China-linked group linked to new malware, 2024 VMware zero-day still exploited, iOS fixes a bevy of glitches

Cyber Security Headlines – October 1, 2025

Host: Sarah Lane
Main Theme:
A rapid-fire roundup of critical global cybersecurity incidents, with a focus on state-sponsored threats, software vulnerabilities, disruptive cyberattacks, and shifting legal frameworks in cybersecurity.

Key Stories & Discussion Points

1. China-Linked Group Targets Governments with Stealthy Netstar Malware

[00:10]

Phantom Taurus, a newly observed China-linked hacking group, has spent two years attacking government and telecom targets in the Middle East and Asia.
Objectives include infiltrating Ministries of Foreign Affairs, embassies, and defense, especially during geopolitical events.
They deploy a custom malware suite called Netstar, noted for its stealth and persistence.
Advanced techniques: Time-stomping and evasion methods enable long-term intelligence gathering for Chinese interests.

Quote [00:16]: “Researchers say that Phantom Taurus operates with stealth and persistence, using time stamping and advanced evasion to enable long-term intelligence collection for China’s interests.” — Sarah Lane

2. VMware Zero-Day Exploited by Chinese Threat Actors

[00:40]

Since October 2024, Chinese actor UNC5174 exploited a high-severity VMware Aria vulnerability, allowing unprivileged local attackers to gain root access on VMs.
Broadcom has released a patch for this and recently addressed additional zero-day vulnerabilities (including two reported by the NSA).
This flaw has affected US, UK, and Asian organizations, with incidents of attackers selling network access.

3. Apple Moves Quickly to Fix iOS 17 Glitches and Serious Vulnerability

[01:14]

iOS 26.0.1 addresses critical Wi-Fi/cellular connectivity problems, photo artifacts, and voiceover failures impacting iPhone 17.
Notably, it patches a font parser vulnerability that could corrupt memory via malicious fonts.
Other Apple platforms (iPadOS, macOS, watchOS, tvOS, visionOS) received similar bug fixes, reflecting a widespread QA push.

Quote [01:27]: “The update also patches a font parser vulnerability that could let attackers corrupt memory via malicious fonts.” — Sarah Lane

4. Major Cyber Attack on Asahi Shuts Down Production in Japan

[01:40]

The Asahi Group suffered a cyberattack that halted orders, shipments, call centers, and production at some of its 30 Japanese factories.
System failures caused by the attack; no confirmation yet on personal data leaks.
Impact expected to be costly given Asahi’s nearly 40% market share in Japan.

5. Looming Funding Crisis for US Cybersecurity Laws and State Grants

[03:22]

Both the Cybersecurity Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program (over $1 billion in funding) are set to expire as Congress stalls on a new funding deal.
Potential consequences: reduced threat sharing, limited cyber defense for smaller jurisdictions, weakened protections against nation-state and criminal threats.

Quote [03:35]: “Some lawmakers are warning that the expiration will reduce threat sharing and weaken cyber protections against nation, state and criminal attacks, especially for smaller jurisdictions and businesses.” — Sarah Lane

6. Critical My Cloud NAS Vulnerability Patched, but End-of-Life Devices Remain at Risk

[04:00]

Western Digital patched a major remote command injection bug affecting My Cloud NAS devices via HTTP POST requests.
Firmware 5.31.108 resolves this, but older / unsupported models (e.g., DL2100, DL44100) won’t get updates—urging immediate action or device removal from networks.
Vulnerable NAS devices remain frequent targets for botnets, ransomware, and data theft.

7. Cleopatra Trojan Targets European Android Users

[04:40]

The Cleopatra banking trojan has infected over 3,000 Android devices in Italy and Spain, disguised as the defunct Mob Drone streaming app.
Leverages accessibility services for full device control and executes fraudulent bank transfers at night while the screen stays off.
Uses sophisticated obfuscation to evade detection and “remotely access victims’ phones at night.”

Quote [05:03]: “Attackers can reportedly remotely access victims’ phones at night, unlocking devices, opening banking apps, and transferring funds while the screen appears to be off.” — Sarah Lane

8. Cisco Firewall Flaws Leave Tens of Thousands Exposed to Exploitation

[05:25]

About 50,000 Cisco ASA and FTD firewalls remain exposed to vulnerabilities enabling remote code execution and unauthorized VPN access.
Deployment of Viper malware and Ray Initiator bootkit preceded the availability of patches.
US CISA issued an emergency directive for federal agencies; global exposure high, especially in US, UK, Japan, Germany, and Russia.

