October 4, 2025

Hello all,

This past Saturday I attended BSides St. Petersburg, Florida, not Russia. This is a local convention, aka ‘con’, that draws around 500 cyber security minded people together to network, learn, and hear from some of the most dedicated and brilliant minds in our industry. I’m blessed to live in an area that has a very large pool of cyber security professionals with many conferences annually. Tampa, which is nearby, draws around 3000 people yearly to their BSides. And in two weeks a new conference named CyberBay.org is coming. If you live in or near a metropolitan area, I encourage you to watch for nearby conferences. You never know who you’ll meet and how that may impact your life and career.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.

Headline NEWS:

• Broadcom made patches available for defects in VMware NSX and vCenter. The US National Security Agency (NSA), and others, reported three different defects to Broadcom. Additionally, the vendor revealed that three more defects received patches, one of which has been exploited by Chinese threat actors as a zero-day since October 2024. However, as per policy, the fixes needed are hidden behind a paywall. In addition to the two aforenamed products, six other Broadcom products are affected. If you have a valid support contract with the vendor, update quickly. If you don’t, it may be time to renew, or to migrate to different technology.
• DrayTek Vigor Routers need to be patched to plug an Unauthenticated Remote Code Execution defect. These are as bad as they get since no credentials are needed to exploit it. Full details of how to exploit this are being held back to give potential victims time to patch. So, patch sooner than later.
• Splunk Vulnerabilities Let Attackers Execute Unauthorized JavaScript is a bit of an ironic headline since Splunk is a platform used to locate issues in a network or device. Six different holes were plugged by the patches. Update soon.
• Critical Western Digital My Cloud bug allows remote command injection. Basically, someone can do whatever they want to your device. If your device is still under support, and you have auto updates enabled, it should have already done so. If yours doesn’t automatically update the firmware, you should disconnect it from the internet until you manually apply the updates. If your device is End Of Life (EOL), leave it disconnected from the internet as no updates are available.
• WhatsApp 0-Click Flaw Abused via Malicious DNG Image Files. This particular defect targets Apple devices via a malformed DNG (Digital Negative) image. Simply receiving the image is enough to trigger the exploit. Users may not even be aware that the WhatsApp message was received, yet their device becomes compromised. Make sure that you update to the latest version of WhatsApp and apply any Operating System updates as soon as they become available.

In Ransomware, Malware, and Vulnerabilities News:

• Akira ransomware breaching MFA-protected SonicWall VPN accounts is a rather terrifying headline. It seems that this dirtbag criminal organization may have found a way to breach fully patched SonicWall firewalls via their SSL VPN connections. Speculation at this time is that Initial Access Brokers (or Akira themselves) were able to harvest credentials and MFA seeds due to CVE-2024-40766 that was patched in August of 2024. They may have been sitting on those credentials ever since, waiting for the opportunity to abuse them. Due to this, it is being recommended that all credentials and MFA be reset for any SonicWall firewalls that ever utilized the vulnerable firmware described above.

In Other News Events of Note and Interest:

• Windows 25H2 launched, I think. Compared to other version number releases of Windows, this one, which started gracing desktops last week, has been mostly a non-event. The system applies an update for a few minutes and other than a version number, there are no noticeable changes. There are cool new things coming, just not in this initial release. Check out the links in the full RedDotSecurity.news to see what some of them will be.

Musings:

I find myself somewhat surprised at how quickly I’m adjusting to having AI involved in my daily life. Most of us that have been using navigation apps for a while didn’t realize at the time that we were relying on AI to provide us with that real time routing guidance. For years, our shopping habits on Amazon and other vendors have been logged, categorized, and stored in massive data-lakes and are now being analyzed by increasingly adept machine learning processes so that we are presented with suggested items and advertisements that interest us, and at the appropriate calendar time of the year. The integration has been subtle and gradual, but I now get annoyed when I look for something online and I get a regular search with mere links, and not an AI summary. It is rapidly becoming ubiquitous. However, I don’t know if I’ll ever get used to seeing advertisements in Facebook for things that I’ve only ever thought about and never actually put into words. Creepy.

