CyberNews: 24/09/2025 Edition

Today’s roundup

Summary

Zscaler ThreatLabz identified YiBackdoor malware sharing significant code with IcedID and Latrodectus, suggesting coordinated attack capabilities. Wiz discovered active exploitation of Pandoc CVE-2025-51591 (CVSS 6.5 SSRF) to target AWS IMDS and steal EC2 credentials. Libraesva patched CVE-2025-59689 (CVSS 6.1), a command injection vulnerability in its Email Security Gateway exploited by state-sponsored actors. U.S. Secret Service dismantled a covert network with 300 SIM servers and 100,000 SIM cards near UN headquarters, preventing potential telecom disruptions. Iranian APT Nimbus Manticore expanded cyber-espionage operations targeting European aerospace, telecom, and defense sectors. U.K. prosecutors charged two Scattered Spider members linked to $115M ransomware attacks, including MGM Resorts and Caesars Entertainment breaches. SolarWinds addressed critical CVE-2025-26399 RCE flaw in Web Help Desk, marking the third patch bypass in 18 months. Cloudflare mitigated a record 22.2 Tbps DDoS attack, nearly doubling its previous mitigation record. CISA mandated federal agencies patch Chrome's sixth zero-day (CVE-2025-10585) found active in attacks via V8 engine type confusion. An unnamed federal agency was compromised through exploitation of a critical GeoServer vulnerability, as disclosed by CISA.

Want to dig deeper?

Vulnerabilities