CyberNews: 29/10/2025 Edition

Published by Dunateo on 2025-10-29

Today’s roundup

  • Claude Pirate: Abusing Anthropic's File API For Data Exfiltration
  • Aisuru Botnet Shifts from DDoS to Residential Proxies
  • Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack
  • 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
  • Qilin ransomware abuses WSL to run Linux encryptors in Windows
  • New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves
  • Herodotus Android malware mimics human typing to evade detection
  • Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät
  • Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains
  • Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

    • Summary

    Anthropic's Claude AI features a "Claude Pirate" vulnerability, allowing prompt injection to exfiltrate user data via its File API.

    The Aisuru botnet now rents 700,000+ IoT devices as residential proxies, aiding AI data scraping and other cybercrimes.

    CISA warns of active exploitation of critical flaws in Dassault DELMIA Apriso (CVE-2025-6204, CVE-2025-6205) and XWiki, requiring federal patches by November 18.

    Ten malicious npm packages were found stealing developer credentials from Windows, Linux, and macOS via a supply chain attack.

    Qilin ransomware now abuses Windows Subsystem for Linux (WSL) to deploy Linux encryptors on Windows, improving evasion.

    The "TEE.Fail" side-channel attack extracts secrets from Intel and AMD TEEs on DDR5 systems, posing a hardware security risk.

    "Herodotus" Android banking trojan mimics human typing to evade behavioral biometrics, enabling device takeovers in Italy and Brazil.

    Everest ransomware claimed a 280 GB data breach from Sweden's Svenska kraftnät power grid, though operations remained stable.

    North Korea's BlueNoroff group deployed "GhostCall" and "GhostHire" malware for Web3/blockchain financial attacks.

    Russian-backed actors target Ukrainian organizations with stealthy living-off-the-land tactics for data exfiltration.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-6204 High
    CVE-2025-6205 Critical

    Cyber Groups

    APT38 NICKEL GLADSTONE, BeagleBoyz, Bluenoroff, Stardust Chollima, Sapphire Sleet, COPERNICIUM

    Malware Families

    Aisuru