Notable Quotes & Memorable Moments

On Phantom Taurus’s sophistication:
“Phantom Taurus operates with stealth and persistence, using time stamping and advanced evasion to enable long-term intelligence collection for China’s interests.” — Sarah Lane [00:16]
On the risks of Congressional inaction:
“Some lawmakers are warning that the expiration will reduce threat sharing and weaken cyber protections against nation, state and criminal attacks, especially for smaller jurisdictions and businesses.” — Sarah Lane [03:35]
On the Cleopatra Trojan’s novel tactics:
“Attackers can reportedly remotely access victims’ phones at night, unlocking devices, opening banking apps, and transferring funds while the screen appears to be off.” — Sarah Lane [05:03]

Timestamps for Key Segments

China-linked Phantom Taurus group and Netstar malware: [00:10]
VMware zero-day and global targeting: [00:40]
Apple iOS, iPadOS, macOS updates and critical fixes: [01:14]
Asahi cyberattack disrupts Japanese supply chain: [01:40]
Congressional standoff and expiring cyber grants/law: [03:22]
Western Digital My Cloud critical vulnerability: [04:00]
Cleopatra Android trojan attacks in EU: [04:40]
Cisco firewall zero-days and global exposure: [05:25]

Summary

This episode details a global landscape where state-sponsored attackers, fast-moving zero-days, and novel malware keep security professionals on high alert. Urgent system patches (Apple, VMware, Western Digital, Cisco) and government grant uncertainties underline the complexity and stakes of defending modern IT infrastructure. Notably, attacks are hitting both public institutions and critical supply chains, as cybercriminals leverage advanced stealth and automation to target users worldwide.

For deeper dives into these stories, visit CISOseries.com.

Cyber Security Headlines – October 1, 2025

Key Stories & Discussion Points

1. China-Linked Group Targets Governments with Stealthy Netstar Malware

[00:10]

Phantom Taurus, a newly observed China-linked hacking group, has spent two years attacking government and telecom targets in the Middle East and Asia.
Objectives include infiltrating Ministries of Foreign Affairs, embassies, and defense, especially during geopolitical events.
They deploy a custom malware suite called Netstar, noted for its stealth and persistence.
Advanced techniques: Time-stomping and evasion methods enable long-term intelligence gathering for Chinese interests.

Quote [00:16]: “Researchers say that Phantom Taurus operates with stealth and persistence, using time stamping and advanced evasion to enable long-term intelligence collection for China’s interests.” — Sarah Lane

2. VMware Zero-Day Exploited by Chinese Threat Actors

[00:40]

Since October 2024, Chinese actor UNC5174 exploited a high-severity VMware Aria vulnerability, allowing unprivileged local attackers to gain root access on VMs.
Broadcom has released a patch for this and recently addressed additional zero-day vulnerabilities (including two reported by the NSA).
This flaw has affected US, UK, and Asian organizations, with incidents of attackers selling network access.

3. Apple Moves Quickly to Fix iOS 17 Glitches and Serious Vulnerability

[01:14]

iOS 26.0.1 addresses critical Wi-Fi/cellular connectivity problems, photo artifacts, and voiceover failures impacting iPhone 17.
Notably, it patches a font parser vulnerability that could corrupt memory via malicious fonts.
Other Apple platforms (iPadOS, macOS, watchOS, tvOS, visionOS) received similar bug fixes, reflecting a widespread QA push.

Quote [01:27]: “The update also patches a font parser vulnerability that could let attackers corrupt memory via malicious fonts.” — Sarah Lane

4. Major Cyber Attack on Asahi Shuts Down Production in Japan

[01:40]

The Asahi Group suffered a cyberattack that halted orders, shipments, call centers, and production at some of its 30 Japanese factories.
System failures caused by the attack; no confirmation yet on personal data leaks.
Impact expected to be costly given Asahi’s nearly 40% market share in Japan.

5. Looming Funding Crisis for US Cybersecurity Laws and State Grants

[03:22]

Both the Cybersecurity Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program (over $1 billion in funding) are set to expire as Congress stalls on a new funding deal.
Potential consequences: reduced threat sharing, limited cyber defense for smaller jurisdictions, weakened protections against nation-state and criminal threats.

