π§π‘οΈ RadioCSIRT β Welcome to your daily cybersecurity update π΅οΈββοΈπ₯
π University of Pennsylvania β Investigation into a massive fraudulent email
An offensive email threatening a data leak was sent to thousands of students and alumni using an address spoofed from the Graduate School of Education. The university confirmed it was a fake. The incident response team is actively handling the case.
πΈοΈ Vampire Wi-Fi β Trapped on public networks
Fraudulent hotspots are impersonating legitimate access points in airports, hotels, and cafΓ©s. These βEvil Twin Networksβ intercept traffic using packet-sniffing tools. McAfee researchers warn that such attacks mainly target travelers and remote workers.
π China β Global exploitation of Cisco ASA firewalls
The group Storm-1849, attributed to China, is targeting Cisco ASA appliances used by governments and financial institutions worldwide. Vulnerabilities CVE-2025-30333 and CVE-2025-20362 are being exploited to maintain persistent access despite deployed patches.
π§ BadCandy β Active infections on Cisco IOS XE routers
The Australian Signals Directorate reports ongoing BadCandy infections exploiting CVE-2023-20198.
This Lua-based webshell allows full administrative control over unpatched devices. Over 400 compromised systems have been identified in Australia.
π°οΈ Proton β Launch of the Data Breach Observatory
Swiss company Proton introduces a new platform that tracks and exposes undisclosed data breaches detected on the dark web.
The observatory has already identified 300 million compromised records across 794 unique attacks since early 2025.
𧩠Russia β Arrest of Meduza malware developers
Russiaβs Ministry of Internal Affairs announced the arrest of three suspects accused of developing and distributing the Meduza Infostealer.
The malware collected credentials, cookies, crypto wallets, and system data across more than 100 browsers and applications.
π Google Chrome β 20 vulnerabilities patched in the latest update
Google released an update to Chrome 142.0.7444.59/.60, fixing 20 vulnerabilities, including CVE-2025-12428 and CVE-2025-12036 in the V8 engine.
These flaws could allow remote code execution through malicious JavaScript pages.
β‘οΈ Donβt think β patch! π
π Sources:
https://therecord.media/upenn-hacker-email-affirmative https://www.mcafee.com/blogs/internet-security/vampire-wifi-how-public-wi-fi-traps-travelers-in-cyber-attacks-2/ https://therecord.media/chinese-hackers-scan-exploit-firewalls-government https://securityaffairs.com/184095/hacking/badcandy-webshell-threatens-unpatched-cisco-ios-xe-devices-warns-australian-government.html https://www.theregister.com/2025/10/30/proton_data_breach_observatory/ https://www.theregister.com/2025/10/31/russia_arrests_three_meduza_cyber_suspects/ https://www.malwarebytes.com/blog/news/2025/10/update-chrome-now-20-security-fixes-just-landed
π Share your feedback:
π§ radiocsirt@gmail.com
π www.radiocsirt.com
π° radiocsirtintl.substack.com
#CyberSecurity #Chrome #Cisco #Proton #McAfee #Meduza #BadCandy #APT #Storm1849 #UniversityOfPennsylvania #DarkWeb #DataBreach #Infosec #CERT #SOC #CTI #RadioCSIRT π§π₯