Keep the shields up, maybe even a tinfoil hat!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Broadcom fixes high-severity VMware NSX bugs reported by NSA
• Broadcom Issues Patches for VMware NSX and vCenter Security Flaws
• Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
• Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
• DrayTek warns of remote code execution bug in Vigor routers
• Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
• Critical WD My Cloud bug allows remote command injection
• WhatsApp 0-Click Flaw Abused via Malicious DNG Image File 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• Cybersecurity Awareness Month 2025: Prioritizing Identity to Safeguard Critical Infrastructure
• $7.3 billion worth of cryptocurrency recovered from newly convicted ‘Bitcoin Queen’
• Interpol operation disrupts romance scam and sextortion networks in Africa
• NIST Publishes Guide for Protecting ICS Against USB-Borne Threats
• CISA kills agreement with nonprofit that runs MS-ISAC
• DoD issues replacement for risk management framework
• Dutch teens arrested for trying to spy on Europol for Russia
• Microsoft’s new Security Store is like an app store for cybersecurity
• UK government tries again to access encrypted Apple customer data: Report
• Vulnerabilities and Exploits
• CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
• CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw
• OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
• Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
• Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
• Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization
• Notepad++ DLL Hijack Flaw Lets Attackers Run Malicious Code
• Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
• Israeli firm uncovers ChatGPT vulnerability that leaks data without a click
• $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
• Silent Push Examines the Dark Side of Dynamic DNS Providers
• Apple Updates iOS and macOS to Prevent Malicious Font Attacks
• PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability
• Motion sensors in high-performance mice can be used as a microphone to spy on users
• Phishing, Malware, and similar
• Lunar Spider Infected Windows Machine in Single Click and Harvested Login Credentials
• New MatrixPDF toolkit turns PDFs into phishing and malware lures
• New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data
• Hackers used a fake congressional email to breach federal systems and exploit trust
• China Hackers Breached Foreign Ministers’ Emails, Palo Alto Says
• Threat Actors Weaponizing Facebook and Google Ads as Financial Platforms to Steal Sensitive Data
• E-commerce Fraud-as-a-Service: How Scammers Exploit Brand Trust at Scale
• SEO poisoning helps hackers push malware-filled apps
• ScreenConnect Super Admin Credential Phishing Campaign Targets IT Leaders
• Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
• Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework
• AI trained for treachery becomes the perfect agent
• EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
• Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
• Malicious Teams Installers Drop Oyster Malware
• Microsoft leaves Mac users exposed to GitHub Mac malware
• Security Bite: Mac users are finally taking malware seriously, per new report
• Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
• Red Hat confirms security incident after hackers claim GitHub breach
• Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
• Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
• Breaches, Leaks, and Ransomware
• 7M breach letters set to flood North America’s mailboxes
• Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
• Air Force admits SharePoint privacy issue; reports of breach
• Sex offenders, terrorists, drug dealers, exposed in spyware breach
• Data breach at dealership software provider impacts 766k clients
• Data breach at Canadian airline WestJet affects 1.2M passengers
• ShinyHunters hackers are ransoming 1 billion Salesforce records
• Harrods warns customers that some personal details taken in data breach
• UK govt backs Jaguar Land Rover with £1.5 billion loan guarantee after cyberattack
• JLR seeks £2 billion bank loan and UK cash to weather cyberattack
• Jaguar Land Rover parts makers asked by banks to put up homes as loan security after hack
• JLR to restart phased production following cyberattack
• Threat Hunting on potential APT35 Servers
• Google Sheds Light on ShinyHunters’ Salesforce Tactics
• Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues
• Akira ransomware breaching MFA-protected SonicWall VPN accounts
• Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less
• Ransomware gang sought BBC reporter’s help in hacking media giant
• Children’s names, pictures and addresses stolen in nursery hack
• Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M
• LockBit ransomware returns with a vengeance, affecting multiple OSes
• Hackers Extort Executives After Claiming Oracle Apps Breach
• Oracle links Clop extortion attacks to July 2025 vulnerabilities
• Japan is running out of its favorite beer after ransomware attack 

Other News Events of Note and Interest

• Cool Tool: Kali Linux 2025.3 released with 10 new tools, wifi enhancements
• How To Simplify CISA’s Zero Trust Roadmap with Modern Microsegmentation
• 6,100-Qubit Processor Shatters Quantum Computing Record
• EU probes SAP over anti-competitive ERP support practices
• Gmail now lets you send end-to-end encrypted emails to anyone, even outside of Workspace
• Every Major Wi-Fi Mesh System Ranked From Worst To Best According To User Reviews
• Ivanti upgrades Connect Secure with hardened system and gateway improvements
• A European alternative to M365? Nextcloud looks to capitalize on digital sovereignty interest
• Everything announced at Amazon’s fall hardware event
• AI, LLM’s, and Skynet
• SB 53, the landmark AI transparency bill, is now law in California
• Amazon’s AI assistant is smarter, but still struggles
• Real AI Agents and Real Work
• AI for Cyber Defenders
• Anthropic launches Claude Sonnet 4.5, its latest AI model
• Anthropic releases Claude Sonnet 4.5 in latest bid for AI agents and coding supremacy
• Google Drive adds AI to detect ransomware before it spreads
• New ChatGPT Pulse: How It Anticipates Your Needs & Saves Time
• Microsoft
• Microsoft’s Windows XP Crocs are here
• Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs
• Microsoft Edge gets a major security upgrade which should ease concerns for many users
• Microsoft forced to make Windows 10 extended security updates truly free in Europe
• New bug in classic Outlook can only be fixed via Microsoft support
• Microsoft Outlook stops displaying inline SVG images used in attacks
• Microsoft’s new Office icons are more curvy and colorful
• Microsoft 365 Premium bundles Office and AI for the same price as ChatGPT Plus
• How to turn on dark mode in Microsoft Office
• Microsoft debuts “vibe working” in Office
• Microsoft Sets the Tone for ‘Vibe Working’ With New Agent Mode in Word, Excel
• Microsoft to force install Microsoft 365 companion apps in October
• Microsoft fixes Windows DRM video playback issues for some users
• Microsoft Defender bug triggers erroneous BIOS update alerts
• Windows 11 KB5065789 update brings lots of new features
• Microsoft shows off Windows 11’s auto-color/theme switching based on time (sunset or sunrise)
• Windows 11 2025 Update (25H2) is now available, Here’s what’s new
• Microsoft confirms four issues in Windows 11 25H2, but they’re not a dealbreaker
• Microsoft explains how easy upgrading to Windows 11 25H2 from 24H2 is
• How to install Windows 11 25H2, now rolling out
• Microsoft delays an important Windows 11 25H2 feature for office PCs
• Microsoft lifts two upgrade blocks, allowing Windows 11 25H2 for more PCs
• Microsoft confirms Windows 11 Media Creation Tool is currently broken for some users
• Windows 11 unlocks Wi-Fi 7 enterprise support, boosting speed and security
• Top File Explorer improvements in Windows 11 25H2 and 24H2
• Windows 11 25H2 gets built-in network speed test and more improvements in build 26220.6760