Today’s roundup
New CoPhish attack steals OAuth tokens via Copilot Studio agents
Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed
CAPI Backdoor targets Russia’s auto and e-commerce sectors
Myanmar military shuts down a major cybercrime center and detains over 2,000 people
Email Bombs Exploit Lax Authentication in Zendesk
The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
SessionReaper attacks have started, 3 in 5 stores still vulnerable Sansec by Sansec Forensics Team
Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage
Summary
A new phishing technique, 'CoPhish', weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests. This enables attackers to steal OAuth tokens via legitimate Microsoft domains, highlighting an evolving AI-powered credential theft threat.
Russia's federal food safety agency, Rosselkhoznadzor, suffered a DDoS attack disrupting its VetIS and Saturn tracking systems on October 22, 2025. The attack caused nationwide food shipment delays, particularly for dairy and baby food, marking the fourth such incident on the Mercury platform this year.
A newly identified CAPI Backdoor is targeting Russia's automotive and e-commerce sectors. Its discovery indicates an active and specific threat aimed at these critical economic industries within Russia.
Myanmar's military has successfully dismantled a major cybercrime center, apprehending over 2,000 individuals. This large-scale law enforcement operation targets a hub responsible for extensive cybercriminal activities.
A vulnerability allowing 'email bomb' attacks has been found in Zendesk, exploiting lax authentication. This flaw can overwhelm user inboxes, potentially disrupting communications and facilitating further social engineering.
A large-scale, China-based smishing campaign is inundating global text messages. The operation aims to trick recipients into revealing sensitive information or clicking malicious links, posing a significant, organized, and widespread threat to mobile users.
Malicious NuGet packages, typosquatting the legitimate 'Nethereum' library, are exfiltrating cryptocurrency wallet keys. This supply chain attack affects developers who integrate these rogue packages, impacting the blockchain community.
A critical vulnerability in Dolby decoders allows for zero-click attacks, enabling device compromise without user interaction. This poses a severe risk of remote code execution for systems processing Dolby-encoded media.
'SessionReaper' attacks are actively exploiting vulnerabilities in e-commerce platforms, with three out of five online stores reportedly still susceptible. These attacks lead to session information theft, unauthorized access, and financial fraud.
The Iranian-backed APT group MuddyWater has deployed a new malware toolkit in its international espionage campaigns. This updated arsenal enhances persistent access and data exfiltration capabilities against targeted entities.
Want to dig deeper?
Cyber Groups
| MuddyWater | Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450 |
Malware Families