CyberNews: 08/11/2025 Edition

Published by Dunateo on 2025-11-08

Today’s roundup

  • LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
  • QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
  • From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
  • Ollama, Nvidia Flaws Put AI Infrastructure at Risk

    • Summary

    Palo Alto Networks Unit 42 researchers have uncovered LANDFALL, a previously unknown Android spyware. It exploited a zero-day vulnerability, CVE-2025-21042 (CVSS 8.8), in Samsung's Android image processing library. The flaw was actively exploited months before Samsung patched it in April 2025. Attackers delivered the spyware via malicious DNG image files sent through WhatsApp, in a likely zero-click exploit chain. Once deployed on Samsung Galaxy devices (S22-S24, Fold4, Flip4), LANDFALL could record audio, track location, exfiltrate photos, messages, files, and monitor WhatsApp activity. The campaign, tracked as CL-UNK-1054, has targeted individuals in Iraq, Iran, Turkey, and Morocco, showing infrastructure patterns similar to the commercial spyware operation Stealth Falcon.

    QNAP has released fixes for seven zero-day vulnerabilities in its network-attached storage (NAS) devices. These flaws were successfully exploited by security researchers during the Pwn2Own Ireland 2025 competition, demonstrating critical weaknesses in the vendor's products. Users are urged to apply the available patches immediately to secure their QNAP NAS systems.

    A China-linked threat actor has been observed targeting a U.S. non-profit organization with the objective of establishing long-term persistence for espionage purposes. This campaign leverages legacy vulnerabilities, including Log4j and IIS flaws, to compromise systems. The activity is part of a broader effort aimed at U.S. entities involved in policy issues, as reported by Symantec and Carbon Black teams.

    Multiple vulnerabilities have been discovered in AI infrastructure products, including those from Ollama and Nvidia. Among these flaws is a critical remote code execution (RCE) vulnerability, posing significant risks to the integrity and security of AI development and deployment environments. Security researchers highlight the necessity for immediate patching and heightened security measures for AI infrastructure.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-21042 High

    Cyber Groups

    Stealth Falcon

    Malware Families

    Global GLOBAL GROUP