Cybersecurity News Weekly Newsletter – Ey Data Leak, Bind 9, C...

This week’s cybersecurity roundup highlights escalating threats from misconfigurations, software flaws, and advanced malware. Key incidents demand immediate attention from IT teams and executives.

ISC patched CVE-2025-5470 in BIND 9 (versions 9.16.0–9.18.26), a DoS vulnerability (CVSS 8.6) allowing server crashes through malformed DNS queries. It risks amplification attacks on global infrastructure—update DNS servers urgently.

Google fixed CVE-2025-5482, a Chrome V8 engine zero-day (below 131.0.6778.76) enabling sandbox escapes and code execution via malicious sites. Exploited in the wild across platforms, auto-updates are rolling out to counter phishing threats.

The Aardvark Agent backdoor, tied to state actors, targets finance via spear-phishing. Mimicking admin tools, it facilitates exfiltration and movement; IOCs include specific C2 domains. Bolster endpoint detection and zero-trust models.

A new Android malware called Herodotus has surfaced, acting as a sophisticated banking trojan that mimics human typing patterns to bypass behavioral biometrics during remote control sessions. Distributed via side-loading and SMiShing, it uses a custom dropper to circumvent Android 13+ restrictions on Accessibility Services, deploying overlays for credential harvesting and SMS interception. Targeting users in Italy and Brazil as Malware-as-a-Service, Herodotus splits text input into characters with randomized 300-3000ms delays, simulating natural keystrokes to avoid anti-fraud alerts.​

Read more: https://cybersecuritynews.com/new-android-malware-herodotus-mimic-human-behaviour/

Atroposia, a modular remote access trojan priced at $200 monthly, lowers barriers for cybercriminals by bundling features like hidden remote desktop, credential theft, and vulnerability scanning in an intuitive panel. Its HRDP Connect creates invisible shadow sessions for undetected system interaction, allowing surveillance and data exfiltration without user notifications or standard RDP logs. With privilege escalation, persistence across reboots, and a file grabber for in-memory extraction, Atroposia blends into systems to evade antivirus and DLP tools.​

Read more: https://cybersecuritynews.com/new-atroposia-rat-with-stealthy-remote-desktop/

Gunra ransomware, active since April 2025, targets Windows and Linux systems using dual encryption methods and double-extortion tactics to encrypt files and threaten data leaks via a Tor site. It appends .ENCRT extensions to files, drops R3ADM3.tx

Source: Cybersecurity News