Your Daily Cyber Security News, Oct 31, 2025 (Show 471)

October 31, 2025 marcfred Comments Off on Your Daily Cyber Security News, Oct 31, 2025 (Show 471)
RadioCSIRT - Your Daily Cyber Security Brief
RadioCSIRT - Your Daily Cyber Security Brief
Your Daily Cyber Security News, Oct 31, 2025 (Show 471)
Loading
/

🎧🎃 RadioCSIRT — Welcome to Your Daily Cybersecurity Briefing 💀⚡️

🧟 VMware Tools — Actively Exploited by a Chinese Group
CISA has ordered U.S. federal agencies to patch vulnerability CVE-2025-41244, which allows local privilege escalation on VMware Aria Operations and VMware Tools virtual machines. The flaw has been exploited since October 2024 by the UNC5174 threat group.

🕸️ XWiki Platform — Critical Injection (CVE-2025-24893)
A critical injection vulnerability in the SolrSearch function allows unauthenticated remote code execution. Rated CVSS 9.8, this flaw is under active exploitation. Fixes are available in versions 15.10.11, 16.4.1, and 16.5.0RC1.

🦇 UNC6384 — Diplomatic Espionage in Europe
Diplomatic entities in Belgium and Hungary were targeted by the Chinese APT UNC6384 via malicious emails. The attackers used the PlugX malware and exploited a Windows vulnerability disclosed in March 2025. Their goal: monitor NATO and EU diplomatic discussions.

🧛 Airstalk — New .NET and PowerShell Malware Strain
Unit 42 has identified a new malware dubbed Airstalk, likely used in a state-sponsored supply chain attack. It hijacks the AirWatch/Workspace ONE API to establish a hidden C2 channel, exfiltrating cookies, browsing history, and screenshots.

🕷️ Personalized Scams — Exploiting Digital Fingerprints
Scammers are increasingly leveraging publicly available social media data to craft personalized attack vectors. Malwarebytes researchers describe techniques ranging from AI-cloned voices to geolocated fake profiles and data-driven impersonation campaigns.

🧙 Microsoft & NSA — Exchange Server Hardening Guide
CISA and the NSA have released a joint international guide for securing on-premises Exchange servers. It focuses on three pillars: strengthening authentication, encrypting network communications, and reducing the attack surface to prevent persistent compromises.

⚡️ Don’t think, just patch! 🎃

📚 Sources:
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-vmware-tools-flaw-exploited-since-october-2024/
https://cybersecuritynews.com/xwiki-platform-injection-vulnerability-exploited/
https://therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/
https://www.malwarebytes.com/blog/inside-malwarebytes/2025/10/how-scammers-use-your-data-to-create-personalized-tricks-that-work
https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.com
📰 radiocsirtinl.substack.com

#CyberSecurity #VMware #UNC5174 #XWiki #Airstalk #UNC6384 #Exchange #Malwarebytes #RadioCSIRT #Halloween #Infosec 🎃👻