🚨WK 41: Qantas & Discord Breaches, Critical VMware Patch from NSA, $2B Crypto Theft, China Bans 'Overly Negative Emotions', Two Arrested in London Following Cyberattack...

VMware NSX Vulnerability: Key Points

A critical advisory from U.S. national security agencies headlines this week's threat landscape, underscoring the persistent targeting of virtualization infrastructure by sophisticated actors. The NSA, alongside international partners, disclosed high-severity vulnerabilities in VMware's NSX Manager, which have now been patched by Broadcom. These flaws, if exploited, could allow a remote, unauthenticated attacker to gain root-level access to the system. This discovery highlights a continued focus on cloud and virtualized environments by state-sponsored groups and reinforces the critical need for organizations to prioritize patching foundational infrastructure.

• Discovery: The vulnerabilities were discovered and reported by the U.S. National Security Agency (NSA) and its partner agencies, indicating their significant potential risk to national security systems.

• Highest-Rated Flaw: The most critical issue is CVE-2024-38046, with a CVSS score of 8.0. It is an authentication bypass vulnerability.

• Impact: A remote, unauthenticated attacker could exploit this flaw to gain unauthorized access to the NSX Manager and achieve root-level privileges on the underlying system.

• Implication: Full root control would allow an attacker to steal sensitive data, deploy malware, disrupt network operations, and use the system as a foothold to move laterally through an organization's cloud infrastructure.

The full VMware/NSA advisory can be found here: Broadcom Fixes High-Severity VMware NSX Bugs Reported by NSA.

💻 Malware and Vulnerabilities

Security Flaw in India's Income Tax Portal Exposed Taxpayer Sensitive Data: A security vulnerability in India's official income tax portal exposed sensitive personal and financial data of taxpayers, including Aadhaar numbers and bank details, due to an insecure direct object reference flaw. Link

DraftKings Warns Customers of Account Takeovers via Credential Stuffing Attacks: Sports betting platform DraftKings is alerting users to a recent surge in credential stuffing attacks, where hackers use passwords from other breaches to gain unauthorized access to customer accounts. Link

Researchers Detail Rise of Obfuscated JavaScript and Steganography in Q3 Attacks: A new Q3 threat report highlights a significant rise in attackers using heavily obfuscated JavaScript and steganography—hiding malicious code within images—to evade detection and deploy malware. Link

AI Systems Increasingly Exploited Through Sophisticated Prompt Injection Attacks: Cybersecurity experts are warning that AI systems are facing a growing wave of sophisticated prompt injection attacks, where malicious inputs manipulate models to bypass safeguards and disclose sensitive data. Link

CISA Adds Seven New Flaws to Catalog of Known Exploited Vulnerabilities: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch seven new vulnerabilities, including bugs in products from Adobe, D-Link, and Linux, that are being actively exploited. Link

Microsoft Warns of Active Exploitation of Critical GoAnywhere MFT Zero-Day: Microsoft is investigating active exploitation of a critical zero-day vulnerability (CVE-2025-10035) in Fortra's GoAnywhere Managed File Transfer solution, which allows for remote code execution. Link

📈 Breaches and Incidents

Qantas Confirms Data Breach as Hackers Seize Customer Service Portal: Qantas has confirmed a cyber incident forced the temporary takedown of its customer service portal, with hackers claiming to have accessed passenger data; the airline is investigating the claims and has notified relevant authorities. Link

Telstra Denies Breach After Hacktivist Group 'Scattered Lapsus Hunters' Claims Attack: Australian telecom giant Telstra is refuting claims by a hacktivist group that it stole company data, stating a thorough investigation found no evidence of a security breach in its systems. Link

Hackers Claim Major Discord Breach, Allegedly Exposing 55 Million Users: A hacker is claiming to have breached Discord and is selling a database allegedly containing the information of 55 million users, though the platform has not yet officially confirmed the incident. Link

🚨 Threat Intel & Info Sharing

GitHub to Prioritize Azure Migration Over New Features in Strategic Shift: Microsoft's GitHub announced it will prioritize migrating its infrastructure to its Azure cloud platform over introducing new features, a move aimed at improving engineering efficiency and long-term scalability. Link

Apple Removes App That Archived Videos of ICE Arrests from App Store: Apple has removed a "citizen journalism" app named Hue from the App Store, which was used to archive and share videos of U.S. Immigration and Customs Enforcement (ICE) arrests, citing violations of its rules. Link

