CyberNews: 04/10/2025 Edition

Published by Dunateo on 2025-10-04

Today’s roundup

  • Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
  • Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
  • Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
  • ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims
  • Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage
  • Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud
  • Oracle links extortion campaign to bugs addressed in July patch
  • Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business

    • Summary

    Threat intelligence firm GreyNoise observed a 500% spike in scanning activity targeting Palo Alto Networks login portals on October 3, 2025, labeling the traffic as structured reconnaissance. Infoblox exposed threat actor Detour Dog's DNS-powered malware distributing Strela Stealer via the StarFish backdoor, active since August 2023. The Rhadamanthys Stealer upgraded capabilities to include device fingerprinting and PNG steganography, alongside new tools marketed by its operators. The Trinity of Chaos alliance (Lapsus$, Scattered Spider, ShinyHunters) launched a TOR-based leak site with data from 39 companies, including Aeromexico and Cisco, after exploiting Salesforce vulnerabilities, prompting FBI warnings of 1.5B record exposure. Dutch authorities arrested two teens for alleged pro-Russian espionage, part of hybrid attacks against Europe per Prime Minister Dick Schoof. Cisco Talos identified a Chinese-speaking group hijacking IIS servers for SEO fraud campaigns. Oracle traced an extortion campaign to vulnerabilities patched in July 2025, linked to Clop ransomware affiliates. Jaguar Land Rover faced severe operational and financial repercussions after incomplete remediation of a prior breach led to renewed ransomware attacks.