CyberNews: 04/11/2025 Edition

Published by Dunateo on 2025-11-04

Today’s roundup

  • Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
  • Hackers use RMM tools to breach freighters and steal cargo shipments
  • Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
  • OAuth Device Code Phishing: Azure vs. Google Compared
  • Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
  • Google Big Sleep found five vulnerabilities in Safari
  • Android Malware Mutes Alerts, Drains Crypto Wallets
  • Lawmakers ask FTC to probe Flock Safety’s cybersecurity practices
  • Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group

    • Summary

    Threat actors are actively exploiting a critical authentication bypass vulnerability in the JobMonster WordPress theme. This flaw permits the hijacking of administrator accounts under specific conditions, posing a severe risk to websites utilizing the affected theme.

    Hackers are employing remote monitoring and management (RMM) tools to execute cargo freight heists. Threat actors target freight brokers and trucking carriers with malicious links and emails to deploy RMMs, enabling them to hijack cargo and steal physical goods from the supply chain.

    Microsoft has acknowledged that an out-of-band security update, released to patch an actively exploited Windows Server Update Service (WSUS) vulnerability, has inadvertently disabled hotpatching on some Windows Server 2025 devices. This side effect impacts system update capabilities.

    Research indicates that device code phishing attacks are abusing the OAuth device flow, presenting distinct attack surfaces for Google and Azure environments. This technique allows attackers to bypass standard authentication flows, posing a risk to identity security.

    A new campaign, dubbed Operation SkyCloak, is deploying a Tor-enabled OpenSSH backdoor primarily targeting defense sectors in Russia and Belarus. Threat actors use weaponized attachments in phishing emails to establish persistent backdoors that communicate via OpenSSH and a customized Tor hidden service with obfs4 obfuscation.

    Google's AI agent, Big Sleep, assisted Apple in discovering five new vulnerabilities within the Safari WebKit component. These flaws, including use-after-free (CVE-2025-43434), buffer overflow (CVE-2025-43429), and memory corruption (CVE-2025-43431, CVE-2025-43433), could lead to browser crashes or memory compromise. Apple has since released updates across its operating systems to address these issues.

    A new Android malware, identified as Android/BankBot-YNRK, is targeting users in Indonesia. The malware masquerades as legitimate applications, mutes device alerts, and is designed to drain cryptocurrency wallets, posing a direct financial threat to victims.

    U.S. lawmakers, including Senator Ron Wyden and Representative Raja Krishnamoorthi, have called on the Federal Trade Commission (FTC) to investigate the cybersecurity practices of Flock Safety. The request stems from concerns regarding how the police surveillance technology provider protects sensitive user account data.

    Japanese retailer Askul has confirmed a data leak following a cyberattack attributed to a Russia-linked group. The breach exposed contact information, inquiry details from users of its online stores (Askul, Lohaco, Soloel Arena), and supplier data stored on internal servers.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-43434 Medium
    CVE-2025-43429 High
    CVE-2025-43431 High
    CVE-2025-43433 High