Cybersecurity Newsfeed

📅 01/10/25

Western Digital patched CVE-2025-30247 in My Cloud NAS (PR2100/PR4100/EX4100/EX2 Ultra, etc.), fixing HTTP POST command injection. DL2100/DL4100 remain EoS and unpatched. Exploitation could allow ransomware or file theft. More info
Tenable’s “Gemini Trifecta”: three flaws in Google Gemini AI (log poisoning, search personalization abuse, browsing hijack) allowed exfiltration via malicious prompts or poisoned history; all patched by Google. More info
Broadcom fixed six VMware flaws, including CVE-2025-41244 (LPE in VMware Tools/Aria Ops, exploited by UNC5174 since Oct 2024). Also addressed CVE-2025-41245/41246. Products: VCF, vSphere, Telco Cloud. More info
Microsoft KB5065789 preview for Windows 11 24H2 build 26100.6725: 41 fixes including AI File Explorer actions, passkey manager support, gaming perf boosts, Hyper-V ARM64 fix, WSUS issues. Still DRM-protected Blu-ray/DVD bugs remain. More info

PANW Unit 42 exposed Phantom Taurus, a Chinese APT targeting gov/military in Africa, ME, Asia; uses SQL exfiltration (mssq.bat) and .NET suite (NET-STAR, IIServerCore backdoor) overlapping with APT27/Mustang Panda. More info
Klopatra Android banking Trojan (3k+ infections in Italy/Spain) spread via fake Mobdro app; abuses Accessibility, records screens, enables remote transfers during charging. More info
MatrixPDF toolkit ($400/mo) converts PDFs into phishing/malware lures with fake secure-doc prompts, JS triggers, clickable overlays; bypasses Gmail filters. More info
CVE-2025-32463: sudo chroot LPE bug (1.9.14–1.9.17) exploited in wild; malicious NSS libs via crafted nsswitch.conf → root. Patch to 1.9.17p1+; CISA mandates agency fixes by Oct 20. More info
Malicious npm fezbox: QR-code JPG contained reversed URL with cookie-theft payload, bypassing scanners. Highlights supply-chain risks. More info
Datzbro Android Trojan targets elderly via fake Facebook “senior events”; abuses Accessibility, overlays, DTO, keylogging; C2 tools leaked in Chinese. More info

WestJet June cyberattack confirmed: exposed names, IDs, passports, addresses, loyalty details. FBI-assisted probe; 2 years free ID protection for customers. More info
ClaimPix leak: 10.7TB/5.1M unencrypted auto-insurance files (PII, VINs, repairs, POAs). Risks include identity theft, fraud, cloning. Exposure origin unclear. More info

Imgur blocked UK access after ICO threatened fines under Online Safety Act; since Sept 30, users see “not viewable in your region.” VPN needed to bypass. More info
Microsoft KB5065789 preview also partially fixed DRM-protected video playback (Blu-ray/DVD/TV apps). Audio DRM issues persist. More info
Dutch police arrested two 17-year-olds spying for Russia near Europol/embassies using Wi-Fi sniffers. One under house arrest, one detained; seen as proxy-agent use trend. More info