Rapid7 Exposes Russian Botnet Empire Powering Cybercrime Services: A new report from Rapid7 details the inner workings of the Russian-language cybercrime market, uncovering a sprawling "botnet empire" that rents out access to compromised devices for attacks. Link

OpenAI Disrupts Five Covert Influence Operations Misusing AI Platform: OpenAI announced it has disrupted five state-affiliated covert influence operations that were misusing its AI tools for activities such as generating content and automating comments on social media. Link

New 'Nezha' Hacking Tool Emerges from Chinese Nexus Threat Actors: Cybersecurity firm Huntress has identified a new tool dubbed 'Nezha' being used by a China-nexus threat actor, designed to blend in with legitimate network traffic for stealthy, persistent access. Link

Recorded Future Links Chinese Tech Firm Bieta to Ministry of State Security: A report from Recorded Future identifies Chinese technology company Bieta as a front for the Ministry of State Security (MSS), used to enable and conceal its global cyber-espionage operations. Link

Attackers Actively Exploit Critical Vulnerability in Service Finder Bookings Plugin: Security researchers warn that a critical vulnerability in the popular WordPress "Service Finder" plugin is being actively exploited, allowing unauthenticated attackers to upload malicious files. Link

⚖️ Laws, Policies and Regulations

ENISA Publishes 2025 Threat Landscape Report on Evolving Cyber Risks: The EU Agency for Cybersecurity (ENISA) has released its annual Threat Landscape report, detailing the most significant current and emerging cyber threats facing the region. Link

China Bans 'Overly Negative Emotions' in New Social Media Regulation: Chinese cyberspace regulators have enacted a new rule prohibiting social media platforms from promoting or amplifying content that expresses "overly negative emotions," as part of a broader effort to cultivate a "positive and healthy" online environment. Link

UK Foreign Secretary Puts Security and Migration at Heart of European Policy Talks: The UK's Foreign Secretary will prioritize boosting European security cooperation and tackling illegal migration during a meeting with European partners, framing both as core foreign policy objectives. Link

Two Arrested in London Following Cyberattack That Targeted Nursery Chain: The Metropolitan Police have arrested two individuals in connection with a cyberattack on a UK-based nursery group, which caused significant operational disruption last month. Link

Analysis Points to Strategic Shift in China's Vulnerability Research Disclosure: A new analysis suggests China's vulnerability research is increasingly aligned with state security priorities, with a noticeable decline in the public sharing of critical vulnerabilities that could benefit global defense. Link

Paris Prosecutor Opens Investigation Into Apple's Siri Over Privacy Concerns: A Paris prosecutor has opened a preliminary investigation into Apple's voice assistant Siri, following a legal complaint alleging deceptive commercial practices and unauthorized data collection. Link

Russia Blocks Mobile Internet Access for Phones Using Foreign SIM Cards: The Russian government has begun blocking mobile internet access for phones using foreign SIM cards within its territory, a move reportedly aimed at enhancing "security" and combating the use of untraceable numbers. Link

📊 Trends, Reports, Analysis

North Korean Hackers Stole Over $2 Billion in Cryptocurrency in 2025, Report Finds: North Korean state-sponsored hackers have stolen a record-breaking $2 billion in cryptocurrency so far this year, according to new research, marking a significant increase from previous years. Link

Akamai Report Links Microsegmentation to Faster Response, Lower Insurance Premiums: A new report from Akamai finds that organizations implementing microsegmentation see significantly faster incident response times and can often secure lower cyber insurance premiums due to the reduced blast radius of breaches. Link

Forcepoint Q3 Report Highlights Obfuscated JavaScript and Steganography Trends: Forcepoint's Q3 2025 threat brief details the increasing use of obfuscated JavaScript and steganography by threat actors to hide malicious payloads and evade security defenses. Link

📅 Upcoming Events

Virtual Event: Generative AI & Cybersecurity: Executive Strategies for Risk and Resilience

Generative AI is reshaping the cybersecurity landscape, empowering Security Operations Centers (SOCs) with intelligent automation, predictive analytics, and faster incident response. However, with this innovation comes a new class of threats: AI-generated phishing campaigns, polymorphic malware, and code exploits crafted by LLMs.

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.