Infosec bits for 2025 week 38

Maajied Moos | Sept. 22, 2025, 7:58 a.m.

Cybersecurity News:

Are cybercriminals hacking your systems – or just logging in? [Phil Muncaster, We Live Security]

Most enterprise AI use is invisible to security teams [Mirko Zorz, Help Net Security]

Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle [Kevin Townsend, Security Week]

Vulnerabilities and Patches:

Samsung patches actively exploited zero-day reported by WhatsApp [Sergiu Gatlan, Bleeping Computer]

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm [Eduard Kovacs, Security Week]

New Phoenix Attack Bypasses Rowhammer Defenses In DDR5 Memory [Ionut Ilascu, Bleeping Computer]

Critical Bugs in Chaos Mesh Enable Cluster Takeover [Jai Vijayan, Dark Reading]

Many networking devices are still vulnerable to pixie dust attack [Zeljka Zorz, Help Net Security]

Malware:

Meet Yurei: The New Ransomware Group Rising from Open-Source Code [Check Point Research, Check Point]

Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet [WAQAS, Hackread]

Phishing Campaigns Drop RMM Tools for Remote Access [Phil Muncaster, Hackread]

Self-propagating supply chain attack hits 187 npm packages [Ax Sharma, Bleeping Computer]

Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national [Jonathan Greig, The Record]

Malicious PyPI Packages Deliver SilentSync RAT [MANISHA RAMCHARAN PRAJAPATI, SATYAM SINGH, Zscaler Blog]

New Tooling:

Arkime: Open-source network analysis and packet capture system [Help Net Security, Help Net Security]

Breaches, Hacks, Leaks:

Google confirms fraudulent account created in law enforcement portal [Lawrence Abrams, Bleeping Computer]

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations [Matt Kapko, CyberScoop]