CyberNews: 29/09/2025 Edition

Published by Dunateo on 2025-09-29

Today’s roundup

  • Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
  • First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
  • Akira Ransomware Bypasses MFA on SonicWall VPNs
  • Cyberattack on Co-op Leaves Shelves Empty, Data Stolen, and $275M in Lost Revenue
  • Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

    • Summary

    Microsoft reported a U.S.-targeted phishing campaign using AI-generated SVG files with LLM-crafted code to bypass email security systems, indicating evolving attack techniques. Cybersecurity researchers identified the first malicious Model Context Protocol server in the rogue npm package 'postmark-mcp,' posing supply chain risks by impersonating a legitimate Postmark Labs library. The Akira ransomware group exploited SonicWall SSL VPNs via compromised credentials from CVE-2024-40766, bypassing MFA protections and deploying rapid post-login network takeovers within hours. Co-op suffered a $275M revenue loss and 6.5M-member data breach after DragonForce accessed systems, leading to four UK arrests for coordinated attacks against retailers. Arctic Wolf researchers confirmed attackers used stolen OTP seeds and lateral movement tools like Impacket and BloodHound. Meanwhile, Tile tracking devices were found vulnerable to location exposure due to unencrypted broadcast data, enabling stalker misuse. Federal investigators linked Co-op’s breach to credential reuse from prior vulnerabilities, prompting nationwide critical infrastructure alerts. Microsoft highlighted the SVG campaign's use of synthetic business jargon to evade detection, while SonicWall urged firmware updates and credential resets across all affected VPN devices.

    Want to dig deeper?

    Vulnerabilities

    CVE-2024-40766 Critical