CyberNews: 18/10/2025 Edition

Published by Dunateo on 2025-10-18

Today’s roundup

  • ConnectWise fixes Automate bug allowing AiTM update attacks
  • Microsoft fixes highest-severity ASP.NET Core flaw ever
  • New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
  • Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
  • Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates
  • Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
  • Hackers Dox ICE, DHS, DOJ, and FBI Officials

    • Summary

    ConnectWise has issued a critical security update for its Automate product, addressing vulnerabilities that could facilitate Adversary-in-the-Middle (AiTM) attacks. These flaws risked intercepting and modifying sensitive communications within the platform, prompting urgent patching for users.

    Microsoft has released a patch for what is described as the highest-severity security flaw ever identified in ASP.NET Core. This critical vulnerability required immediate attention to prevent potential exploitation in applications built on the framework.

    Cybersecurity researchers have uncovered a new campaign deploying a previously undocumented .NET malware dubbed "CAPI Backdoor." The threat specifically targets Russian automobile and e-commerce sectors through phishing emails containing malicious ZIP archives.

    Threat actors identified as Silver Fox have expanded their "Winos 4.0" (ValleyRAT) malware operations beyond China and Taiwan to include Japan and Malaysia. The group is now leveraging "HoldingHands RAT" (Gh0stBins), distributed via phishing emails with embedded malicious links in PDF attachments.

    Microsoft has taken action to disrupt a Rhysida ransomware campaign, revoking over 200 digital certificates. These certificates were exploited by threat actors to sign fake Microsoft Teams binaries, which were then used as a vector for deploying the ransomware.

    Dutch prosecutors are investigating three teenagers suspected of aiding a foreign power in cyber espionage. One of the individuals is reportedly linked to a Russian-affiliated hacking group, indicating potential state-sponsored malicious activity.

    Hackers have reportedly doxxed officials from multiple U.S. government agencies, including Immigration and Customs Enforcement (ICE), the Department of Homeland Security (DHS), the Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI). The incident also highlighted the exposure of a secret FBI anti-ransomware task force.

    Want to dig deeper?

    Malware Families

    ValleyRAT Winos
    Rhysida