Iran-linked UNC1549 breached 11 European telecom firms through LinkedIn job lures deploying MINIBIKE malware. Lumen Technologies linked the SystemBC-powered REM Proxy botnet to 1,500 daily infected VPS instances across 80 C2 servers. Fortra issued a critical patch for CVE-2025-10035, a CVSS 10.0 deserialization flaw in GoAnywhere MFT, urging restricted admin console access. Netcraft identified 17,500 phishing domains tied to Lighthouse and Lucid PhaaS platforms targeting 316 global brands. The U.S. DOJ charged Scattered Spider members for extorting $115 million and breaching a federal court network. ESET confirmed Russian groups Turla and Gamaredon collaborated in four attacks on Ukrainian infrastructure.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-10035 Critical