CyberNews: 23/10/2025 Edition

Today’s roundup

Summary

E-commerce platforms are under active attack as hackers exploit a critical vulnerability, CVE-2025-54236 (CVSS 9.1), in Adobe Commerce and Magento Open Source. Over 250 stores were reportedly compromised overnight due to this improper input validation flaw, highlighting immediate threats to online retailers.

TP-Link has issued urgent firmware updates for its Omada gateway devices to address four critical security flaws. These include CVE-2025-6542 and CVE-2025-7850, both rated CVSS 9.3, allowing arbitrary OS command execution and command injection. Users are advised to update affected ER, G, and FR series devices immediately to mitigate risks.

New research reveals that AI sidebars in browsers like OpenAI's Atlas and Perplexity's Comet are susceptible to spoofing attacks. Malicious actors can mislead users into following fake AI-generated instructions, posing a novel threat to the integrity of AI-powered browsing experiences.

A sophisticated spear-phishing campaign, dubbed PhantomCaptcha, recently targeted Ukraine war relief organizations, including the International Red Cross and UNICEF. Active on October 8, 2025, the campaign used weaponized PDFs and fake Zoom meeting lures to deliver a WebSocket-based Remote Access Trojan (RAT), leveraging Russian-owned infrastructure.

Check Point Research has identified a "YouTube Ghost Network" comprising over 3,000 malicious videos used to distribute infostealers like Rhadamanthys and Lumma. This network employs compromised accounts and fake engagement to promote "Game Hacks/Cheats" and "Software Cracks/Piracy" content, with activity tripling in 2025.

The "Universe Browser," downloaded by millions, has been identified as malware with dangerous hidden features. Researchers link this deceptive "privacy browser" to extensive cybercrime and illegal gambling networks operating out of Asia, impacting a significant number of unsuspecting users.

A cybercriminal group named "Jingle Thief" is actively exploiting cloud infrastructure to perpetrate gift card fraud, stealing millions from retail and consumer services sectors. The attacks leverage phishing and smishing to compromise organizations that issue gift cards.

Canadian financial regulators have imposed a substantial $176 million fine against Cryptomus, a digital payments platform, for severe anti-money laundering (AML) violations. Cryptomus was found to have facilitated transactions for dozens of Russian cryptocurrency exchanges and cybercrime services, including those linked to child sexual abuse material, fraud, ransomware, and sanctions evasion.

Pwn2Own Ireland 2025 concluded its second day with security researchers exploiting an additional 56 unique zero-day vulnerabilities, bringing the total prize money awarded to $792,750. This event underscores the significant number of critical, undisclosed flaws present in various software and hardware.

A hacker group known as Cavalry Werewolf has launched a months-long cyber espionage campaign. The group is impersonating Kyrgyz officials to target Russian public sector entities, as well as companies in the energy, mining, and manufacturing sectors.

Want to dig deeper?

Vulnerabilities