Today’s roundup
ASUS warns of critical auth bypass flaw in DSL series routers
DoorDash hit by new data breach in October exposing user information
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
New ‘IndonesianFoods’ worm floods npm with 100,000 packages
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign
Google Sues to Disrupt Chinese SMS Phishing Triad
Critical FortiWeb flaw under attack, allowing complete compromise
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs
The State of Ransomware – Q3 2025
Summary
ASUS has released firmware to patch a critical authentication bypass flaw in several DSL series router models, which could allow unauthorized access to devices.
DoorDash disclosed a data breach from October, impacting millions of customers across the U.S., Canada, Australia, and New Zealand, with personal information potentially exposed.
CISA warns of the Akira ransomware operation actively encrypting Nutanix AHV virtual machines via a Linux encryptor, posing a critical threat to virtualized environments.
The 'IndonesianFoods' worm is flooding the npm registry, spawning over 100,000 malicious packages at a rate of one every seven seconds, creating a significant software supply chain threat.
A critical remote code execution (RCE) flaw has been discovered in ImunifyAV, a malware scanner used by millions of Linux-hosted websites, which could allow attackers to compromise the hosting environment.
Chinese state-sponsored threat actors leveraged Anthropic's Claude Code AI in mid-September 2025 for automated cyber espionage, utilizing AI's agentic capabilities to directly execute attacks.
Google filed a civil lawsuit against 25 individuals linked to the 'Smishing Triad' and its 'Lighthouse' smishing kit, which has impacted over one million victims globally by facilitating payment card theft and mobile wallet fraud through impersonation. Google is pursuing legal action under the RICO Act, detailing the complex, collaborative structure of the phishing enterprise.
A critical authentication bypass vulnerability in Fortinet FortiWeb WAF is under active exploitation, enabling attackers to create administrative accounts and fully compromise devices. Fortinet has released firmware 8.0.2 to address the flaw, following public disclosure with proof-of-concept details by researchers after observed exploitation attempts.
Germany's Federal Office for Information Security (BSI) issued comprehensive guidelines to help developers and IT managers secure AI systems against "evasion attacks" targeting Large Language Models (LLMs), such as prompt injection, recommending secure prompts, content filtering, Zero Trust, and anomaly monitoring.
A Q3 2025 ransomware report highlights a fragmented ecosystem with 85 active groups and 1,592 new victims. LockBit 5.0 resurfaced in September 2025, featuring enhanced evasion and a new affiliate model, with 65% of initial attacks targeting organizations in the United States. The report indicates limited long-term impact from law enforcement operations, as affiliates often migrate to new platforms.
Want to dig deeper?
Cyber Groups
| Akira | GOLD SAHARA, PUNK SPIDER, Howling Scorpius |
Malware Families