RadioCSIRT — Your Daily Cybersecurity Update for Monday, November 3, 2025 (Ep.6) episode artwork

EPISODE · Nov 3, 2025 · 7 MIN

RadioCSIRT — Your Daily Cybersecurity Update for Monday, November 3, 2025 (Ep.6)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥🐚 Rhysida — Malvertising Campaign and Code-Signing AbuseThe Rhysida ransomware gang continues its campaign using OysterLoader — also known as Broomstick or CleanUpLoader — as an initial access tool. Expel reports more than 40 abused code-signing certificates since June 2025, including several issued through Microsoft Trusted Signing. These certificates are used to disguise malicious binaries and achieve low antivirus detection rates.🌐 BIND 9 — Thousands of Servers Still UnpatchedThe Shadowserver Foundation warns that over 8,200 DNS servers remain vulnerable to CVE-2025-40778 and CVE-2025-40780, including about 100 in the Netherlands. These flaws enable cache poisoning attacks, redirecting users to malicious IP addresses. The Dutch NCSC expects active exploitation of both vulnerabilities.🧩 Open VSX Registry — Leaked Tokens and Malicious ExtensionsThe Eclipse Foundation confirmed a security incident involving leaked developer publishing tokens. Attackers used these credentials to upload malicious extensions to the Open VSX marketplace. All infected extensions have been removed, and new protections are in place — including shorter token lifetimes, faster revocations, and automated code scans at publication.🎯 Cyber-Espionage — Targeting Russian and Belarusian MilitaryResearchers from Cyble and Seqrite uncovered a spear-phishing campaign using fake military documents in LNK format. Once opened, the files deploy PowerShell scripts that install a local OpenSSH service on port 20321 and a hidden Tor service, enabling remote access and data exfiltration. The techniques resemble those of the Sandworm group, but attribution remains unconfirmed.💻 Jabber Zeus — “MrICQ” Arrested and Extradited to the U.S.Ukrainian national Yuriy Igorevich Rybtsov, known online as MrICQ, has been extradited from Italy to the United States. Indicted in 2012, he is accused of helping the Jabber Zeus group steal tens of millions of dollars through the Zeus banking trojan. His associate Vyacheslav “Tank” Penchukov is already serving an 18-year prison sentence.🧠 Kimsuky — New HttpTroy Backdoor IdentifiedGen Digital has detailed a North Korean-linked campaign using a fake VPN invoice to deliver the HttpTroy backdoor.The malware allows full system control — including file transfers, screenshot capture, and command execution — and uses multiple obfuscation layers to evade analysis.⚡️ Don’t think, just patch! 🚀📚 Sources:https://expel.com/blog/certified-oysterloader-tracking-rhysida-ransomware-gang-activity-via-code-signing-certificates/https://www.security.nl/posting/911521/'Duizenden+dns-servers+missen+belangrijke+update+voor+BIND+9-lekken?channel=rsshttps://cyberpress.org/open-vsx-registry/https://www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/https://krebsonsecurity.com/2025/11/alleged-jabber-zeus-coder-mricq-in-u-s-custody/https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html📞 Share your feedback:📧 [email protected]🌐 www.radiocsirt.com📰 radiocsirtintl.substack.com

NOW PLAYING

RadioCSIRT — Your Daily Cybersecurity Update for Monday, November 3, 2025 (Ep.6)

0:00 7:35

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 7 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on November 3, 2025.

What is this episode about?

Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥🐚 Rhysida — Malvertising Campaign and Code-Signing AbuseThe Rhysida ransomware gang continues its campaign using OysterLoader — also known as Broomstick or CleanUpLoader — as an initial access...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!