Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 12 September 2025

Jorge Laurel Β· Β·4 min read Β·Issue #95


πŸ’₯ This week in cyber was one for the history books.

πŸ“¦ The world’s largest supply chain attack hit npm, with billions of downloads tainted.
⚑ Nation-state espionage escalated as China-linked groups ramped up campaigns tied to trade negotiations.
πŸ’» Ransomware evolved yet again, with HybridPetya breaking UEFI Secure Boot and Akira exploiting SonicWall appliances.
πŸ“± Meanwhile, Samsung scrambled to patch a WhatsApp-linked zero-day, and Apple unveiled a five-year project to shut down spyware developers.

And that’s just scratching the surface β€” phishing kits got smarter, backdoors stealthier, and even β€œAI-coded” mistakes sent companies back to hiring human developers.

πŸ” Curious about how these stories connect, and what they mean for your security strategy? ➑️ Check out this week’s Friday Wrap-Up!


🚨 Major Supply Chain & Data Breaches
This week saw what may be the largest supply chain attack in history, alongside new corporate breaches.

  • πŸ“¦ Hackers hijack npm packages with 2.6B weekly downloads in historic supply chain attack (Published on 9/8/2025, BleepingComputer). Read More

  • 🎞️ Plex urges password resets after hackers breach database of auth data (Published on 9/9/2025, SecurityWeek). Read More

  • πŸ“‰ Blast radius of Salesloft Drift attacks still widening, severity unclear (Published on 9/4/2025, Dark Reading). Read More


πŸ›‘οΈ Malware & Vulnerabilities
Stealthy backdoors, cross-platform RATs, and new zero-days reminded defenders that attackers innovate quickly.

  • 🎭 GPUGate malware spreads via Google ads and fake GitHub commits (Published on 9/8/2025, The Hacker News). Read More

  • 🐧 Sitecore zero-day exploited to deploy WEEPSTEEL malware (Published on 9/8/2025, Hackread). Read More

  • πŸ’» MystRodX backdoor uses DNS & ICMP triggers for stealthy control (Published on 9/2/2025, The Hacker News). Read More

  • 🍎 CHILLYHELL macOS backdoor and ZynorRAT hit macOS, Windows, Linux (Published on 9/10/2025, The Hacker News). Read More

  • πŸ” ChillyHell macOS malware resurfaces using Google.com as a decoy (Published on 9/11/2025, Hackread). Read More

  • ⚑ New VMScape attack breaks VM isolation on AMD & Intel CPUs (Published on 9/11/2025, BleepingComputer). Read More

  • πŸ“± Samsung patches actively exploited zero-day reported by WhatsApp (Published on 9/12/2025, BleepingComputer). Read More

  • πŸ”§ Fortinet, Ivanti & Nvidia issue patches for high-severity flaws (Published on 9/10/2025, SecurityWeek). Read More


πŸ“‘ Espionage & Nation-State Operations
China-linked actors dominated headlines with brazen espionage tied to trade negotiations and infrastructure access.

  • πŸ‡¨πŸ‡³ APT41 impersonated U.S. lawmaker to target trade groups with malware (Published on 9/8/2025, SecurityWeek). Read More

  • πŸ›°οΈ New infrastructure links 45 more domains to Salt Typhoon/UNC4841 espionage ops (Published on 9/8/2025, Dark Reading). Read More

  • πŸ›οΈ APT41 actively targeting U.S. trade officials amid negotiations (Published on 9/10/2025, The Hacker News). Read More


πŸ’» Ransomware & Financial Crime
AI and new tactics continue to fuel ransomware’s evolution, including a throwback with a dangerous twist.

  • πŸ“ˆ Ransomware losses climb as AI drives phishing and triple extortion (Published on 9/9/2025, SecurityWeek). Read More

  • πŸ”“ Akira ransomware exploiting SonicWall flaw for access (Published on 9/11/2025, SecurityWeek). Read More

  • 🧨 New HybridPetya ransomware bypasses UEFI Secure Boot via CVE-2024-7344 (Published on 9/12/2025, The Hacker News). Read More


🌐 Phishing & Social Engineering
Attackers continue refining phishing kits and lures, targeting both MFA and public services.

  • πŸͺ Salty2FA phishing kit bypasses MFA & clones login portals (Published on 9/9/2025, Hackread). Read More

  • πŸš” Fake Bureau of Motor Vehicles texts steal banking details (Published on 9/11/2025, Malwarebytes). Read More


βš–οΈ Policy, Regulation & Industry Trends
Legal battles and compliance challenges reshaped the business side of cybersecurity.

  • 🧩 Apple unveils Memory Integrity Enforcement, crippling spyware devs (Published on 9/10/2025, CyberScoop). Read More

  • πŸ’Ό UK court to rule on legality of reselling enterprise software licenses (Published on 9/10/2025, ComputerWeekly). Read More

  • πŸ‡ͺπŸ‡Ί Microsoft avoids EU fine by unbundling Teams from Office (Published on 9/12/2025, Ars Technica). Read More

  • πŸ‘₯ Scattered Lapsus$ Hunters hacking group announces shutdown (Published on 9/12/2025, Hackread). Read More

  • πŸ€– After AI layoffs, companies rehire coders to fix β€œvibe-coded” errors (Published on 9/12/2025, Gizmodo). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!