CyberSecurity Updates

20 Sep

Gamaredon X Turla collab

Information

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Key points of this blogpost: In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste. These discoveries lead us to believe with high confidence that Gamaredon is collaborating…

Read More
19 Sep

Small businesses, big targets: Protecting your business against ransomware

Information

Business Security Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises Phil Muncaster 18 Sep 2025  •  , 5 min. read Think your business is too small to be singled out for digital extortion? Think again. Indeed, if you’re an SMB owner, you’d better assume you’re a potential target. Verizon data reveals that, while ransomware comprises 39% of data breaches at large…

Read More
19 Sep

In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias

Data Breaches, Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More
19 Sep

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions

Information, Malware, News

Two Russian state-sponsored threat actors have been working together in recent cyberattacks against Ukrainian targets, evidence collected by ESET suggests. Specifically, the company found that, between February and April 2025, tools that Gamaredon had deployed were used to restart and deploy Turla malware on the systems of select victims in Ukraine. Turla, also known as Krypton, Snake, Venomous Bear, and Waterbug, has been active since at least 2004, focusing on high-profile targets, including diplomats and…

Read More
18 Sep

ChatGPT Targeted in Server-Side Data Theft Attack

Information, News

Researchers at web security company Radware recently discovered what they described as a service-side data theft attack method involving ChatGPT.  The attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after it was notified by Radware. The ShadowLeak attack did not require any user interaction. The attacker simply needed to send a specially crafted email that when processed by the Deep Research agent…

Read More
18 Sep

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems

Attacks, Insights, Malware

Today, CISA released a Malware Analysis Report detailing the functionality of two sets of malware obtained from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM).   The Malware Analysis Report, Malicious Listener for Ivanti EPMM Systems, provides guidance to help organizations detect and mitigate these threats, including indicators of compromise and YARA and SIGMA rules. Mitigations include highlighting the need to upgrade Ivanti EPMM systems to…

Read More
17 Sep

HybridPetya: The Petya/NotPetya copycat comes with a twist

Information

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality 16 Sep 2025 ESET researchers have uncovered a new ransomware strain that they have named HybridPetya. While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems. HybridPetya is not actively spreading in the…

Read More
17 Sep

Virtual Event Today: Attack Surface Management Summit

Information, News

SecurityWeek’s Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM – 4PM ET. Join the online event where cybersecurity leaders and practitioners will dive into the strategies, tools, and innovations shaping the future of ASM. As digital assets and cloud services continue to expand, defenders are shifting tactics to continuously discover, inventory, classify, prioritize, and monitor their attack surfaces. This summit brings together experts to share real-world lessons, emerging trends, and practical…

Read More
16 Sep

CrowdStrike to Acquire Pangea to Launch AI Detection and Response (AIDR)

Information, News

CrowdStrike on Tuesday said that it would acquire Pangea, a company specializing in AI security, to expand its Falcon platform with new protections designed for enterprise AI systems. The acquisition, announced at CrowdStrike’s Fal.Con 2025 event, is intended to address security challenges specific to the use of AI models, agents, and applications in the workplace. CrowdStrike plans to integrate Pangea’s capabilities to help organizations monitor, control, and secure AI interactions across their infrastructure. The announcement…

Read More
16 Sep

Self-Replicating Worm Hits 180+ Software Packages

Information, Insights

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. Image: https://en.wikipedia.org/wiki/Sandworm_(Dune) The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms…

Read More