CyberNews: 01/10/2025 Edition

Published by Dunateo on 2025-10-01

Today’s roundup

  • New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
  • OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
  • Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
  • Hackers Exploit Milesight Routers to Send Phishing SMS to European Users
  • New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones
  • Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
  • New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
  • Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
  • Apple urges users to update iPhone and Mac to patch font bug
  • Rhadamanthys 0.9.x – walk through the updates

    • Summary

    Academics demonstrated WireTap, a DDR4 memory-bus interposer attack extracting Intel SGX ECDSA keys, bypassing hardware security. OneLogin disclosed CVE-2025-59363, allowing API-key abuse to steal OIDC client secrets (CVSS 7.7). Red Hat OpenShift AI patched a critical flaw enabling infrastructure takeover via privilege escalation. Threat actors hijacked Milesight industrial routers in Europe since February 2022 to send SMS phishing links via API abuse. Klopatra Android RAT infected 3,000+ devices using hidden VNC for financial fraud. Ukraine's CERT-UA attributed CABINETRAT XLL attacks to UAC-0245 APT targeting government entities. Researchers revealed Battering RAM, a $50 tool bypassing Intel/AMD cloud memory encryption via modified RAM modules. Palo Alto warned of China-aligned Phantom Taurus targeting MFA, embassies, and military ops since 2023. Apple patched CVE-2025-43400, an out-of-bounds write flaw in FontParser enabling denial-of-service and code execution. Check Point detailed Rhadamanthys 0.9.2 updates including Lumma-style anti-analysis checks, custom binary formats, and expanded credential theft via Chromium fingerprinting JS modules.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-59363 High
    CVE-2025-43400 Medium