Daily brief covering the past 48 hours. Incidents are independently validated, de-duplicated, and limited to items with clear enterprise or national-level impact. Sources are direct and canonical.
Cyber Threat Intelligence Report – Oct. 1, 2025
Incident: Anubis ransomware group lists Storage King UK on leak site
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Oct. 1, 2025
Summary: Anubis listed Storage King UK on its leak site, posting passport images and internal documents as proof of data theft and threatening further disclosure.
Source: https://www.cyberdaily.au/security/12708-exclusive-storage-king-uk-listed-by-anubis-ransomware-group
Incident: New Klopatra Android banking trojan infects thousands of devices
Date of Incident (ET): Aug. 2025
Date of Disclosure/Publication (ET): Oct. 1, 2025
Summary: The Klopatra Android trojan infected more than three thousand devices in Spain and Italy, using a hidden VNC module to remotely control phones, bypass protections, and steal banking credentials.
Source: https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html
Incident: UAC-0245 cluster deploys CABINETRAT backdoor against Ukrainian targets
Date of Incident (ET): Sept. 2025
Date of Disclosure/Publication (ET): Oct. 1, 2025
Summary: Threat cluster UAC-0245 targeted Ukrainian entities with the CABINETRAT backdoor, delivering malicious XLL add-ins in ZIP archives via Signal to establish persistence and remote access.
Source: https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html
Incident: Vulnerable Milesight industrial routers exploited for large-scale smishing
Date of Incident (ET): Feb. 2022
Date of Disclosure/Publication (ET): Oct. 1, 2025
Summary: Attackers hijacked unpatched Milesight industrial routers to send thousands of smishing texts impersonating agencies and service providers across Europe, harvesting credentials at scale.
Source: https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html
Incident: Chinese APT Phantom Taurus deploys NET-STAR malware against government and telecom targets
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Oct. 1, 2025
Summary: Chinese APT Phantom Taurus used a custom .NET IIS malware suite dubbed NET-STAR to gain persistent access for espionage against government and telecom targets across Africa, the Middle East, and Asia.
Source: https://www.securityweek.com/chinese-apt-phantom-taurus-targeting-organizations-with-net-star-malware/
Incident: CISA warns of active exploitation of Linux sudo privilege escalation flaw
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 30, 2025
Summary: CISA confirmed active exploitation of Linux sudo vulnerability CVE-2025-32463 enabling local privilege escalation to root, directing federal agencies to mitigate per KEV requirements.
Source: https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/
Incident: Chinese hackers exploited VMware zero-day vulnerability for nearly a year
Date of Incident (ET): Oct. 2024–Sept. 2025
Date of Disclosure/Publication (ET): Sept. 30, 2025
Summary: Broadcom patched VMware CVE-2025-41244 after NVISO reported Chinese actor UNC5174 had exploited the local privilege escalation since Oct. 2024 to gain root on guest VMs via VMware Tools and Aria Operations.
Source: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024/
Incident: WestJet confirms data breach exposed customer passports and personal information
Date of Incident (ET): June 13, 2025
Date of Disclosure/Publication (ET): Sept. 30, 2025
Summary: WestJet confirmed a June breach exposed customer names, birth dates, addresses, and travel documents including passports; payment card data and passwords were not taken, and notifications are under way.
Source: https://www.bleepingcomputer.com/news/security/westjet-confirms-recent-breach-exposed-customers-passports/
Incident: New MatrixPDF toolkit weaponizes PDF files for phishing and malware delivery
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 30, 2025
Summary: Researchers detailed MatrixPDF, a phishing toolkit that weaponizes PDF files with interactive elements and obfuscation to bypass email gateways and redirect victims to credential-theft pages or malware downloads.
Source: https://www.bleepingcomputer.com/news/security/new-matrixpdf-toolkit-turns-pdfs-into-phishing-and-malware-lures/
Incident: U.S. DOJ sues Sendit app for illegal collection of children’s data
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 30, 2025
Summary: The Justice Department, acting for the FTC, sued the Sendit app for violating COPPA by collecting children’s data without parental consent, seeking injunctions and civil penalties.
Source: https://www.justice.gov/opa/pr/justice-department-sues-social-media-app-sendit-violations-childrens-online-privacy-protection
