Cyber Briefing: 2025.09.29

XCSSET Firefox, Akira VPN bypass, Cisco flaw, Medusa Comcast, Ohio breach, SK fire, Dutch teens spy, TikTok US deal, CISA law risk.

Sep 29, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. MacOS XCSSET Variant Hits Firefox

XCSSET is a sophisticated macOS malware that infects Xcode projects and now has a new variant with updated browser targeting and persistence techniques. This updated version of XCSSET also steals cryptocurrency by swapping clipboard wallet addresses and exfiltrates data from Firefox.

2. Akira Ransomware Beats SonicWall VPN MFA

Akira ransomware has been targeting SonicWall SSL VPNs, bypassing OTP MFA on accounts by likely using stolen OTP seeds. Since July 2025, the attacks have spread rapidly across sectors, making early detection crucial due to short dwell times.

3. UK NCSC Warns Of Cisco Firewall Exploits

Cybersecurity officials from the U.K. National Cyber Security Centre (NCSC) have issued a warning regarding a sophisticated cyber campaign. Threat actors have been found to be actively exploiting zero-day vulnerabilities in Cisco ASA firewalls to deploy two new, highly advanced malware strains: RayInitiator and LINE VIPER. The NCSC advises that organizations prioritize detection and remediation efforts, emphasizing the critical importance of migrating from end-of-life technology to newer, more secure platforms.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Medusa Ransomware Hits Comcast Data

The Medusa ransomware group is claiming to have breached Comcast, exfiltrating nearly a terabyte of sensitive data, including actuarial and financial files. The group is demanding a ransom of $1.2 million from Comcast to delete the data or from other buyers to download it.

5. Ransomware Hits Ohio Union County

A recent ransomware attack on Union County, Ohio, led to the theft of Social Security numbers and financial data, impacting over 45,000 people. Officials have since been notifying those affected by the breach.

6. DataCenter Fire Shuts South Korea Sites

A lithium-ion battery fire at a major government data center in South Korea has taken over 600 essential public services offline, causing widespread disruption to daily life. The blaze, which started Friday night, crippled systems for everything from mobile identification and tax collection to postal banking and emergency services.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Dutch Teens Arrested For Cyber Spying

Two 17-year-olds were arrested by Dutch police for allegedly spying for pro-Russian hackers, with one jailed and the other released on home bail. The arrests, prompted by a tip from Dutch intelligence, highlight how easily teens can be recruited for espionage through platforms like Telegram,

8. US Investors To Take Over TikTok

President Donald Trump signed an executive order to restructure TikTok’s U.S. operations, addressing national security concerns over the popular app’s Chinese ownership. The plan allows TikTok to continue operating in the U.S. by selling a majority stake to American owners and ensuring U.S. control over user data and algorithms.

9. Cyber Data Sharing Law Likely To Expire

A government shutdown is threatening to expire the Cybersecurity Information Sharing Act (CISA), a law that allows private companies to share cyber threat data with the government while protecting them from lawsuits. If the law lapses, it could slow down the crucial exchange of cyber threat information between the private sector and government agencies.

For more news, click here!

Check Events

📈Cyber Stocks

On Monday, September 29, 2025, cybersecurity equities traded with a mixed tone as the broader technology market showed signs of cautious stability. Investor sentiment was shaped by a blend of macroeconomic factors, including ongoing concerns over inflationary pressures and interest rate policy, as well as company-specific developments tied to AI integration, acquisitions, and competitive positioning. Some firms benefitted from renewed optimism around product innovation and strategic moves, while others saw modest declines as profit-taking and valuation sensitivity weighed on shares.

CrowdStrike (CRWD) closed at $481.42, up 1.73%, supported by optimism surrounding its acquisition of AI security firm Pangea and growing confidence in the expansion of its Falcon platform into AI-driven threat defense.
Okta (OKTA) ended at $91.16, down 0.07%, as competitive pressures in identity management and valuation concerns overshadowed enthusiasm for its new AI-enabled identity security fabric.
Cloudflare (NET) finished at $216.34, slipping 0.82%, as rotation out of high-growth tech weighed on the stock despite steady demand for its edge networking and Zero Trust offerings.
SentinelOne (S) settled at $18.15, inching up 0.17%, with cautious investor optimism tied to continued adoption of its AI-powered endpoint protection platform and expectations for stronger forward guidance.
Rapid7 (RPD) closed at $19.39, rising 0.26%, helped by steady demand for its security analytics tools, though concerns about execution risks and competitive pressure limited upside momentum.

💡 Cyber Tip

💻 New macOS XCSSET Variant Targets Firefox and Crypto Wallets

A new variant of the macOS malware XCSSET has been discovered, showing expanded capabilities. The malware infects Xcode projects and now includes updated browser targeting, a clipboard hijacker that swaps cryptocurrency wallet addresses, and enhanced persistence methods. Researchers confirmed it can now steal data from Firefox in addition to other apps.

✅ What you should do

Avoid downloading or sharing unverified Xcode projects
Keep macOS and all apps (including Xcode) fully updated
Use endpoint security tools that detect macOS info-stealers
Verify all crypto transactions carefully before sending
Regularly check system processes and login items for persistence threats

🔒 Why this matters

XCSSET is a sophisticated, evolving malware built to hijack developer workflows, steal sensitive data, and siphon cryptocurrency. Its new Firefox and crypto wallet targeting shows attackers are adapting quickly to maximize financial gain.