Cyberattacks Surge: Tick Exploits Motex Lanscope Flaw, New TEE.Fail Attack Targets Intel and AMD, and More
In a week marked by escalating cyber threats, hackers have demonstrated increasingly sophisticated tactics, exploiting newly discovered vulnerabilities and leveraging trusted systems to execute their attacks. The cybersecurity landscape remains perilous, with no system appearing entirely secure.
Threat of the Week
A suspected Chinese cyber espionage group, known as Tick, has been linked to a targeted campaign utilizing a critical vulnerability in the Motex Lanscope Endpoint Manager (CVE-2025-61932, CVSS score: 9.3). This flaw has allowed the group to infiltrate networks and deploy a backdoor named Gokcpdoor. Sophos, which reported on the activity, indicated that the attacks were primarily directed at sectors aligned with the group’s intelligence objectives.
Top News
-
TEE.Fail Side-Channel Attack Targets Intel and AMD
A new low-cost physical side-channel attack, dubbed TEE.fail, has been discovered, capable of breaching the security guarantees of modern Trusted Execution Environments (TEEs) from Intel and AMD. This attack enables the extraction of cryptographic keys and undermines secure attestation mechanisms. The exploit relies on deterministic encryption and DDR5 bus interposition, requiring physical access to the target and root-level privileges for kernel driver modifications. -
Russian Hackers Breach Ukrainian Networks
Researchers have uncovered that suspected Russian hackers infiltrated Ukrainian networks this summer using standard administrative tools to steal data while remaining undetected. The attackers targeted a significant Ukrainian business services company and a local government agency, employing minimal custom malware and relying on existing software within the victims’ networks. -
North Korea’s BlueNoroff Targets Web3 Sector
The North Korea-affiliated group BlueNoroff has resurfaced with two new campaigns, GhostCall and GhostHire, aimed at executives and Web3 developers. These campaigns utilize social engineering tactics via platforms like Telegram and LinkedIn to deliver fake meeting invites and initiate multi-stage malware chains. The group’s operational methods have evolved, now focusing on comprehensive data acquisition across various assets. -
New Android Banking Malware: Herodotus
A newly identified Android banking trojan, Herodotus, has been found to evade detection by mimicking human behavior during remote control of infected devices. Distributed through deceptive SMS messages, the malware overlays fake banking interfaces to steal credentials and intercepts SMS messages for one-time passcodes. Its unique feature is the ability to imitate human typing patterns, making detection more challenging. -
Qilin Ransomware Adopts Linux Encryptors for Windows Attacks
The Qilin ransomware group has been observed using the Windows Subsystem for Linux (WSL) to execute Linux encryptors on Windows systems, thereby evading detection. This tactic has contributed to over 700 attacks across 62 countries this year, solidifying Qilin’s status as a prominent ransomware threat.
Trending CVEs
Cybercriminals are quick to exploit new vulnerabilities, often within hours of their discovery. This week’s critical vulnerabilities include:
- CVE-2025-55315 (QNAP NetBak PC Agent)
- CVE-2025-10680 (OpenVPN)
- CVE-2025-55752
- CVE-2025-55754 (Apache Tomcat)
- CVE-2025-52665 (Ubiquiti UniFi Access)
Organizations are urged to prioritize patching these vulnerabilities to mitigate potential breaches.
Around the Cyber World
-
Canada Issues Warning on Hacktivist Attacks
The Canadian Centre for Cyber Security has alerted organizations about hacktivist attacks targeting industrial control systems (ICS). Incidents have included tampering with water facility pressure values and manipulating temperature controls in agricultural settings. -
Kinsing Exploits Apache ActiveMQ Vulnerability
The Kinsing threat actor is exploiting a known flaw in Apache ActiveMQ (CVE-2023-46604) to conduct cryptojacking attacks. Recent observations indicate the deployment of a .NET backdoor named Sharpire alongside XMRig. -
Security Flaws in Confidential Computing Systems
Two vulnerabilities (CVE-2025-59054 and CVE-2025-58356) have been identified in eight different confidential computing systems utilizing Linux Unified Key Setup version 2 (LUKS2). Exploitation of these flaws could allow unauthorized access to confidential data. -
LinkedIn Phishing Campaign Targets Finance Executives
Hackers are leveraging LinkedIn to conduct phishing attacks against finance executives, impersonating executive board invitations. The malicious messages contain links leading to fake landing pages designed to capture Microsoft credentials. -
WhatsApp Introduces Passkey Support for Encrypted Backups
WhatsApp has announced a new feature allowing users to encrypt chat backups using passkeys, enhancing security without the need for complex passwords. -
Malicious VS Code Extensions Identified
Researchers have flagged 12 malicious extensions in the Visual Studio Code marketplace capable of stealing sensitive information or establishing backdoors. -
Proton Launches Data Breach Observatory
Proton has introduced a Data Breach Observatory to help organizations scan the dark web for leaked sensitive data. The observatory reports that over 306 million records have been compromised across various sectors. -
Russian Authorities Arrest Three for Meduza Infostealer
Three individuals believed to be behind the Meduza infostealer have been arrested in Russia. The malware has been linked to attacks on government networks. -
Ukrainian National Extradited to the U.S. for Conti Attacks
Oleksii Oleksiyovych Lytvynenko, a Ukrainian national, has been extradited to the U.S. for his involvement in the Conti ransomware operation, which extorted victims and stole data. -
FCC to Eliminate Cybersecurity Requirements for U.S. Telcos
The U.S. Federal Communications Commission plans to vote on eliminating new cybersecurity requirements for telecommunications providers, citing substantial improvements made by carriers. -
Denmark Withdraws Controversial Chat Control Legislation
The Danish government has retracted its Chat Control legislation after failing to secure majority support within the EU, a move welcomed by privacy advocates. -
Poland Arrests 11 for Investment Scam
Polish authorities have apprehended 11 suspects involved in an investment scam that defrauded citizens of over $20 million. -
New RATs Utilize Discord for Command and Control
Researchers have identified four new remote access trojans (RATs) that use Discord for command and control, highlighting the evolving tactics of cybercriminals. -
Security Issues Found in Tata Motors Sites
Multiple security vulnerabilities have been uncovered in Tata Motors’ online platforms, leading to unauthorized access to sensitive information. -
Tangerine Turkey Campaign Targets Cryptocurrency Mining
The Tangerine Turkey campaign has been found using batch files and Visual Basic scripts to deploy cryptocurrency miners across various organizations. -
Hezi Rash Conducts DDoS Attacks
The hacktivist group Hezi Rash has been linked to approximately 350 DDoS attacks targeting nations perceived as hostile to Kurdish or Muslim communities. -
Lampion Stealer Distributed via Phishing Campaigns
A Brazilian threat group has been observed using bank transfer receipt lures to distribute the Lampion stealer, a banking trojan active since 2019.
As reported by thehackernews.com, these developments underscore the need for organizations to remain vigilant and proactive in their cybersecurity measures.
