CyberNews: 22/10/2025 Edition

Published by Dunateo on 2025-10-22

Today’s roundup

  • Sharepoint ToolShell attacks targeted orgs across four continents
  • Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
  • TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
  • TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
  • JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss
  • Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure
  • Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
  • Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
  • Microsoft: Recent Windows updates cause login issues on some PCs
  • Electronic Warfare Puts Commercial GPS Users on Notice

    • Summary

    China-linked threat actors are exploiting the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint. Attacks have impacted government, education, telecommunications, and finance organizations across four continents.

    The Pwn2Own Ireland 2025 competition saw security researchers exploit 34 unique zero-day vulnerabilities on its first day, earning $522,500. This highlights a substantial landscape of new, undisclosed software flaws.

    TP-Link has issued critical firmware updates for its Omada gateway devices, patching four security flaws including two allowing remote code execution. CVE-2025-6541 (CVSS 8.6), an OS command injection, is exploitable via authenticated web management.

    Researchers disclosed "TARmageddon" (CVE-2025-62518, CVSS 8.1), a high-severity remote code execution flaw in the async-tar Rust library and its forks. Discovered in August 2025, this presents a notable supply chain risk.

    The cyber-attack against Jaguar Land Rover (JLR) has been classified as a "systemic cyber event" and is now deemed the UK's costliest, with an estimated economic loss of £1.9 billion.

    The Russia-linked APT group COLDRIVER has rapidly evolved its malware operations since May 2025, introducing new NOROBOT and MAYBEROBOT families. These are deployed via "ClickFix" social engineering, targeting high-value intelligence assets.

    Kaspersky uncovered "PassiveNeuron," a new cyber espionage campaign targeting government, financial, and industrial sectors in Asia, Africa, and Latin America. The APT uses "Neursite" and "NeuralExecutor" malware.

    Vidar Stealer, a prominent Malware-as-a-Service, launched version 2.0 with significant enhancements. The updated infostealer now features multi-threaded data theft and improved evasion techniques.

    Microsoft confirmed that recent Windows updates, released since August 29, 2025, are causing authentication issues on PCs sharing Security Identifiers (SIDs). This defect disrupts user login processes.

    Commercial GPS users face increasing risks from electronic warfare interference. Sectors like aviation, shipping, and finance are vulnerable to disruptions from signal jamming or spoofing, impacting critical infrastructure.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-53770 Critical
    CVE-2025-6541 High
    CVE-2025-62518 Medium

    Cyber Groups

    Star Blizzard SEABORGIUM, Callisto Group, TA446, COLDRIVER