CyberNews: 30/10/2025 Edition

Today’s roundup

Summary

Peter Williams, a former general manager at Trenchant (L3Harris's cyber division), has pleaded guilty to stealing and selling U.S. defense trade secrets and cyber exploits to a Russian broker between 2022 and 2025. Williams sold eight sensitive exploit components, valued at $35 million, to a broker known for reselling to the Russian government, using cryptocurrency for payments and luxury purchases. The U.S. is seeking forfeiture of $1.3 million in crypto and other assets.

Russian threat actors, strongly linked to the Sandworm APT group, conducted sustained intrusions against Ukrainian organizations, including a two-month attack on a major business services firm and a week-long breach of a local government entity. Attackers used living-off-the-land tactics, dual-use tools, and Localolive webshells to exfiltrate sensitive data and maintain persistent access by exploiting unpatched vulnerabilities.

The Canadian Centre for Cyber Security has warned that hacktivists breached critical infrastructure systems, specifically water and energy facilities, multiple times across the country. These intrusions enabled the attackers to modify industrial controls, which could have led to dangerous operational conditions.

A widespread software supply chain attack, codenamed "PhantomRaven" by Koi Security, is actively targeting developers via the npm registry. The campaign, which began in August 2025, involves over 126 malicious packages designed to steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. These packages have amassed at least 86,000 downloads.

Government contractor Conduent has notified multiple U.S. states of a cybersecurity incident in January 2025 that led to the exposure of personal information belonging to over 10 million individuals.

Cybersecurity researchers have identified a novel "cloaking attack" method targeting agentic web browsers and AI crawlers, such as OpenAI ChatGPT Atlas and Perplexity. Devised by AI security company SPLX, this technique allows malicious actors to set up websites that display different content to human users versus AI crawlers, potentially tricking AI models into citing fake information as verified facts.

Microsoft experienced an ongoing global DNS outage that significantly impacted customers, preventing logins to company networks and hindering access to various Microsoft Azure and Microsoft 365 services. The disruption affected users worldwide.

A critical vulnerability has been discovered in the "Anti-Malware Security and Brute-Force Firewall" plugin for WordPress, which is installed on over 100,000 websites. This flaw allows authenticated site subscribers to read any file on the server, potentially exposing private and sensitive information.

Iran's Ministry of Intelligence and Security (MOIS) training academy, responsible for educating future state-sponsored hackers, has itself been subjected to a cyberattack. This breach resulted in a data leak, ironically exposing information related to the students of the institution.

Cybersecurity experts are reporting a significant surge in automated botnet attacks, primarily targeting PHP servers, IoT devices, and cloud gateways. Botnets such as Mirai, Gafgyt, and Mozi are actively exploiting known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand their networks, as noted by Qualys Threat Research Unit.

Want to dig deeper?

Malware Families