Quote [03:35]: “Some lawmakers are warning that the expiration will reduce threat sharing and weaken cyber protections against nation, state and criminal attacks, especially for smaller jurisdictions and businesses.” — Sarah Lane

6. Critical My Cloud NAS Vulnerability Patched, but End-of-Life Devices Remain at Risk

[04:00]

Western Digital patched a major remote command injection bug affecting My Cloud NAS devices via HTTP POST requests.
Firmware 5.31.108 resolves this, but older / unsupported models (e.g., DL2100, DL44100) won’t get updates—urging immediate action or device removal from networks.
Vulnerable NAS devices remain frequent targets for botnets, ransomware, and data theft.

7. Cleopatra Trojan Targets European Android Users

[04:40]

The Cleopatra banking trojan has infected over 3,000 Android devices in Italy and Spain, disguised as the defunct Mob Drone streaming app.
Leverages accessibility services for full device control and executes fraudulent bank transfers at night while the screen stays off.
Uses sophisticated obfuscation to evade detection and “remotely access victims’ phones at night.”

Quote [05:03]: “Attackers can reportedly remotely access victims’ phones at night, unlocking devices, opening banking apps, and transferring funds while the screen appears to be off.” — Sarah Lane

8. Cisco Firewall Flaws Leave Tens of Thousands Exposed to Exploitation

[05:25]

About 50,000 Cisco ASA and FTD firewalls remain exposed to vulnerabilities enabling remote code execution and unauthorized VPN access.
Deployment of Viper malware and Ray Initiator bootkit preceded the availability of patches.
US CISA issued an emergency directive for federal agencies; global exposure high, especially in US, UK, Japan, Germany, and Russia.

Notable Quotes & Memorable Moments

On Phantom Taurus’s sophistication:
“Phantom Taurus operates with stealth and persistence, using time stamping and advanced evasion to enable long-term intelligence collection for China’s interests.” — Sarah Lane [00:16]
On the risks of Congressional inaction:
“Some lawmakers are warning that the expiration will reduce threat sharing and weaken cyber protections against nation, state and criminal attacks, especially for smaller jurisdictions and businesses.” — Sarah Lane [03:35]
On the Cleopatra Trojan’s novel tactics:
“Attackers can reportedly remotely access victims’ phones at night, unlocking devices, opening banking apps, and transferring funds while the screen appears to be off.” — Sarah Lane [05:03]

Timestamps for Key Segments

China-linked Phantom Taurus group and Netstar malware: [00:10]
VMware zero-day and global targeting: [00:40]
Apple iOS, iPadOS, macOS updates and critical fixes: [01:14]
Asahi cyberattack disrupts Japanese supply chain: [01:40]
Congressional standoff and expiring cyber grants/law: [03:22]
Western Digital My Cloud critical vulnerability: [04:00]
Cleopatra Android trojan attacks in EU: [04:40]
Cisco firewall zero-days and global exposure: [05:25]

Summary

For deeper dives into these stories, visit CISOseries.com.

wavePod

Powered by Wave AI

Summary

Cyber Security Headlines – October 1, 2025

Key Stories & Discussion Points

1. China-Linked Group Targets Governments with Stealthy Netstar Malware

2. VMware Zero-Day Exploited by Chinese Threat Actors

3. Apple Moves Quickly to Fix iOS 17 Glitches and Serious Vulnerability

4. Major Cyber Attack on Asahi Shuts Down Production in Japan

5. Looming Funding Crisis for US Cybersecurity Laws and State Grants

6. Critical My Cloud NAS Vulnerability Patched, but End-of-Life Devices Remain at Risk

7. Cleopatra Trojan Targets European Android Users

8. Cisco Firewall Flaws Leave Tens of Thousands Exposed to Exploitation

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Summary

Summary

Cyber Security Headlines – October 1, 2025

Key Stories & Discussion Points

1. China-Linked Group Targets Governments with Stealthy Netstar Malware

2. VMware Zero-Day Exploited by Chinese Threat Actors

3. Apple Moves Quickly to Fix iOS 17 Glitches and Serious Vulnerability

4. Major Cyber Attack on Asahi Shuts Down Production in Japan

5. Looming Funding Crisis for US Cybersecurity Laws and State Grants

6. Critical My Cloud NAS Vulnerability Patched, but End-of-Life Devices Remain at Risk

7. Cleopatra Trojan Targets European Android Users

8. Cisco Firewall Flaws Leave Tens of Thousands Exposed to Exploitation

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Summary