CyberNews: 13/10/2025 Edition

Published by Dunateo on 2025-10-13

Today’s roundup

  • New Stealit Malware Campaign Spreads via VPN and Game Installer Apps
  • Microsoft Revamps Internet Explorer Mode in Edge After August Attacks
  • New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
  • Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
  • New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
  • Clop Ransomware group claims the hack of Harvard University
  • Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
  • Hacking the Nokia Beacon 1 Router: UART, Command Injection, and Password Generation with Qiling
  • Hackers Target ScreenConnect Features For Network Intrusions
  • FBI and French Police Shutter BreachForums Domain Again

    • Summary

    Fortinet detailed a new Stealit infostealer campaign spreading via fake game/VPN installers, leveraging GitHub C2 to steal credentials, crypto wallets, and deliver ransomware.

    Microsoft revamped Edge's IE mode after August 2025 0-day exploits in IE's Chakra engine enabled remote code execution and privilege escalation via social engineering.

    Oracle issued an alert for CVE-2025-61884 (CVSS 7.5), a high-severity flaw in E-Business Suite 12.2.3-12.2.14, allowing unauthenticated data access.

    The RondoDox botnet is weaponizing over 50 vulnerabilities across 30+ vendors, actively targeting internet-exposed infrastructure like routers and DVRs.

    ChaosBot, a new Rust-based backdoor, uses Discord for C2 to enable reconnaissance and arbitrary command execution, with initial access via compromised Cisco VPN credentials.

    The Clop ransomware group claims to have breached Harvard University, listing it on their Tor data leak site and threatening data publication.

    A new Astaroth banking trojan campaign leverages GitHub repositories for resilient C2 infrastructure, designed to circumvent traditional takedowns.

    Hardware analysis of the Nokia Beacon 1 router revealed patched command injection vulnerabilities and a unique, serial number-based password generation for its UART shell.

    Attacks exploiting Remote Monitoring and Management (RMM) tools like ScreenConnect are increasing through phishing tactics to gain system control.

    The FBI and French Police have again shut down the BreachForums domain, disrupting cybercriminal operations and the illicit trade of stolen data.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-61884 High