Cyber Briefing: 2025.10.09

BatShadow’s Vampire Bot spreads, FileFix evades tools, WP flaw exploited, MS 365 outage, Copilot leak, AWS theft, NK $2B crypto hack, Google AI bounty, new ransomware alliance.

Oct 09, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. BatShadow Unleashes Go Vampire Bot

BatShadow, a Vietnamese hacking group, is using a new malware called Vampire Bot to target job seekers and digital marketing professionals. The group uses fake job descriptions to trick people into downloading the malware, which can steal data and take control of a computer.

2. FileFix Attack Evades Security Tools

A new social engineering attack called FileFix uses a technique known as cache smuggling to bypass security software and secretly download a malicious ZIP archive to a victim’s computer. The attack tricks victims into copying a seemingly legitimate file path from a phishing page into their Windows File Explorer, which secretly executes a hidden PowerShell script to extract and run the malicious code from their browser’s cache.

3. Hackers Exploit Service Finder Flaw

Malicious actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme, allowing them to log in as administrators and take complete control of affected websites. The security firm Wordfence has recorded over 13,800 exploitation attempts since August 1st.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Microsoft 365 Outage Hits Services

A major outage is impacting Microsoft 365 services, preventing users from accessing their accounts and tools. The disruption is linked to an issue with Microsoft Entra ID authentication, which is a core component for logging into various Microsoft cloud services.

5. GitHub Copilot Chat Flaw Leaks Repo Data

A vulnerability in GitHub Copilot Chat was discovered that could have allowed attackers to steal sensitive data and manipulate the AI’s responses. By combining a Content Security Policy (CSP) bypass with remote prompt injection, a researcher was able to leak AWS keys and zero-day bugs from private repositories.

6. Crimson Collective Hits AWS Instances

Crimson Collective is a threat group targeting AWS cloud environments to steal data and extort companies. The group recently claimed responsibility for a large data theft from Red Hat, exfiltrating 570 GB of data from thousands of private GitLab repositories.

For more incidents, click here!

📢 Cyber News

7. North Korean Hackers Steal Crypto

North Korean hackers have stolen a record-breaking $2 billion in cryptocurrency in 2025, bringing their total confirmed thefts to over $6 billion. Experts believe the funds are used to finance the country’s nuclear weapons program.

8. Google Launches New AI Bug Bounty

Google has launched a new Vulnerability Reward Program (VRP) specifically for its AI systems, expanding on its previous efforts and offering bug hunters rewards of up to $20,000. The program focuses on security and abuse issues like data exfiltration and account manipulation, but it does not cover content-related problems like prompt injections and jailbreaks.

9. DragonForce LockBit Qilin Dominate Ransomware

A powerful new ransomware alliance has formed between DragonForce, LockBit, and Qilin, aiming to boost attack power and potentially lead to more frequent and dangerous cyberattacks.

For more news click here

Check Events

📈Cyber Stocks

On Thursday, 9th October, cybersecurity stocks continued to drift lower as the broader technology market faced renewed selling pressure. Investor sentiment turned cautious amid rising U.S. bond yields and lingering concerns over slowing enterprise IT spending, leading to mild profit-taking across high-valuation cybersecurity names. While long-term demand for AI-driven defense and zero-trust solutions remains intact, short-term volatility persisted as markets reassessed sector valuations.

Zscaler ended around $289, declining on rotation away from high-growth cloud stocks despite consistent enterprise adoption trends.
Palo Alto Networks finished near $210, easing slightly as traders awaited clarity on integration milestones following its CyberArk acquisition.
Okta settled around $90, pressured by competition concerns in identity management and tempered enthusiasm for its AI expansion roadmap.
CrowdStrike closed near $482, slipping as investors booked profits following strong quarterly performance and stretched valuation multiples.
Fortinet closed near $84, down modestly as slowing firewall upgrades and cautious enterprise budgets overshadowed ongoing geopolitical demand for network security.

💡 Cyber Tip

🎯 BatShadow Lures Job Seekers with Vampire Bot Malware

A threat group is using fake job offers and malicious attachments to trick job seekers and marketing pros into installing Vampire Bot, a Go based remote access malware that steals data and gives attackers persistent control. The attack uses decoy PDFs, disguised executables, and social engineering to get victims to run a payload and even switch browsers to continue the infection chain.

✅ What you should do

Do not open attachments or run installers from unsolicited job offers or recruiter messages
Treat files named like ...pdf.exe (or with extra spaces) as malicious and never run them
Verify recruiter identities via a separate channel before opening shared files or links
Disable running macros and restrict PowerShell execution for non-admin users
Use endpoint protection and EDR that can block suspicious executables and script activity
Implement application allowlisting so only approved software can run
Train staff and candidates to spot recruitment scams and report suspicious messages
Monitor for remote access tool installs such as XtraViewer and block known malicious domains and IPs

🔒 Why this matters

This campaign targets people actively seeking work, exploiting trust and urgency to bypass caution. Once installed, Vampire Bot can steal credentials, capture screenshots, and provide attackers with persistent remote access that can lead to account takeover and broader network compromise. Vigilance with downloads and stronger endpoint controls are the best defenses.