CyberNews: 24/10/2025 Edition

Published by Dunateo on 2025-10-24

Today’s roundup

  • Windows Server emergency patches fix WSUS bug with PoC exploit
  • Toys “R” Us Canada warns customers' info leaked in data breach
  • HP pulls update that broke Microsoft Entra ID auth on some AI PCs
  • CISA warns of Lanscope Endpoint Manager flaw exploited in attacks
  • Microsoft disables File Explorer preview for downloads to block attacks
  • US Crypto Bust Offers Hope in Battle Against Cybercrime Syndicates
  • Tired of Unpaid Toll Texts? Blame the 'Smishing Triad'
  • Pakistani-Linked Hacker Group Targets Indian Government
  • China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

    • Summary

    Microsoft has released urgent out-of-band security updates to address a critical-severity vulnerability in Windows Server Update Service (WSUS). The flaw is being actively exploited, with publicly available proof-of-concept (PoC) exploit code, necessitating immediate mitigation against remote code execution (RCE).

    Toys "R" Us Canada has informed its customers of a data breach where threat actors previously stole and subsequently leaked customer records from its systems, prompting notification letters to affected individuals.

    HP has withdrawn an HP OneAgent software update for Windows 11 after it inadvertently removed Microsoft certificates, causing some organizations to be disconnected from their company's cloud environments by preventing login to Microsoft Entra ID.

    The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in Motex Landscope Endpoint Manager. Hackers are actively exploiting this flaw, prompting CISA to advise immediate action to secure affected systems.

    Microsoft has implemented a security enhancement in File Explorer, which now automatically blocks previews for files downloaded from the internet. This measure aims to prevent credential theft attacks that leverage malicious documents, improving protection against NTLM theft.

    U.S. investigators have seized $14 billion in cryptocurrency, marking a significant law enforcement action against cybercrime syndicates. This bust signals a potential shift in the battle against cybercriminals who rely on digital currencies for illicit operations.

    A group identified as the "Smishing Triad," originating from China, is reportedly shifting its tactics towards lower-frequency, potentially higher-impact government impersonation attacks, such as fake unpaid toll text messages, targeting American mobile users.

    A cyber-espionage campaign attributed to the Pakistani-linked hacker group TransparentTribe has been identified targeting Indian government systems. The attackers are deploying DeskRAT malware in these operations, indicating a continued focus on government-level intelligence gathering.

    China-linked threat actors exploited the patched ToolShell SharePoint flaw (CVE-2025-53770) to breach a Middle Eastern telecommunications company just two days after the patch was released in July 2025. The attackers, linked to groups like Glowworm, deployed tools such as Zingdoor, KrustyLoader, and the ShadowPad backdoor via DLL sideloading, and also exploited the Windows LSA Spoofing Vulnerability (CVE-2021-36942, PetitPotam) for credential theft and lateral movement, indicating a sophisticated, espionage-driven campaign targeting multiple sectors globally.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-53770 Critical
    CVE-2021-36942 High