CyberNews: 21/10/2025 Edition

Today’s roundup

Summary

Microsoft has released an emergency update, KB5070773, to resolve a critical issue within the Windows Recovery Environment (WinRE). This problem, which emerged after the October 2025 security updates, rendered WinRE unusable for systems equipped with USB mice and keyboards. The fix restores essential system recovery functionalities for affected Windows 11 users.

Microsoft is deploying a solution addressing Active Directory synchronization problems affecting some Windows Server 2025 systems. These issues began manifesting after the installation of security updates released since September. The fix aims to restore proper replication and directory service operations crucial for enterprise environments.

Microsoft has acknowledged that the October 2025 Windows security updates are causing issues with smart card authentication and certificate functionality. This disruption stems from a change intended to bolster Windows Cryptographic Services. Organizations relying on smart card-based access control are advised to review their systems and anticipate potential authentication failures.

Google Threat Intelligence Group (GTIG) has identified three new malware families attributed to the Russia-linked hacking group COLDRIVER. This discovery highlights an increased operational tempo, with the state-sponsored actor rapidly refining and retooling its malware arsenal since May 2025, just five days after previous disclosures. The new families suggest an expanded threat capability from the group.

New research demonstrates a novel BYOD (Bring Your Own Device) security risk: if an employee's mobile phone connects to their personal vehicle's infotainment system and subsequently to their corporate network, an attack targeting the car's connected systems could potentially compromise the company's network. This vector highlights an often-overlooked attack surface for organizations.

Conflicting deployment guidance from Oracle has left its E-Business Suite customers exposed to recent zero-day vulnerabilities, including CVE-2025-61884. This flaw, actively exploited in real-world attacks, allows unauthenticated data access. Critics argue that flawed instructions regarding Web Application Firewall (WAF) configurations contributed significantly to enterprise susceptibility.

The developers behind the prominent Lumma Stealer information-stealing malware have reportedly been doxxed by rival cybercriminal groups. Sensitive personal details of the operators were leaked in an underground campaign, according to a report by Trend Micro. This incident reveals internal strife within the cybercrime ecosystem and could potentially aid law enforcement efforts.

The China-linked APT group Salt Typhoon (also known as Earth Estries) successfully breached a European telecommunications organization in July 2025. The attackers gained initial access by exploiting a Citrix NetScaler Gateway appliance. They subsequently deployed the SNAPPYBEE (Deed RAT) backdoor using DLL sideloading techniques with legitimate antivirus executables, and utilized LightNode VPS servers for command and control, communicating via HTTP and an unknown TCP protocol to evade detection.

A recent court ruling has barred Israeli spyware manufacturer NSO Group from targeting WhatsApp users with its surveillance tools in the future. The judge also reduced the damages owed to Meta, WhatsApp's parent company, from an initial $168 million to $4 million. This landmark decision sets a precedent for legal accountability against private spyware firms.

Chinese authorities have accused the United States of attempting a cyberattack against its National Time Service Center, a critical research institute responsible for providing precise timekeeping services for national security applications in China. This accusation highlights escalating geopolitical tensions in the cyber domain, with claims of targeting essential national infrastructure.

Want to dig deeper?

Vulnerabilities

Cyber Groups

Malware Families