Cybersec Sentinel

GlassWorm Self-Propagating Malware Compromises VS Code Extensions

GlassWorm Self-Propagating Malware Compromises VS Code Extensions

Threat Group – Unknown (no confirmed attribution) Threat Type – Self-propagating software supply chain malware targeting VS Code and OpenVSX ecosystems Exploited Vulnerabilities – Abuse of trusted publisher credentials and the automated extension update pipeline; no CVE assigned for the platform itself Malware Used – GlassWorm loader and final-stage ZOMBI module (RAT with SOCKS

F5 Security Breach – Elevated Risk to Customers

Vulnerabilities

F5 Security Breach – Elevated Risk to Customers

Threat Group – Highly sophisticated nation state actor Threat Type – Data breach and supply chain compromise Exploited Vulnerabilities – Initial access vector undisclosed. CVE 2025 54500 is a separate HTTP2 data plane denial of service flaw, not the entry point for the breach. Malware Used – Not publicly disclosed Threat Score – 🔴 7.5

BatShadow launches Vampire Bot in fake job campaigns

BatShadow launches Vampire Bot in fake job campaigns

Threat Group – BatShadow Group Threat Type – Multi-stage info-stealer and remote access bot Exploited Vulnerabilities – Social engineering, Windows default “hide known file extensions,” LNK-launched encoded PowerShell, abuse of legitimate remote access software for persistence Malware Used – Vampire Bot (Go-compiled) Threat Score – 7.6 🔴 High — Multi-stage chain with LNK→PowerShell execution, behaviour-evasive

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

Threat Group – Phantom Taurus (China-linked APT) Threat Type – In-process web server backdoor for IIS (.NET managed and native module tradecraft) Exploited Vulnerabilities – ViewState abuse via compromised ASP.NET machineKey, insecure file write to application bin directory, misconfigured IIS extensibility, weak CI/CD controls, stolen deployment credentials (no CVEs assigned at

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

Threat Group – LockBit operators Threat Type – Ransomware as a Service Exploited Vulnerabilities – Exposed remote access services, unpatched internet facing infrastructure, valid credential reuse, weak virtualisation hardening Malware Used – LockBit 5.0 Windows Linux and ESXi variants Threat Score – 7.5 🔴 High – Cross platform impact with ESXi targeting, rapid encryption, and

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

Threat Group – ShadowV2 operators cybercrime as a service actors Threat Type – DDoS as a Service and botnet Exploited Vulnerabilities – Publicly exposed or unauthenticated Docker daemon APIs on cloud hosts, weak network segmentation, deficient egress controls, inadequate governance of infrastructure as code Malware Used – Python based spreader and control scripts, Go

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

Windows BitLocker

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

In Microsoft’s September 2025 Patch Tuesday release, one of the more notable fixes addressed a vulnerability in Windows BitLocker tracked as CVE-2025-54911. While it doesn’t compromise the encryption that BitLocker is known for, it does open the door for attackers who already have a foothold on a machine